Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.0.0
    6.0.0

    Sub-commands

    Sub-commands

    Each command line consists of a command word that is usually followed by configuration data or other specific item that the command uses or affects:

    get system admin

    Sub-commands are available from within the scope of some commands. When you enter a sub-command level, the command prompt changes to indicate the name of the current command scope. For example, after entering:

    config system admin

    the command prompt becomes:

    (admin)#

    Applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command.

    For example, the edit sub-command is available only within a command that affects tables; the next sub-command is available only from within the edit sub-command:

    config system interface

    edit port1

    set status up

    next

    end

    Sub-command scope is indicated by indentation.

    Available sub-commands vary by command. From a command prompt within config, two types of sub-commands might become available:

    • commands affecting fields
    • commands affecting tables
    Commands for tables

    clone <table>

    Clone (or make a copy of) a table from the current object.

    For example, in config firewall policy, you could enter the following command to clone security policy 27 to create security policy 30:

    clone 27 to 30

    In config antivirus profile, you could enter the following command to clone an antivirus profile named av_pro_1 to create a new antivirus profile named av_pro_2:

    clone av_pro_1 to av_pro_2

    clone may not be available for all tables.
    delete <table>

    Remove a table from the current object.

    For example, in config system admin, you could delete an administrator account named newadmin by typing delete newadmin and pressing Enter. This deletes newadmin and all its fields, such as newadmin’s first-name and email-address.

    delete is only available within objects containing tables.
    edit <table>

    Create or edit a table in the current object.

    For example, in config system admin:

    • edit the settings for the default admin administrator account by typing edit admin.
    • add a new administrator account with the name newadmin and edit newadmin‘s settings by typing edit newadmin.

    edit is an interactive sub-command: further sub-commands are available from within edit.

    edit changes the prompt to reflect the table you are currently editing.

    edit is only available within objects containing tables.

    In objects such as security policies, <table> is a sequence number. To create a new entry without the risk of overwriting an existing one, enter edit 0. The CLI initially confirms the creation of entry 0, but assigns the next unused number after you finish editing and enter end.

    end

    Save the changes to the current object and exit the config command. This returns you to the top-level command prompt.
    get List the configuration of the current object or table.• In objects, get lists the table names (if present), or fields and their values.• In a table, get lists the fields and their values.For more information on get commands, see the CLI Reference.
    purge Remove all tables in the current object.For example, in config user local, you could type get to see the list of user names, then type purge and then y to confirm that you want to delete all users.purge is only available for objects containing tables.Caution: Back up the FortiGate before performing a purge. purge cannot be undone. To restore purged tables, the configuration must be restored from a backup.Caution: Do not purge system interface or system admin tables. purge does not provide default tables. This can result in being unable to connect or log in, requiring the FortiGate to be formatted and restored.
    rename <table> to <table> Rename a table.For example, in config system admin, you could rename admin3 to fwadmin by typing rename admin3 to fwadmin.rename is only available within objects containing tables.
    show Display changes to the default configuration. Changes are listed in the form of configuration commands.

    Example of table commands

    From within the system admin object, you might enter:

    edit admin_1

    The CLI acknowledges the new table, and changes the command prompt to show that you are now within the admin_1 table:

    new entry 'admin_1' added

    (admin_1)#

    Commands for fields

    abort

    Exit both the edit and/or config commands without saving the fields.

    append

    Add an option to an existing list.

    end

    Save the changes made to the current table or object fields, and exit the config command (to exit without saving, use abort instead).

    get

    List the configuration of the current object or table.

    • In objects, get lists the table names (if present), or fields and their values.
    • In a table, get lists the fields and their values.

    move

    Move an object within a list, when list order is important. For example, rearranging security policies within the policy list.

    next

    Save the changes you have made in the current table’s fields, and exit the edit command to the object prompt (to save and exit completely to the root prompt, use end instead).

    next is useful when you want to create or edit several tables in the same object, without leaving and re-entering the config command each time.

    next is only available from a table prompt; it is not available from an object prompt.

    select

    Clear all options except for those specified.

    For example, if a group contains members A, B, C, and D and you remove all users except for B, use the command select member B.

    set <field> <value>

    Set a field’s value.

    For example, in config system admin, after typing edit admin, you could type set password newpass to change the password of the admin administrator to newpass.

    Note: When using set to change a field containing a space-delimited list, type the whole new list. For example, set <field> <new‑value> will replace the list with the <new-value> rather than appending <new-value> to the list.

    show

    Display changes to the default configuration. Changes are listed in the form of configuration commands.

    unselect

    Remove an option from an existing list.

    unset <field>

    Reset the table or object’s fields to default values.

    For example, in config system admin, after typing edit admin, typing unset passwordresets the password of the admin administrator account to the default (in this case, no password).

    Example of field commands

    To assign the value my1stExamplePassword to the password field, enter the following command from within the admin_1 table:

    set password my1stExamplePassword

    Next, to save the changes and edit the next administrator's table, enter the next command.

