Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.6.3
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    execute vpn

    execute vpn

    vpn

    This topic includes the following commands:

    execute vpn certificate ca export tftp

    Export CA certificate to a TFTP server.

    execute vpn certificate ca export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    CA certificate name.

    string

    execute vpn certificate ca import auto

    Import CA certificate via SCEP.

    execute vpn certificate ca import auto <string>

    Parameter

    Description

    Type

    Size

    <string>

    URL of the CA server.

    string

    execute vpn certificate ca import bundle

    Import certificate bundle from a TFTP server.

    execute vpn certificate ca import bundle <string> <ip>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <ip>

    IP address of TFTP server.

    string

    execute vpn certificate ca import est

    Import CA certificate via EST.

    execute vpn certificate ca import est <string>

    Parameter

    Description

    Type

    Size

    <string>

    URL of the CA server. (e.g. https://example.com:1234).

    string

    execute vpn certificate ca import tftp

    Import CA certificate from a TFTP server.

    execute vpn certificate ca import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn certificate crl import auto

    Update CRL.

    execute vpn certificate crl import auto <string>

    Parameter

    Description

    Type

    Size

    <string>

    CRL name.

    string

    execute vpn certificate ems_ca import tftp

    Import Testing EMS CA certificate from a TFTP server.

    execute vpn certificate ems_ca import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn certificate hsm-local gch-get-versions

    List available crypto-key-versions.

    execute vpn certificate hsm-local gch-get-versions <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate hsm-local status

    Status check for an hsm-local certificate.

    execute vpn certificate hsm-local status <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate hsm-local verify

    Verify between hsm-local certificate and its private key.

    execute vpn certificate hsm-local verify <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate local export tftp

    Export local certificate or certificate request to a TFTP server.

    execute vpn certificate local export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate cmp-ec

    Generate a ECDSA certificate request over CMPv2.

    execute vpn certificate local generate cmp-ec <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate cmp-rsa

    Generate a RSA certificate request over CMPv2.

    execute vpn certificate local generate cmp-rsa <string> <number> <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    <number>

    Key size: 1024, 1536, 2048, 4096.

    string

    <string>

    Server ('ADDRESS:PORT' for CMP server, add 'https://' before address to enable ssl/tls).

    string

    execute vpn certificate local generate default-gui-mgmt-cert

    Generate the default GUI mgmt admin-server certificate.

    execute vpn certificate local generate default-gui-mgmt-cert

    execute vpn certificate local generate default-ssl-ca

    Generate the default CA certificate used by SSL Inspection.

    execute vpn certificate local generate default-ssl-ca

    execute vpn certificate local generate default-ssl-ca-untrusted

    Generate the default untrusted CA certificate used by SSL Inspection.

    execute vpn certificate local generate default-ssl-ca-untrusted

    execute vpn certificate local generate default-ssl-key-certs

    Generate the default RSA, DSA and ECDSA key certs for ssl resign.

    execute vpn certificate local generate default-ssl-key-certs

    execute vpn certificate local generate default-ssl-serv-key

    Generate the default server key used by SSL Inspection.

    execute vpn certificate local generate default-ssl-serv-key

    execute vpn certificate local generate ec

    Generate an elliptic curve certificate request.

    execute vpn certificate local generate ec <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate est

    Generate an certificate via Enrollment over Secure Transport.

    execute vpn certificate local generate est <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate rsa

    Generate a RSA certificate request.

    execute vpn certificate local generate rsa <string> <number> <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    <number>

    Key size: 1024, 1536, 2048, 4096.

    string

    <string>

    Subject (Host IP/Domain Name/E-Mail).

    string

    execute vpn certificate local import tftp

    Import the signed certificate from a TFTP server.

    execute vpn certificate local import tftp <string> <tftp server> <string> <Enter>|<passwd>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    <string>

    Certificate file type ('cer'|'p12').

    string

    <Enter>|<passwd>

    Password for PKCS12 file.

    string

    execute vpn certificate local verify

    Verify certificate and private key files match and regenerate if mismatched.

    execute vpn certificate local verify <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate remote export tftp

    Export REMOTE certificate to a TFTP server.

    execute vpn certificate remote export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    REMOTE certificate name.

