Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system automation-action

    config system automation-action

    Action for automation stitches.

    config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set accprofile {string}
        set action-type [email|fortiexplorer-notification|...]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set alicloud-function-authorization [anonymous|function]
        set aws-api-key {password}
        set azure-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set description {var-string}
        set duration {integer}
        set email-from {var-string}
        set email-subject {var-string}
        set email-to <name1>, <name2>, ...
        set execute-security-fabric [enable|disable]
        set file-only [enable|disable]
        config form-data
            Description: Form data parts for content type multipart/form-data.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set forticare-email [enable|disable]
        set http-body {var-string}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set log-debug-print [enable|disable]
        set message {string}
        set message-type [text|json|...]
        set method [post|put|...]
        set minimum-interval {integer}
        set output-interval {integer}
        set output-size {integer}
        set port {integer}
        set protocol [http|https]
        set regular-expression {var-string}
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set script {var-string}
        set sdn-connector <name1>, <name2>, ...
        set security-tag {string}
        set system-action [reboot|shutdown|...]
        set timeout {integer}
        set tls-certificate {string}
        set uri {var-string}
        set verify-host-cert [enable|disable]
    next
end

    config system automation-action

    Parameter

    Description

    Type

    Size

    Default

    accprofile

    Access profile for CLI script action to access FortiGate features.

    string

    Maximum length: 35

    action-type

    Action type.

    option

    -

    alert

    Option

    Description

    email

    Send notification email.

    fortiexplorer-notification

    Send push notification to FortiExplorer.

    alert

    Generate FortiOS dashboard alert.

    disable-ssid

    Disable interface.

    system-actions

    Perform immediate system operations on this FortiGate unit.

    quarantine

    Quarantine host.

    quarantine-forticlient

    Quarantine FortiClient by EMS.

    quarantine-nsx

    Quarantine NSX instance.

    quarantine-fortinac

    Quarantine host by FortiNAC.

    ban-ip

    Ban IP address.

    aws-lambda

    Send log data to integrated AWS service.

    azure-function

    Send log data to an Azure function.

    google-cloud-function

    Send log data to a Google Cloud function.

    alicloud-function

    Send log data to an AliCloud function.

    webhook

    Send an HTTP request.

    cli-script

    Run CLI script.

    diagnose-script

    Run diagnose script.

    regular-expression

    Match pattern on input text.

    slack-notification

    Send a notification message to a Slack incoming webhook.

    microsoft-teams-notification

    Send a notification message to a Microsoft Teams incoming webhook.

    alicloud-access-key-id

    AliCloud AccessKey ID.

    string

    Maximum length: 35

    alicloud-access-key-secret

    AliCloud AccessKey secret.

    password

    Not Specified

    alicloud-function-authorization

    AliCloud function authorization type.

    option

    -

    anonymous

    Option

    Description

    anonymous

    Anonymous authorization (No authorization required).

    function

    Function authorization (Authorization required).

    aws-api-key

    AWS API Gateway API key.

    password

    Not Specified

    azure-api-key

    Azure function API key.

    password

    Not Specified

    azure-function-authorization

    Azure function authorization level.

    option

    -

    anonymous

    Option

    Description

    anonymous

    Anonymous authorization level (No authorization required).

    function

    Function authorization level (Function or Host Key required).

    admin

    Admin authorization level (Master Host Key required).

    description

    Description.

    var-string

    Maximum length: 255

    duration

    Maximum running time for this script in seconds.

    integer

    Minimum value: 1 Maximum value: 36000

    5

    email-from

    Email sender name.

    var-string

    Maximum length: 127

    email-subject

    Email subject.

    var-string

    Maximum length: 511

    email-to <name>

    Email addresses.

