CLI command branches
The FortiManager CLI consists of the following command branches:
Examples showing how to enter command sequences within each branch are provided in the following sections.
config branch
The config
commands configure objects of FortiManager functionality. Top-level objects are not configurable, they are containers for more specific lower level objects. For example, the system object contains administrators, DNS addresses, interfaces, routes, and so on. When these objects have multiple sub-objects, such as administrators or routes, they are organized in the form of a table. You can add, delete, or edit the entries in the table. Table entries each consist of keywords that you can set to particular values. Simpler objects, such as system DNS, are a single set of keywords.
To configure an object, you use the config
command to navigate to the object’s command “shell”. For example, to configure administrators, you enter the command
config system admin user
The command prompt changes to show that you are in the admin shell.
(user)#
This is a table shell. You can use any of the following commands:
delete |
Remove an entry from the FortiManager configuration. For example in the |
edit |
Add an entry to the FortiManager configuration or edit an existing entry. For example in the
|
end |
Save the changes you have made in the current shell and leave the shell. Every The |
get |
List the configuration. In a table shell, |
purge |
Remove all entries configured in the current shell. For example in the
|
show |
Show changes to the default configuration as configuration commands. |
If you enter the get
command, you see a list of the entries in the table of administrators. To add a new administrator, you enter the edit command with a new administrator name:
edit admin_1
The FortiManager unit acknowledges the new table entry and changes the command prompt to show that you are now editing the new entry:
new entry 'admin_1' added
(admin_1)#
From this prompt, you can use any of the following commands:
abort |
Exit an edit shell without saving the configuration. |
config |
In a few cases, there are subcommands that you access using a second config command while editing a table entry. An example of this is the command to add host definitions to an SNMP community. |
end |
Save the changes you have made in the current shell and leave the shell. Every The |
get |
List the configuration. In a table shell, |
next |
Save the changes you have made in the current shell and continue working in the shell. For example if you want to add several new admin user accounts enter the
|
set |
Assign values. For example from the Note: When using a set command to make changes to lists that contain options separated by spaces, you need to retype the whole list including all the options you want to apply and excluding all the options you want to remove. |
show |
Show changes to the default configuration in the form of configuration commands. |
unset |
Reset values to defaults. For example from the |
The config
branch is organized into configuration shells. You can complete and save the configuration within each shell for that shell, or you can leave the shell without saving the configuration. You can only use the configuration commands for the shell that you are working in. To use the configuration commands for another shell you must leave the shell you are working in and enter the other shell.
The root prompt is the FortiManager host or model name followed by a #.
get branch
Use get
to display settings. You can use get
within a config
shell to display the settings for that shell, or you can use get
with a full path to display the settings for the specified shell.
To use get
from the root prompt, you must include a path to a shell.
Example
When you type get
in the config system admin user
shell, the list of administrators is displayed.
At the (user)#
prompt, type:
get
The screen displays:
== [ admin ]
userid: admin
== [ admin2 ]
userid: admin2
== [ admin3 ]
userid: admin3
Example
When you type get
in the admin
user shell, the configuration values for the admin administrator account are displayed.
edit admin
At the (admin)#
prompt, type:
get
The screen displays:
userid : admin
login-max : 32
password : *
change-password : enable
trusthost1 : 0.0.0.0 0.0.0.0
trusthost2 : 255.255.255.255 255.255.255.255
trusthost3 : 255.255.255.255 255.255.255.255
trusthost4 : 255.255.255.255 255.255.255.255
trusthost5 : 255.255.255.255 255.255.255.255
trusthost6 : 255.255.255.255 255.255.255.255
trusthost7 : 255.255.255.255 255.255.255.255
trusthost8 : 255.255.255.255 255.255.255.255
trusthost9 : 255.255.255.255 255.255.255.255
trusthost10 : 255.255.255.255 255.255.255.255
ipv6_trusthost1 : ::/0
ipv6_trusthost2 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost3 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost4 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost5 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost6 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost7 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost8 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost9 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost10 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
profileid : Super_User
dev-group : (null)
description : (null)
user_type : local
ssh-public-key1 :
ssh-public-key2 :
ssh-public-key3 :
avatar : (null)
meta-data:
== [ Contact Email ]
fieldname: Contact Email
== [ Contact Phone ]
fieldname: Contact Phone
password-expire : 0000-00-00 00:00:00
force-password-change: disable
rpc-permit : none
use-global-theme : enable
last-name : (null)
first-name : (null)
email-address : (null)
phone-number : (null)
mobile-number : (null)
pager-number : (null)
hidden : 0
dashboard-tabs:
dashboard:
Example
You want to confirm the IPv4 address and netmask of the port1 interface from the root prompt.
At the #
prompt, type:
get system interface port1
The screen displays:
name : port1
status : enable
mode : static
ip : 10.10.10.10 255.255.255.0
allowaccess : ping https ssh snmp http webservice fgfm https-logging
serviceaccess :
lldp : disable
speed : auto
description : (null)
alias : (null)
mtu : 1500
type : physical
ipv6:
ip6-address: ::/0 ip6-allowaccess: ip6-autoconf: enable
show branch
Use show
to display the FortiManager unit configuration. Only changes to the default configuration are displayed. You can use show
within a config
shell to display the configuration of that shell, or you can use show
with a full path to display the configuration of the specified shell.
To display the configuration of all config
shells, you can use show
from the root prompt.
Example
When you type show
and press Enter
within the port1
interface shell, the changes to the default interface configuration are displayed.
At the (port1)#
prompt, type:
show
The screen displays:
config system interface
edit "port1"
set ip ***.**.***.** 255.255.255.0
set allowaccess https ssh
set type physical
next
end
Example
You are working in the port1
interface shell and want to see the system dns
configuration. At the (port1)#
prompt, type:
show system dns
The screen displays:
config system dns
set primary 172.39.139.53
set secondary 172.39.139.63
end
execute branch
Use execute
to run static commands, to reset the FortiManager unit to factory defaults, or to back up or restore the FortiManager configuration. The execute commands are available only from the root prompt.
Example
At the root prompt, type:
execute reboot
and press Enter
to restart the FortiManager unit.
diagnose branch
Commands in the diagnose
branch are used for debugging the operation of the FortiManager unit and to set parameters for displaying different levels of diagnostic information. The diagnose
commands are not documented in this CLI Reference.
|
Example command sequences
The command prompt changes for each shell. |
To configure the primary and secondary DNS server addresses:
- Starting at the root prompt, type:
config system dns
and press
Enter
. The prompt changes to(dns)#
. - At the
(dns)#
prompt, type?
The following options are displayed.
set
unset
get
show
abort
end
- Enter
set ?
The following options are displayed:
primary
secondary
ip6-primary
ip6-secondary
- To set the primary DNS server address to
172.16.100.100
, type:set primary 172.16.100.100
and press
Enter
. - To set the secondary DNS server address to
207.104.200.1
, type:set secondary 207.104.200.1
and press
Enter
. - To restore the primary DNS server address to the default address, type
unset primary
and pressEnter
.If you want to leave the
config system dns
shell without saving your changes, typeabort
and pressEnter
. - To save your changes and exit the
dns
sub-shell, typeend
and pressEnter
. - To confirm your changes have taken effect after leaving the
dns
sub-shell, typeget system dns
and pressEnter
.