    string

    execute vpn certificate remote import tftp

    Import REMOTE certificate from a TFTP server.

    execute vpn certificate remote import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn ikecrypt dhperf compute

    Run DH generate and compute benchmark.

    execute vpn ikecrypt dhperf compute <rounds>

    Parameter

    Description

    Type

    Size

    <rounds>

    Number of DH generate and compute rounds to perform per group <1-100000>.

    string

    execute vpn ikecrypt dhperf generate

    Run DH generate benchmark.

    execute vpn ikecrypt dhperf generate <rounds>

    Parameter

    Description

    Type

    Size

    <rounds>

    Number of DH generate rounds to perform per group <1-100000>.

    string

    execute vpn ipsec tunnel down

    Shut down the specified IPsec tunnel.

    execute vpn ipsec tunnel down <phase2> <phase1> <serial>

    Parameter

    Description

    Type

    Size

    <phase2>

    Phase2 name.

    string

    <phase1>

    Phase1 name.

    string

    <serial>

    Phase2 serial number.

    string

    execute vpn ipsec tunnel up

    Activate the specified IPsec tunnel.

    execute vpn ipsec tunnel up <phase2> <phase1> <serial>

    Parameter

    Description

    Type

    Size

    <phase2>

    Phase2 name.

    string

    <phase1>

    Phase1 name.

    string

    <serial>

    Phase2 serial number.

    string

    execute vpn sslvpn del-all

    Delete all connections under current VDOM.

    execute vpn sslvpn del-all <tunnel>

    Parameter

    Description

    Type

    Size

    <tunnel>

    Press <Enter> to delete all or type "tunnel" to delete sesison only.

    string

    execute vpn sslvpn del-tunnel

    Delete session connection.

    execute vpn sslvpn del-tunnel <index>

    Parameter

    Description

    Type

    Size

    <index>

    Session index.

    string

    execute vpn sslvpn del-web

    Delete web connection.

    execute vpn sslvpn del-web <index>

    Parameter

    Description

    Type

    Size

    <index>

    Web index.

    string

    execute vpn sslvpn list

    List connections.

    execute vpn sslvpn list <web|tunnel>

    Parameter

    Description

    Type

    Size

    <web|tunnel>

    Web or session.

    string

    Previous
    Next

    execute vpn

    execute vpn

    vpn

    This topic includes the following commands:

    execute vpn certificate ca export tftp

    Export CA certificate to a TFTP server.

    execute vpn certificate ca export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    CA certificate name.

    string

    execute vpn certificate ca import auto

    Import CA certificate via SCEP.

    execute vpn certificate ca import auto <string>

    Parameter

    Description

    Type

    Size

    <string>

    URL of the CA server.

    string

    execute vpn certificate ca import bundle

    Import certificate bundle from a TFTP server.

    execute vpn certificate ca import bundle <string> <ip>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <ip>

    IP address of TFTP server.

    string

    execute vpn certificate ca import est

    Import CA certificate via EST.

    execute vpn certificate ca import est <string>

    Parameter

    Description

    Type

    Size

    <string>

    URL of the CA server. (e.g. https://example.com:1234).

    string

    execute vpn certificate ca import tftp

    Import CA certificate from a TFTP server.

    execute vpn certificate ca import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn certificate crl import auto

    Update CRL.

    execute vpn certificate crl import auto <string>

    Parameter

    Description

    Type

    Size

    <string>

    CRL name.

    string

    execute vpn certificate ems_ca import tftp

    Import Testing EMS CA certificate from a TFTP server.

    execute vpn certificate ems_ca import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn certificate hsm-local gch-get-versions

    List available crypto-key-versions.

    execute vpn certificate hsm-local gch-get-versions <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate hsm-local status

    Status check for an hsm-local certificate.

    execute vpn certificate hsm-local status <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate hsm-local verify

    Verify between hsm-local certificate and its private key.

    execute vpn certificate hsm-local verify <string>

    Parameter

    Description

    Type

    Size

    <string>

    hsm-local certificate name.

    string

    execute vpn certificate local export tftp

    Export local certificate or certificate request to a TFTP server.

    execute vpn certificate local export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate cmp-ec

    Generate a ECDSA certificate request over CMPv2.

    execute vpn certificate local generate cmp-ec <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate cmp-rsa

