Fortinet black logo

FortiGate-6000 Handbook

FortiGate-6000 execute CLI commands

FortiGate-6000 execute CLI commands

This chapter describes the FortiGate-6000 execute commands. Many of these commands are only available from the management board CLI.

execute load-balance load-backup-image <slot>

After uploading a firmware image onto the FortiGate-6000 internal TFTP server, use this command to install this firmware image onto an FPC as the backup firmware image. <slot> is the FPC slot number.

See Installing firmware on an individual FPC for information about how to transfer a firmware image to the internal TFTP server.

execute load-balance slot manage [<chassis>.]<slot>

Log into the CLI of an individual FPC. Use <slot> to specify the FPC slot number. Use <chassis> to specify the chassis number in an HA configuration.

You will be asked to authenticate to connect to the FIM or FPM. Use the exit command to end the session and return to the CLI from which you ran the execute command.

execute load-balance slot nmi-reset <slot-map>

Perform an NMI reset on selected FPCs. The NMI reset dumps registers and backtraces of one or more FPCs to the console. After the data is dumped, the FPCs reboot. While the FPCs are rebooting, traffic is distributed to the remaining FPCs. The FPCs should restart normally and traffic can resume once they are up and running. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

<slot-map> can be one or more FPC slot numbers or slot number ranges with no space and separated by commas. For example, to perform an NMI reset of slots 1, 3, 4, and 5, enter

execute load-balance slot nmi-reset 1,3-5

execute load-balance slot power-off <slot-map>

Power off selected FPCs. This command shuts down the FPC immediately. You can use the diagnose sys confsync status command to verify that the management board cannot communicate with the FPCs.

You can use the execute load-balance slot power-on command to start up powered off FPCs.

execute load-balance slot power-on <slot-map>

Power on and start up selected FPCs. It may take a few minutes for the FPCs to start up. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

execute load-balance slot reboot <slot-map>

Restart selected FPCs. It may take a few minutes for the FPCs to shut down and restart. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

execute load-balance update image <slot>

After uploading a firmware image onto the FortiGate-6000 internal TFTP server, use this command to install this firmware image onto an FPC. <slot> is the FPC slot number. The firmware image is installed and the FPC restarts running the new firmware.

For more information, see Installing firmware on an individual FPC.

execute system console-server

From the management board CLI, the execute system console server command provides access to individual FPC consoles in your FortiGate-6000. Console access can be useful for troubleshooting. For example, if an FPC does not boot properly you can use console access to view the state of the FPC and enter commands to fix the problem or restart the FPC.

Note The execute system console-server commands allow access only to FPCs in the FortiGate-6000 that you are logged into. You can't use this command to access FPCs in the other FortiGate-6000 in an HA configuration.

You can use the config system console-server command to enable or disable the console server (enabled by default). For more information, see config system console-server.

execute system console-server clearline <line>

Clear an active console server. You can use this command to stop a console-server session that you have started with the execute system console-server connect command. <line> is the console server session number. Use the execute system console-server showline command to view the active console server sessions.

execute system console-server connect <slot>

Start a console-server connection from the management board CLI to an FPC CLI. <slot> is the FPC slot number. Authenticate to log into the console and use CLI commands to view information, make changes, or restart the FPC. When you are done, use Ctrl-X to exit from the console back to the management board CLI.

Using Ctrl-X may not work if you are accessing the CLI console from the GUI. Instead you may need to log out of the GUI and then log back in.

execute system console-server showline

Show active console-server sessions.

execute upload image {ftp | tftp | usb}

Use this command to upload a firmware image to the FortiGate-6000 internal TFTP server. Once you have uploaded this firmware image, you can install it on an FPC using the execute load-balance load-backup-image <slot> command.