    Email address.

    string

    Maximum length: 255

    execute-security-fabric

    Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

    option

    -

    disable

    Option

    Description

    enable

    CLI script executes on all FortiGate units in the Security Fabric.

    disable

    CLI script executes only on the FortiGate unit that the stitch is triggered.

    file-only

    Enable/disable the output in files only.

    option

    -

    disable

    Option

    Description

    enable

    The output of the diag CLI will only be files.

    disable

    The output of the diag CLI will be in raw text, output larger than 64KB will be in files.

    forticare-email

    Enable/disable use of your FortiCare email address as the email-to address.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of your FortiCare email address as the email-to address.

    disable

    Disable use of your FortiCare email address as the email-to address.

    http-body

    Request body (if necessary). Should be serialized json string.

    var-string

    Maximum length: 4095

    log-debug-print

    Enable/disable logging debug print output from diagnose action.

    option

    -

    disable

    Option

    Description

    enable

    Enable logging debug print output from diagnose action.

    disable

    Disable logging debug print output from diagnose action.

    message

    Message content.

    string

    Maximum length: 4095

    Time: %%log.date%% %%log.time%% Device: %%log.devid%% (%%log.vd%%) Level: %%log.level%% Event: %%log.logdesc%% Raw log: %%log%%

    message-type

    Message type.

    option

    -

    text

    Option

    Description

    text

    Plaintext.

    json

    Custom JSON.

    form-data

    Multipart/form-data

    method

    Request method (POST, PUT, GET, PATCH or DELETE).

    option

    -

    post

    Option

    Description

    post

    POST.

    put

    PUT.

    get

    GET.

    patch

    PATCH.

    delete

    DELETE.

    minimum-interval

    Limit execution to no more than once in this interval (in seconds).

    integer

    Minimum value: 0 Maximum value: 2592000

    0

    name

    Name.

    string

    Maximum length: 64

    output-interval

    Collect the outputs for each output-interval in seconds (0 = no intermediate output).

    integer

    Minimum value: 0 Maximum value: 36000

    0

    output-size

    Number of megabytes to limit script output to (1 - 1024, default = 10).

    integer

    Minimum value: 1 Maximum value: 1024

    10

    port

    Protocol port.

    integer

    Minimum value: 1 Maximum value: 65535

    0

    protocol

    Request protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP.

    https

    HTTPS.

    regular-expression

    Regular expression string.

    var-string

    Maximum length: 1023

    replacement-message

    Enable/disable replacement message.

    option

    -

    disable

    Option

    Description

    enable

    Enable replacement message.

    disable

    Disable replacement message.

    replacemsg-group

    Replacement message group.

    string

    Maximum length: 35

    script

    CLI script.

    var-string

    Maximum length: 1023

    sdn-connector <name>

    NSX SDN connector names.

    SDN connector name.

    string

    Maximum length: 79

    security-tag

    NSX security tag.

    string

    Maximum length: 255

    system-action

    System action type.

    option

    -

    Option

    Description

    reboot

    Reboot this FortiGate unit.

    shutdown

    Shutdown this FortiGate unit.

    backup-config

    Backup current configuration to the disk revisions.

    timeout

    Maximum running time for this script in seconds (0 = no timeout).

    integer

    Minimum value: 0 Maximum value: 300

    0

    tls-certificate

    Custom TLS certificate for API request.

    string

    Maximum length: 35

    uri

    Request API URI.

    var-string

    Maximum length: 1023

    verify-host-cert

    Enable/disable verification of the remote host certificate.

    option

    -

    enable

    Option

    Description

    enable

    Enable verification of the remote host certificate.

    disable

    Disable verification of the remote host certificate.