    Previous
    Next

    Sub-commands

    Sub-commands

    Each command line consists of a command word that is usually followed by configuration data or other specific item that the command uses or affects:

    get system admin

    Sub-commands are available from within the scope of some commands. When you enter a sub-command level, the command prompt changes to indicate the name of the current command scope. For example, after entering:

    config system admin

    the command prompt becomes:

    (admin)#

    Applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command.

    For example, the edit sub-command is available only within a command that affects tables; the next sub-command is available only from within the edit sub-command:

    config system interface

    edit port1

    set status up

    next

    end

    Sub-command scope is indicated by indentation.

    Available sub-commands vary by command. From a command prompt within config, two types of sub-commands might become available:

    • commands affecting fields
    • commands affecting tables
    Commands for tables

    clone <table>

    Clone (or make a copy of) a table from the current object.

    For example, in config firewall policy, you could enter the following command to clone security policy 27 to create security policy 30:

    clone 27 to 30

    In config antivirus profile, you could enter the following command to clone an antivirus profile named av_pro_1 to create a new antivirus profile named av_pro_2:

    clone av_pro_1 to av_pro_2

    clone may not be available for all tables.
    delete <table>

    Remove a table from the current object.

    For example, in config system admin, you could delete an administrator account named newadmin by typing delete newadmin and pressing Enter. This deletes newadmin and all its fields, such as newadmin’s first-name and email-address.

    delete is only available within objects containing tables.
    edit <table>

    Create or edit a table in the current object.

    For example, in config system admin:

    • edit the settings for the default admin administrator account by typing edit admin.
    • add a new administrator account with the name newadmin and edit newadmin‘s settings by typing edit newadmin.

    edit is an interactive sub-command: further sub-commands are available from within edit.

    edit changes the prompt to reflect the table you are currently editing.

    edit is only available within objects containing tables.

    In objects such as security policies, <table> is a sequence number. To create a new entry without the risk of overwriting an existing one, enter edit 0. The CLI initially confirms the creation of entry 0, but assigns the next unused number after you finish editing and enter end.

    end

    Save the changes to the current object and exit the config command. This returns you to the top-level command prompt.
    get List the configuration of the current object or table.• In objects, get lists the table names (if present), or fields and their values.• In a table, get lists the fields and their values.For more information on get commands, see the CLI Reference.
    purge Remove all tables in the current object.For example, in config user local, you could type get to see the list of user names, then type purge and then y to confirm that you want to delete all users.purge is only available for objects containing tables.Caution: Back up the FortiGate before performing a purge. purge cannot be undone. To restore purged tables, the configuration must be restored from a backup.Caution: Do not purge system interface or system admin tables. purge does not provide default tables. This can result in being unable to connect or log in, requiring the FortiGate to be formatted and restored.
    rename <table> to <table> Rename a table.For example, in config system admin, you could rename admin3 to fwadmin by typing rename admin3 to fwadmin.rename is only available within objects containing tables.
    show Display changes to the default configuration. Changes are listed in the form of configuration commands.

    Example of table commands

    From within the system admin object, you might enter:

    edit admin_1

    The CLI acknowledges the new table, and changes the command prompt to show that you are now within the admin_1 table:

    new entry 'admin_1' added

    (admin_1)#

    Commands for fields

    abort

    Exit both the edit and/or config commands without saving the fields.

    append

    Add an option to an existing list.

    end

    Save the changes made to the current table or object fields, and exit the config command (to exit without saving, use abort instead).

    get

    List the configuration of the current object or table.

    • In objects, get lists the table names (if present), or fields and their values.
    • In a table, get lists the fields and their values.

    move

    Move an object within a list, when list order is important. For example, rearranging security policies within the policy list.

    next

    Save the changes you have made in the current table’s fields, and exit the edit command to the object prompt (to save and exit completely to the root prompt, use end instead).

    next is useful when you want to create or edit several tables in the same object, without leaving and re-entering the config command each time.

    next is only available from a table prompt; it is not available from an object prompt.

    select

    Clear all options except for those specified.

    For example, if a group contains members A, B, C, and D and you remove all users except for B, use the command select member B.

    set <field> <value>

    Set a field’s value.

    For example, in config system admin, after typing edit admin, you could type set password newpass to change the password of the admin administrator to newpass.

    Note: When using set to change a field containing a space-delimited list, type the whole new list. For example, set <field> <new‑value> will replace the list with the <new-value> rather than appending <new-value> to the list.

    show

    Display changes to the default configuration. Changes are listed in the form of configuration commands.

    unselect

    Remove an option from an existing list.

    unset <field>

    Reset the table or object’s fields to default values.

    For example, in config system admin, after typing edit admin, typing unset passwordresets the password of the admin administrator account to the default (in this case, no password).

    Example of field commands

    To assign the value my1stExamplePassword to the password field, enter the following command from within the admin_1 table:

    set password my1stExamplePassword

    Next, to save the changes and edit the next administrator's table, enter the next command.

    Previous
    Next