Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

FortiGate-7000F execute CLI commands

FortiGate-7000F execute CLI commands

This chapter describes the FortiGate-7000F execute commands. Many of these commands are only available from the FIM CLI.

execute factoryreset-shutdown

You can use this command to reset the configuration of the FortiGate-7000F FIMs and FPMs before shutting the system down. This command is normally used in preparation for resetting and shutting down a FortiGate-7000F.

execute ha manage <id>

In an HA configuration, use this command to log in to the primary FIM of the secondary FortiGate-7000F.

<id> is the ID of the secondary FortiGate-7000F. Usually the primary FortiGate-7000F ID is 0 and the secondary ID is 1. You can enter the ? to see the list of IDs that you can connect to.

After you have logged in, you can manage the secondary FortiGate-7000F from the primary FIM or you can use the execute-load-balance slot manage command to connect to the other FIM and the FPMs in the secondary FortiGate-7000F.

execute load-balance console-mgmt {disable | enable}

Enable or disable the console disconnect command on the SMM CLI. If the console disconnect command is enabled, you can log into one of the SMM consoles and use the console disconnect command to disconnect the other SMM console.

The FortiGate-7000F SMM has two consoles that you can use to connect to the SMM CLI or to the CLIs of any of the FIMs or FPMs in the FortiGate-7000F system. However, the system only supports one console connection to a module at a time. So if the other SMM console is connected to an FIM or FPM that you want to connect to, you have to disconnect the other SMM console to be able to connect to the FIM or FPM.

To disconnect the other SMM console, you can log into the SMM CLI and use the console disconnect command to disconnect the other console.

You can use this command to enable or disable this functionality.

execute load-balance console-mgmt disconnect <console>

Disconnect one of the SMM consoles from the FIM or FPM that it is connected to. <console> is the number of the console to disconnect.

This command allows you to disconnect a SMM console session from the FIM CLI without having to log into the SMM CLI.

execute load-balance console-mgmt info

This command shows whether the SMM console disconnect command is enabled or disabled and also shows which modules the SMM consoles are connected to or if they are disconnected.

execute load-balance license-mgmt list

List the licenses that have been added to this FortiGate-7000F, including a license for extra VDOMs and FortiClient licenses.

execute load-balance license-mgmt reset {all | crypto-key | forticlient | vdom}

Reset FortiClient and VDOM licenses added to this FortiGate-7000F to factory defaults.

Specify crypto-key to re-generate crypto keys that are generated when the FortiGate-7000F first starts up.

Use all to reset all licenses and crypto keys.

Resetting licenses and crypto keys doesn't restart the FortiGate-7000F.

execute load-balance slot manage {<chassis>.slot | <slot>}

Log into the CLI of an individual FIM or FPM. Use <slot> to specify the FIM or FPM slot number.

In an FGCP HA cluster you must also include the <chassis> number, which can be 1 or 2.

You will be asked to authenticate to connect to the FIM or FPM. Use the exit command to end the session and return to the CLI from which you ran the original command.

execute load-balance slot power-off <slot-map>

Power off selected FPMs. This command shuts down the FPM immediately. You can use the diagnose sys confsync status command to verify that the FIMs cannot communicate with the FPMs.

You can use the execute load-balance slot power-on command to start up powered off FPMs.

execute load-balance slot power-on <slot-map>

Power on and start up selected FPMs. It may take a few minutes for the FPMs to start up. You can use the diagnose sys confsync status command to verify that the FPMs have started up.

execute load-balance slot reboot <slot-map>

Restart selected FPMs. It may take a few minutes for the FPMs to shut down and restart. You can use the diagnose sys confsync status command to verify that the FPMs have started up.

execute load-balance slot set-primary-worker <slot>

Force an FPM to always be the primary FPM, <slot> is the FPM slot number.

The change takes place right away and all new primary FPM sessions are sent to the new primary FPM. Sessions that had been processed by the former primary FPM do not switch over, but continue to be processed by the former primary FPM.

This command is most often used for troubleshooting or testing. Since the command does not change the configuration, if the FortiGate-7000F restarts, the usual primary FPM selection process occurs.