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    id

    Entry ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    key

    Key of the part of Multipart/form-data.

    var-string

    Maximum length: 1023

    value

    Value of the part of Multipart/form-data.

    var-string

    Maximum length: 4095

    config http-headers

    Parameter

    Description

    Type

    Size

    Default

    id

    Entry ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    key

    Request header key.

    var-string

    Maximum length: 1023

    value

    Request header value.

    var-string

    Maximum length: 4095

    Previous
    Next

    config system automation-action

    config system automation-action

    Action for automation stitches.

    config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set accprofile {string}
        set action-type [email|fortiexplorer-notification|...]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set alicloud-function-authorization [anonymous|function]
        set aws-api-key {password}
        set azure-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set description {var-string}
        set duration {integer}
        set email-from {var-string}
        set email-subject {var-string}
        set email-to <name1>, <name2>, ...
        set execute-security-fabric [enable|disable]
        set file-only [enable|disable]
        config form-data
            Description: Form data parts for content type multipart/form-data.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set forticare-email [enable|disable]
        set http-body {var-string}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set log-debug-print [enable|disable]
        set message {string}
        set message-type [text|json|...]
        set method [post|put|...]
        set minimum-interval {integer}
        set output-interval {integer}
        set output-size {integer}
        set port {integer}
        set protocol [http|https]
        set regular-expression {var-string}
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set script {var-string}
        set sdn-connector <name1>, <name2>, ...
        set security-tag {string}
        set system-action [reboot|shutdown|...]
        set timeout {integer}
        set tls-certificate {string}
        set uri {var-string}
        set verify-host-cert [enable|disable]
    next
end

    config system automation-action

    Parameter

    Description

    Type

    Size

    Default

    accprofile

    Access profile for CLI script action to access FortiGate features.

    string

    Maximum length: 35

    action-type

    Action type.

    option

    -

    alert

    Option

    Description

    email

    Send notification email.

    fortiexplorer-notification

    Send push notification to FortiExplorer.

    alert

    Generate FortiOS dashboard alert.

    disable-ssid

    Disable interface.

    system-actions

    Perform immediate system operations on this FortiGate unit.

    quarantine

    Quarantine host.

    quarantine-forticlient

    Quarantine FortiClient by EMS.

    quarantine-nsx

    Quarantine NSX instance.

    quarantine-fortinac

    Quarantine host by FortiNAC.

    ban-ip

    Ban IP address.

    aws-lambda

    Send log data to integrated AWS service.

    azure-function

    Send log data to an Azure function.

    google-cloud-function

    Send log data to a Google Cloud function.

    alicloud-function

    Send log data to an AliCloud function.

    webhook

    Send an HTTP request.

    cli-script

    Run CLI script.

    diagnose-script

    Run diagnose script.

    regular-expression

    Match pattern on input text.

    slack-notification

    Send a notification message to a Slack incoming webhook.

    microsoft-teams-notification

    Send a notification message to a Microsoft Teams incoming webhook.

    alicloud-access-key-id

    AliCloud AccessKey ID.

    string

    Maximum length: 35

    alicloud-access-key-secret

    AliCloud AccessKey secret.

    password

    Not Specified

    alicloud-function-authorization

    AliCloud function authorization type.

    option

    -

    anonymous

    Option

    Description

    anonymous

    Anonymous authorization (No authorization required).

    function

    Function authorization (Authorization required).

    aws-api-key

    AWS API Gateway API key.

    password

    Not Specified

    azure-api-key

    Azure function API key.

    password

    Not Specified

    azure-function-authorization

    Azure function authorization level.

    option

    -

    anonymous

    Option

    Description

    anonymous

    Anonymous authorization level (No authorization required).

    function

    Function authorization level (Function or Host Key required).

    admin

    Admin authorization level (Master Host Key required).

    description

    Description.

    var-string

    Maximum length: 255

    duration

    Maximum running time for this script in seconds.

    integer

    Minimum value: 1 Maximum value: 36000

    5

    email-from

    Email sender name.

    var-string

    Maximum length: 127

    email-subject

    Email subject.

    var-string

    Maximum length: 511

    email-to <name>

    Email addresses.