You can get the firmware image from an external FTP server, an external TFTP server, or from a USB key plugged in the FortiGate-6000 USB port. Use the following syntax:

execute upload image ftp <image-file-and-path> <comment> <ftp-server-address> <username> <password>

execute upload image tftp <image-file> <comment> <tftp-server-address>

execute upload image usb <image-file-and-path> <comment>

FortiGate-6000 execute CLI commands

This chapter describes the FortiGate-6000 execute commands. Many of these commands are only available from the management board CLI.

execute load-balance load-backup-image <slot>

After uploading a firmware image onto the FortiGate-6000 internal TFTP server, use this command to install this firmware image onto an FPC as the backup firmware image. <slot> is the FPC slot number.

See Installing firmware on an individual FPC for information about how to transfer a firmware image to the internal TFTP server.

execute load-balance slot manage [<chassis>.]<slot>

Log into the CLI of an individual FPC. Use <slot> to specify the FPC slot number. Use <chassis> to specify the chassis number in an HA configuration.

You will be asked to authenticate to connect to the FIM or FPM. Use the exit command to end the session and return to the CLI from which you ran the execute command.

execute load-balance slot nmi-reset <slot-map>

Perform an NMI reset on selected FPCs. The NMI reset dumps registers and backtraces of one or more FPCs to the console. After the data is dumped, the FPCs reboot. While the FPCs are rebooting, traffic is distributed to the remaining FPCs. The FPCs should restart normally and traffic can resume once they are up and running. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

<slot-map> can be one or more FPC slot numbers or slot number ranges with no space and separated by commas. For example, to perform an NMI reset of slots 1, 3, 4, and 5, enter

execute load-balance slot nmi-reset 1,3-5

execute load-balance slot power-off <slot-map>

Power off selected FPCs. This command shuts down the FPC immediately. You can use the diagnose sys confsync status command to verify that the management board cannot communicate with the FPCs.

You can use the execute load-balance slot power-on command to start up powered off FPCs.

execute load-balance slot power-on <slot-map>

Power on and start up selected FPCs. It may take a few minutes for the FPCs to start up. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

execute load-balance slot reboot <slot-map>

Restart selected FPCs. It may take a few minutes for the FPCs to shut down and restart. You can use the diagnose sys confsync status command to verify that the FPCs have started up.

execute load-balance update image <slot>

After uploading a firmware image onto the FortiGate-6000 internal TFTP server, use this command to install this firmware image onto an FPC. <slot> is the FPC slot number. The firmware image is installed and the FPC restarts running the new firmware.

For more information, see Installing firmware on an individual FPC.

execute system console-server

From the management board CLI, the execute system console server command provides access to individual FPC consoles in your FortiGate-6000. Console access can be useful for troubleshooting. For example, if an FPC does not boot properly you can use console access to view the state of the FPC and enter commands to fix the problem or restart the FPC.

Note The execute system console-server commands allow access only to FPCs in the FortiGate-6000 that you are logged into. You can't use this command to access FPCs in the other FortiGate-6000 in an HA configuration.

You can use the config system console-server command to enable or disable the console server (enabled by default). For more information, see config system console-server.

execute system console-server clearline <line>

Clear an active console server. You can use this command to stop a console-server session that you have started with the execute system console-server connect command. <line> is the console server session number. Use the execute system console-server showline command to view the active console server sessions.

execute system console-server connect <slot>

Start a console-server connection from the management board CLI to an FPC CLI. <slot> is the FPC slot number. Authenticate to log into the console and use CLI commands to view information, make changes, or restart the FPC. When you are done, use Ctrl-X to exit from the console back to the management board CLI.

Using Ctrl-X may not work if you are accessing the CLI console from the GUI. Instead you may need to log out of the GUI and then log back in.

execute system console-server showline

Show active console-server sessions.

execute upload image {ftp | tftp | usb}

Use this command to upload a firmware image to the FortiGate-6000 internal TFTP server. Once you have uploaded this firmware image, you can install it on an FPC using the execute load-balance load-backup-image <slot> command.

You can get the firmware image from an external FTP server, an external TFTP server, or from a USB key plugged in the FortiGate-6000 USB port. Use the following syntax:

execute upload image ftp <image-file-and-path> <comment> <ftp-server-address> <username> <password>

execute upload image tftp <image-file> <comment> <tftp-server-address>

execute upload image usb <image-file-and-path> <comment>