CLI Reference

Introduction
- FortiAnalyzer documentation
What’s New in FortiAnalyzer 6.4
Using the Command Line Interface
Administrative Domains
- About ADOMs
- Configuring ADOMs
system
fmupdate
fortirecorder
- camera
- global
- schedule
execute
- add-mgmt-license
- add-on-license
- add-vm-license
- backup
- bootimage
- certificate
  - certificate ca
  - certificate local
  - certificate remote
- console
- date
- device
- erase-disk
- factory-license
- fmupdate
  - Syntax
  - fmupdate cdrom
- format
- fortirecorder
- iotop
- iotps
- log
  - log adom disk-quota
  - log device disk-quota
  - log device logstore
  - log device permissions
  - log device vdom
  - log dlp-files clear
  - log import
  - log ips-pkt clear
  - log quarantine-files clear
  - log storage-warning
- log-aggregation
- log-fetch
  - log-fetch client
  - log-fetch server
- log-integrity
- lvm
- migrate
- ping
- ping6
- raid
- reboot
- remove
- reset
- restore
- sensor
- shutdown
- sql-local
- sql-query-dataset
- sql-query-generic
- sql-report
- ssh
- ssh-known-hosts
- tac
- time
- top
  - Syntax
  - execute top help menu
- traceroute
- traceroute6
diagnose
- auto-delete
- cdb
- debug
  - debug application
  - debug backup-oldformat-script-logs
  - debug cdbchk
  - debug cli
  - debug console
  - debug coredump
  - debug crashlog
  - debug disable
  - debug enable
  - debug gui
  - debug info
  - debug klog
  - debug library
  - debug reset
  - debug service
  - debug sysinfo
  - debug sysinfo-log
  - debug sysinfo-log-backup
  - debug sysinfo-log-list
  - debug timestamp
  - debug vmd
  - debug vminfo
- dlp-archives
- docker
- dvm
  - dvm adom
  - dvm capability
  - dvm chassis
  - dvm check-integrity
  - dvm csf
  - dvm dbstatus
  - dvm debug
  - dvm device
  - dvm device-tree-update
  - dvm extender
  - dvm fap
  - dvm fsw
  - dvm group
  - dvm lock
  - dvm proc
  - dvm remove
  - dvm supported-platforms
  - dvm task
  - dvm taskline
  - dvm transaction-flag
  - dvm workflow
- faz-cdb
- fmnetwork
  - fmnetwork arp
  - fmnetwork interface
  - fmnetwork netstat
- fmupdate
- fortilogd
- fortirecorder
- fwmanager
- ha
- hardware
- incident
- license
- log
- pm2
- report
- siem
- sniffer
- sql
- svctools
- system
- test
  - test application
  - test connection
  - test policy-check
  - test search
  - test sftp
- upload
  - upload clear
  - upload status
- vpn
get
show
Appendix A - Object Tables
Appendix B - CLI Error Codes

Home FortiAnalyzer 6.4.4 CLI Reference

6.4.4

Configuring ADOMs

To use administrative domains, the admin administrator must first enable the feature, create ADOMs, and assign existing FortiAnalyzer administrators to ADOMs.

Enabling ADOMs moves non-global configuration items to the root ADOM. Back up the FortiAnalyzer unit configuration before enabling ADOMs.

Within the CLI, you can enable ADOMs and set the administrator ADOM. To configure the ADOMs, you must use the GUI.

To enable or disable ADOMs:

Enter the following CLI command:

config system global

set adom-status {enable | disable}

end

An administrative domain has two modes: normal and advanced. Normal mode is the default device mode. In normal mode, a FortiGate unit can only be added to a single administrative domain. In advanced mode, you can assign different VDOMs from the same FortiGate to multiple administrative domains.

Enabling the advanced mode option will result in more complicated management scenarios. It is recommended only for advanced users.

To change ADOM device modes:

Enter the following CLI command:

config system global

set adom-mode {advanced | normal}

end

To assign an administrator to an ADOM:

Enter the following CLI command:

config system admin user

edit <name>

set adom <adom_name>

end

where <name> is the administrator user name and <adom_name> is the ADOM name.