    Email address.

    string

    Maximum length: 255

    execute-security-fabric

    Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

    option

    -

    disable

    Option

    Description

    enable

    CLI script executes on all FortiGate units in the Security Fabric.

    disable

    CLI script executes only on the FortiGate unit that the stitch is triggered.

    file-only

    Enable/disable the output in files only.

    option

    -

    disable

    Option

    Description

    enable

    The output of the diag CLI will only be files.

    disable

    The output of the diag CLI will be in raw text, output larger than 64KB will be in files.

    forticare-email

    Enable/disable use of your FortiCare email address as the email-to address.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of your FortiCare email address as the email-to address.

    disable

    Disable use of your FortiCare email address as the email-to address.

    http-body

    Request body (if necessary). Should be serialized json string.

    var-string

    Maximum length: 4095

    log-debug-print

    Enable/disable logging debug print output from diagnose action.

    option

    -

    disable

    Option

    Description

    enable

    Enable logging debug print output from diagnose action.

    disable

    Disable logging debug print output from diagnose action.

    message

    Message content.

    string

    Maximum length: 4095

    Time: %%log.date%% %%log.time%% Device: %%log.devid%% (%%log.vd%%) Level: %%log.level%% Event: %%log.logdesc%% Raw log: %%log%%

    message-type

    Message type.

    option

    -

    text

    Option

    Description

    text

    Plaintext.

    json

    Custom JSON.

    form-data

    Multipart/form-data

    method

    Request method (POST, PUT, GET, PATCH or DELETE).

    option

    -

    post

    Option

    Description

    post

    POST.

    put

    PUT.

    get

    GET.

    patch

    PATCH.

    delete

    DELETE.

    minimum-interval

    Limit execution to no more than once in this interval (in seconds).

    integer

    Minimum value: 0 Maximum value: 2592000

    0

    name

    Name.

    string

    Maximum length: 64

    output-interval

    Collect the outputs for each output-interval in seconds (0 = no intermediate output).

    integer

    Minimum value: 0 Maximum value: 36000

    0

    output-size

    Number of megabytes to limit script output to (1 - 1024, default = 10).

    integer

    Minimum value: 1 Maximum value: 1024

    10

    port

    Protocol port.

    integer

    Minimum value: 1 Maximum value: 65535

    0

    protocol

    Request protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP.

    https

    HTTPS.

    regular-expression

    Regular expression string.

    var-string

    Maximum length: 1023

    replacement-message

    Enable/disable replacement message.

    option

    -

    disable

    Option

    Description

    enable

    Enable replacement message.

    disable

    Disable replacement message.

    replacemsg-group

    Replacement message group.

    string

    Maximum length: 35

    script

    CLI script.

    var-string

    Maximum length: 1023

    sdn-connector <name>

    NSX SDN connector names.

    SDN connector name.

    string

    Maximum length: 79

    security-tag

    NSX security tag.

    string

    Maximum length: 255

    system-action

    System action type.

    option

    -

    Option

    Description

    reboot

    Reboot this FortiGate unit.

    shutdown

    Shutdown this FortiGate unit.

    backup-config

    Backup current configuration to the disk revisions.

    timeout

    Maximum running time for this script in seconds (0 = no timeout).

    integer

    Minimum value: 0 Maximum value: 300

    0

    tls-certificate

    Custom TLS certificate for API request.

    string

    Maximum length: 35

    uri

    Request API URI.

    var-string

    Maximum length: 1023

    verify-host-cert

    Enable/disable verification of the remote host certificate.

    option

    -

    enable

    Option

    Description

    enable

    Enable verification of the remote host certificate.

    disable

    Disable verification of the remote host certificate.

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    id

    Entry ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    key

    Key of the part of Multipart/form-data.

    var-string

    Maximum length: 1023

    value

    Value of the part of Multipart/form-data.

    var-string

    Maximum length: 4095

    config http-headers

    Parameter

    Description

    Type

    Size

    Default

    id

    Entry ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    key

    Request header key.

    var-string

    Maximum length: 1023

    value

    Request header value.

    var-string

    Maximum length: 4095

    Previous
    Next