Fortinet black logo

Administration Guide

Subcommands

Subcommands

Subcommands are available from within the scope of some commands. When you enter a subcommand level, the command prompt changes to indicate the name of the current command scope. For example, after entering:

config system admin

the command prompt becomes:

(admin)#

Applicable subcommands are available until you exit the command, or descend an additional level into another subcommand. Subcommand scope is indicated by indentation.

For example, the edit subcommand is only available in commands that affects tables, and the next subcommand is available only in the edit subcommand:

config system interface

edit port1

set status up

next

end

The available subcommands vary by command. From a command prompt under the config command, subcommands that affect tables and fields could be available.

Table subcommands

edit <table_row>

Create or edit a table value.

In objects such as security policies, <table_row> is a sequence number. To create a new table entry without accidentally editing an existing entry, enter edit 0. The CLI will confirm that creation of entry 0, but will assign the next unused number when the entry is saved after entering end or next.

For example, to create a new firewall policy, enter the following commands:

config firewall policy

edit 0

....

next

end

To edit an existing policy, enter the following commands:

config firewall policy

edit 27

....

next

end

The edit subcommand changes the command prompt to the name of the table value that is being edited.

delete <table_row>

Delete a table value.

For example, to delete firewall policy 30, enter the following commands:

config firewall policy

delete 30

end

purge

Clear all table values.

The purge command cannot be undone. To restore purged table values, the configuration must be restored from a backup.

move

Move an ordered table value.

In the firewall policy table, this equivalent to dragging a policy into a new position. It does not change the policy's ID number.

For example, to move policy 27 to policy 30, enter the following commands:

config firewall policy

move 27 to 30

end

The move subcommand is only available in tables where the order of the table entries matters.

clone <table_row> to <table_row>

Make a clone of a table entry.

For example, to create firewall policy 30 as a clone of policy 27, enter the following commands:

config firewall policy

clone 27 to 30

end

The clone subcommand may not be available for all tables.

rename <table_row> to <table_row>

Rename a table entry.

For example to rename an administrator from Flank to Frank, enter the following commands:

config system admin

rename Flank to Frank

end

The rename subcommand is only available in tables where the entries can be renamed.

get

List the current table entries.

For example, to view the existing firewall policy table entries, enter the following commands:

config firewall policy

get

show

Show the configuration. Only table entries that are not set to default values are shown.

end

Save the configuration and exit the current config command.

Caution

Purging the system interface or system admin tables does not reset default table values. This can result in being unable to connect to or log in to the FortiGate, requiring the FortiGate to be formatted and restored.

Field subcommands

set <field> <value>

Modify the value of a field.

For example, the command set fsso enable sets the fsso field to the value enable.

unset

Set the field to its default value.

select

Clear all of the options except for those specified.

For example, if a group contains members A, B, C, and D, to remove all members except for B, use the command select member B.

unselect

Remove an option from an existing list.

For example, if a group contains members A, B, C, and D, to remove only member B, use the command unselect member B.

append

Add an option to an existing multi-option table value.

clear

Clear all the options from a multi-option table value.

get

List the configuration of the current table entry, including default and customized values.

show

Show the configuration. Only values that are not set to default values are shown.

next

Save changes to the table entry and exit the edit command so that you can configure the next table entry.

abort

Exit the command without saving.

end

Save the configuration and exit the current config command.

Subcommands

Subcommands are available from within the scope of some commands. When you enter a subcommand level, the command prompt changes to indicate the name of the current command scope. For example, after entering:

config system admin

the command prompt becomes:

(admin)#

Applicable subcommands are available until you exit the command, or descend an additional level into another subcommand. Subcommand scope is indicated by indentation.

For example, the edit subcommand is only available in commands that affects tables, and the next subcommand is available only in the edit subcommand:

config system interface

edit port1

set status up

next

end

The available subcommands vary by command. From a command prompt under the config command, subcommands that affect tables and fields could be available.

Table subcommands

edit <table_row>

Create or edit a table value.

In objects such as security policies, <table_row> is a sequence number. To create a new table entry without accidentally editing an existing entry, enter edit 0. The CLI will confirm that creation of entry 0, but will assign the next unused number when the entry is saved after entering end or next.

For example, to create a new firewall policy, enter the following commands:

config firewall policy

edit 0

....

next

end

To edit an existing policy, enter the following commands:

config firewall policy

edit 27

....

next

end

The edit subcommand changes the command prompt to the name of the table value that is being edited.

delete <table_row>

Delete a table value.

For example, to delete firewall policy 30, enter the following commands:

config firewall policy

delete 30

end

purge

Clear all table values.

The purge command cannot be undone. To restore purged table values, the configuration must be restored from a backup.

move

Move an ordered table value.

In the firewall policy table, this equivalent to dragging a policy into a new position. It does not change the policy's ID number.

For example, to move policy 27 to policy 30, enter the following commands:

config firewall policy

move 27 to 30

end

The move subcommand is only available in tables where the order of the table entries matters.

clone <table_row> to <table_row>

Make a clone of a table entry.

For example, to create firewall policy 30 as a clone of policy 27, enter the following commands:

config firewall policy

clone 27 to 30

end

The clone subcommand may not be available for all tables.

rename <table_row> to <table_row>

Rename a table entry.

For example to rename an administrator from Flank to Frank, enter the following commands:

config system admin

rename Flank to Frank

end

The rename subcommand is only available in tables where the entries can be renamed.

get

List the current table entries.

For example, to view the existing firewall policy table entries, enter the following commands:

config firewall policy

get

show

Show the configuration. Only table entries that are not set to default values are shown.

end

Save the configuration and exit the current config command.

Caution

Purging the system interface or system admin tables does not reset default table values. This can result in being unable to connect to or log in to the FortiGate, requiring the FortiGate to be formatted and restored.

Field subcommands

set <field> <value>

Modify the value of a field.

For example, the command set fsso enable sets the fsso field to the value enable.

unset

Set the field to its default value.

select

Clear all of the options except for those specified.

For example, if a group contains members A, B, C, and D, to remove all members except for B, use the command select member B.

unselect

Remove an option from an existing list.

For example, if a group contains members A, B, C, and D, to remove only member B, use the command unselect member B.

append

Add an option to an existing multi-option table value.

clear

Clear all the options from a multi-option table value.

get

List the configuration of the current table entry, including default and customized values.

show

Show the configuration. Only values that are not set to default values are shown.

next

Save changes to the table entry and exit the edit command so that you can configure the next table entry.

abort

Exit the command without saving.

end

Save the configuration and exit the current config command.