FortiGate-7000F execute CLI commands

FortiGate-7000F execute CLI commands

This chapter describes the FortiGate-7000F execute commands. Many of these commands are only available from the FIM CLI.

execute factoryreset-shutdown

You can use this command to reset the configuration of the FortiGate-7000F FIMs and FPMs before shutting the system down. This command is normally used in preparation for resetting and shutting down a FortiGate-7000F.

execute ha manage <id>

In an HA configuration, use this command to log in to the primary FIM of the secondary FortiGate-7000F.

<id> is the ID of the secondary FortiGate-7000F. Usually the primary FortiGate-7000F ID is 0 and the secondary ID is 1. You can enter the ? to see the list of IDs that you can connect to.

After you have logged in, you can manage the secondary FortiGate-7000F from the primary FIM or you can use the execute-load-balance slot manage command to connect to the other FIM and the FPMs in the secondary FortiGate-7000F.

execute load-balance console-mgmt {disable | enable}

Enable or disable the console disconnect command on the SMM CLI. If the console disconnect command is enabled, you can log into one of the SMM consoles and use the console disconnect command to disconnect the other SMM console.

The FortiGate-7000F SMM has two consoles that you can use to connect to the SMM CLI or to the CLIs of any of the FIMs or FPMs in the FortiGate-7000F system. However, the system only supports one console connection to a module at a time. So if the other SMM console is connected to an FIM or FPM that you want to connect to, you have to disconnect the other SMM console to be able to connect to the FIM or FPM.

To disconnect the other SMM console, you can log into the SMM CLI and use the console disconnect command to disconnect the other console.

You can use this command to enable or disable this functionality.

execute load-balance console-mgmt disconnect <console>

Disconnect one of the SMM consoles from the FIM or FPM that it is connected to. <console> is the number of the console to disconnect.

This command allows you to disconnect a SMM console session from the FIM CLI without having to log into the SMM CLI.

execute load-balance console-mgmt info

This command shows whether the SMM console disconnect command is enabled or disabled and also shows which modules the SMM consoles are connected to or if they are disconnected.

execute load-balance license-mgmt list

List the licenses that have been added to this FortiGate-7000F, including a license for extra VDOMs and FortiClient licenses.

execute load-balance license-mgmt reset {all | crypto-key | forticlient | vdom}

Reset FortiClient and VDOM licenses added to this FortiGate-7000F to factory defaults.

Specify crypto-key to re-generate crypto keys that are generated when the FortiGate-7000F first starts up.

Use all to reset all licenses and crypto keys.

Resetting licenses and crypto keys doesn't restart the FortiGate-7000F.

execute load-balance slot manage {<chassis>.slot | <slot>}

Log into the CLI of an individual FIM or FPM. Use <slot> to specify the FIM or FPM slot number.

In an FGCP HA cluster you must also include the <chassis> number, which can be 1 or 2.

You will be asked to authenticate to connect to the FIM or FPM. Use the exit command to end the session and return to the CLI from which you ran the original command.

execute load-balance slot power-off <slot-map>

Power off selected FPMs. This command shuts down the FPM immediately. You can use the diagnose sys confsync status command to verify that the FIMs cannot communicate with the FPMs.

You can use the execute load-balance slot power-on command to start up powered off FPMs.

execute load-balance slot power-on <slot-map>

Power on and start up selected FPMs. It may take a few minutes for the FPMs to start up. You can use the diagnose sys confsync status command to verify that the FPMs have started up.

execute load-balance slot reboot <slot-map>

Restart selected FPMs. It may take a few minutes for the FPMs to shut down and restart. You can use the diagnose sys confsync status command to verify that the FPMs have started up.

execute load-balance slot set-primary-worker <slot>

Force an FPM to always be the primary FPM, <slot> is the FPM slot number.

The change takes place right away and all new primary FPM sessions are sent to the new primary FPM. Sessions that had been processed by the former primary FPM do not switch over, but continue to be processed by the former primary FPM.

This command is most often used for troubleshooting or testing. Since the command does not change the configuration, if the FortiGate-7000F restarts, the usual primary FPM selection process occurs.