Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.0.5 Administration Guide
    7.0.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Command syntax

    Command syntax

    When entering a command, the CLI console requires that you use valid syntax and conform to expected input constraints. It rejects invalid commands. Indentation is used to indicate the levels of nested commands.

    Each command line consists of a command word, usually followed by configuration data or a specific item that the command uses or affects.

    Notation

    Brackets, vertical bars, and spaces are used to denote valid syntax. Constraint notations, such as <address_ipv4>, indicate which data types or string patterns are acceptable value input.

    All syntax uses the following conventions:

    Angle brackets < >

    Indicate a variable of the specified data type.

    Curly brackets { }

    Indicate that a variable or variables are mandatory.

    Square brackets [ ]

    Indicate that the variable or variables are optional.

    For example:

    show system interface [<name_str>]

    To show the settings for all interfaces, you can enter show system interface

    To show the settings for the Port1 interface, you can enter show system interface port1.

    Vertical bar |

    A vertical bar separates alternative, mutually exclusive options.

    For example:

    set protocol {ftp | sftp}

    You can enter either set protocol ftp or set protocol sftp.

    Space

    A space separates non-mutually exclusive options.

    For example:

    set allowaccess {ping https ssh snmp http fgfm radius-acct probe-response capwap ftm}

    You can enter any of the following:

    set allowaccess ping

    set allowaccess https ping ssh

    set allowaccess http https snmp ssh ping

    In most cases, to make changes to lists that contain options separated by spaces, you need to retype the entire list, including all the options that you want to apply and excluding all the options that you want to remove.

    Optional values and ranges

    Any field that is optional will use square-brackets. The overall config command will still be valid whether or not the option is configured.

    Square-brackets can be used is to show that multiple options can be set, even intermixed with ranges. The following example shows a field that can be set to either a specific value or range, or multiple instances:

    config firewall service custom
    set iprange <range1> [<range2> <range3> ...]
end

    next

    The next command is used to maintain a hierarchy and flow to CLI commands. It is at the same indentation level as the preceding edit command, to mark where a table entry finishes.

    The following example shows the next command used in the subcommand entries:

    After configuring table entry <2> then entering next, the <2> table entry is saved and the console returns to the entries prompt:

    You can now create more table entries as needed, or enter end to save the table and return to the filepattern table element prompt.

    end

    The end command is used to maintain a hierarchy and flow to CLI commands.

    The following example shows the same command and subcommand as the next command example, except end has been entered instead of next after the subcommand:

    Entering end will save the <2> table entry and the table, and exit the entries subcommand entirely. The console returns to the filepattern table element prompt:

    Previous
    Next

    Command syntax

    Command syntax

    When entering a command, the CLI console requires that you use valid syntax and conform to expected input constraints. It rejects invalid commands. Indentation is used to indicate the levels of nested commands.

    Each command line consists of a command word, usually followed by configuration data or a specific item that the command uses or affects.

    Notation

    Brackets, vertical bars, and spaces are used to denote valid syntax. Constraint notations, such as <address_ipv4>, indicate which data types or string patterns are acceptable value input.

    All syntax uses the following conventions:

    Angle brackets < >

    Indicate a variable of the specified data type.

    Curly brackets { }

    Indicate that a variable or variables are mandatory.

    Square brackets [ ]

    Indicate that the variable or variables are optional.

    For example:

    show system interface [<name_str>]

    To show the settings for all interfaces, you can enter show system interface

    To show the settings for the Port1 interface, you can enter show system interface port1.

    Vertical bar |

    A vertical bar separates alternative, mutually exclusive options.

    For example:

    set protocol {ftp | sftp}

    You can enter either set protocol ftp or set protocol sftp.

    Space

    A space separates non-mutually exclusive options.

    For example:

    set allowaccess {ping https ssh snmp http fgfm radius-acct probe-response capwap ftm}

    You can enter any of the following:

    set allowaccess ping

    set allowaccess https ping ssh

    set allowaccess http https snmp ssh ping

    In most cases, to make changes to lists that contain options separated by spaces, you need to retype the entire list, including all the options that you want to apply and excluding all the options that you want to remove.

    Optional values and ranges

    Any field that is optional will use square-brackets. The overall config command will still be valid whether or not the option is configured.

    Square-brackets can be used is to show that multiple options can be set, even intermixed with ranges. The following example shows a field that can be set to either a specific value or range, or multiple instances:

    config firewall service custom
    set iprange <range1> [<range2> <range3> ...]
end

    next

    The next command is used to maintain a hierarchy and flow to CLI commands. It is at the same indentation level as the preceding edit command, to mark where a table entry finishes.

    The following example shows the next command used in the subcommand entries:

    After configuring table entry <2> then entering next, the <2> table entry is saved and the console returns to the entries prompt:

    You can now create more table entries as needed, or enter end to save the table and return to the filepattern table element prompt.

    end

    The end command is used to maintain a hierarchy and flow to CLI commands.

    The following example shows the same command and subcommand as the next command example, except end has been entered instead of next after the subcommand:

    Entering end will save the <2> table entry and the table, and exit the entries subcommand entirely. The console returns to the filepattern table element prompt:

    Previous
    Next