Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    6.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    user quarantine

    user quarantine

    Use this command to enable the quarantine feature for managed FortiSwitches and/or FortiAPs. You can also use this command to create permanent quarantines of MAC addresses.

    Please note that, previously, a diminished version of this feature was found under config switch-controller quarantine, where only MAC adresses were able to be specified.

    History

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.1.

    Command Description

    config targets

    edit <name>

    delete <quarantine-entry-name>

    config macs

    edit <name>

    delete <mac-address>

    Previously, each FortiGate quarantined MAC addresses independently. Now MAC entries can be grouped together (based on their description), making it easier to remove multiple associated quarantine MACs at once.

    Use the delete option under config macs to release a single MAC address from quarantine, or use the delete option under config targets to delete all MAC addresses listed in an entry.

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

    Command Description

    config user quarantine

    New config command.

    This is an enhanced version of an old command, config switch-controller quarantine.

    		 
    config user quarantine
    set quarantine {enable | disable}   Enable/disable quarantine.
    config targets
        edit {entry}
        # Quarantine entry to hold multiple MACs.
            set entry {string}   Quarantine entry name. size[63]
            set description {string}   Description for the quarantine entry. size[63]
            config macs
                edit {mac}
                # Quarantine MACs.
                    set mac {mac address}   Quarantine MAC.
                    set entry-id {integer}   FSW entry id for the quarantine MAC. range[0-4294967295]
                    set description {string}   Description for the quarantine MAC. size[63]
                    set parent {string}   Parent entry name. size[63]
                next
        next
end
    Previous
    Next

    user quarantine

    user quarantine

    Use this command to enable the quarantine feature for managed FortiSwitches and/or FortiAPs. You can also use this command to create permanent quarantines of MAC addresses.

    Please note that, previously, a diminished version of this feature was found under config switch-controller quarantine, where only MAC adresses were able to be specified.

    History

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.1.

    Command Description

    config targets

    edit <name>

    delete <quarantine-entry-name>

    config macs

    edit <name>

    delete <mac-address>

    Previously, each FortiGate quarantined MAC addresses independently. Now MAC entries can be grouped together (based on their description), making it easier to remove multiple associated quarantine MACs at once.

    Use the delete option under config macs to release a single MAC address from quarantine, or use the delete option under config targets to delete all MAC addresses listed in an entry.

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

    Command Description

    config user quarantine

    New config command.

    This is an enhanced version of an old command, config switch-controller quarantine.

    		 
    config user quarantine
    set quarantine {enable | disable}   Enable/disable quarantine.
    config targets
        edit {entry}
        # Quarantine entry to hold multiple MACs.
            set entry {string}   Quarantine entry name. size[63]
            set description {string}   Description for the quarantine entry. size[63]
            config macs
                edit {mac}
                # Quarantine MACs.
                    set mac {mac address}   Quarantine MAC.
                    set entry-id {integer}   FSW entry id for the quarantine MAC. range[0-4294967295]
                    set description {string}   Description for the quarantine MAC. size[63]
                    set parent {string}   Parent entry name. size[63]
                next
        next
end
    Previous
    Next