    Generate a RSA certificate request over CMPv2.

    execute vpn certificate local generate cmp-rsa <string> <number> <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    <number>

    Key size: 1024, 1536, 2048, 4096.

    string

    <string>

    Server ('ADDRESS:PORT' for CMP server, add 'https://' before address to enable ssl/tls).

    string

    execute vpn certificate local generate default-gui-mgmt-cert

    Generate the default GUI mgmt admin-server certificate.

    execute vpn certificate local generate default-gui-mgmt-cert

    execute vpn certificate local generate default-ssl-ca

    Generate the default CA certificate used by SSL Inspection.

    execute vpn certificate local generate default-ssl-ca

    execute vpn certificate local generate default-ssl-ca-untrusted

    Generate the default untrusted CA certificate used by SSL Inspection.

    execute vpn certificate local generate default-ssl-ca-untrusted

    execute vpn certificate local generate default-ssl-key-certs

    Generate the default RSA, DSA and ECDSA key certs for ssl resign.

    execute vpn certificate local generate default-ssl-key-certs

    execute vpn certificate local generate default-ssl-serv-key

    Generate the default server key used by SSL Inspection.

    execute vpn certificate local generate default-ssl-serv-key

    execute vpn certificate local generate ec

    Generate an elliptic curve certificate request.

    execute vpn certificate local generate ec <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate est

    Generate an certificate via Enrollment over Secure Transport.

    execute vpn certificate local generate est <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate local generate rsa

    Generate a RSA certificate request.

    execute vpn certificate local generate rsa <string> <number> <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    <number>

    Key size: 1024, 1536, 2048, 4096.

    string

    <string>

    Subject (Host IP/Domain Name/E-Mail).

    string

    execute vpn certificate local import tftp

    Import the signed certificate from a TFTP server.

    execute vpn certificate local import tftp <string> <tftp server> <string> <Enter>|<passwd>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    <string>

    Certificate file type ('cer'|'p12').

    string

    <Enter>|<passwd>

    Password for PKCS12 file.

    string

    execute vpn certificate local verify

    Verify certificate and private key files match and regenerate if mismatched.

    execute vpn certificate local verify <string>

    Parameter

    Description

    Type

    Size

    <string>

    Local certificate name.

    string

    execute vpn certificate remote export tftp

    Export REMOTE certificate to a TFTP server.

    execute vpn certificate remote export tftp <string>

    Parameter

    Description

    Type

    Size

    <string>

    REMOTE certificate name.

    string

    execute vpn certificate remote import tftp

    Import REMOTE certificate from a TFTP server.

    execute vpn certificate remote import tftp <string> <tftp server>

    Parameter

    Description

    Type

    Size

    <string>

    File name on the TFTP server.

    string

    <tftp server>

    TFTP server IPv4, IPv6, or FQDN.

    string

    execute vpn ikecrypt dhperf compute

    Run DH generate and compute benchmark.

    execute vpn ikecrypt dhperf compute <rounds>

    Parameter

    Description

    Type

    Size

    <rounds>

    Number of DH generate and compute rounds to perform per group <1-100000>.

    string

    execute vpn ikecrypt dhperf generate

    Run DH generate benchmark.

    execute vpn ikecrypt dhperf generate <rounds>

    Parameter

    Description

    Type

    Size

    <rounds>

    Number of DH generate rounds to perform per group <1-100000>.

    string

    execute vpn ipsec tunnel down

    Shut down the specified IPsec tunnel.

    execute vpn ipsec tunnel down <phase2> <phase1> <serial>

    Parameter

    Description

    Type

    Size

    <phase2>

    Phase2 name.

    string

    <phase1>

    Phase1 name.

    string

    <serial>

    Phase2 serial number.

    string

    execute vpn ipsec tunnel up

    Activate the specified IPsec tunnel.

    execute vpn ipsec tunnel up <phase2> <phase1> <serial>

    Parameter

    Description

    Type

    Size

    <phase2>

    Phase2 name.

    string

    <phase1>

    Phase1 name.

    string

    <serial>

    Phase2 serial number.

    string

    execute vpn sslvpn del-all

    Delete all connections under current VDOM.

    execute vpn sslvpn del-all <tunnel>

    Parameter

    Description

    Type

    Size

    <tunnel>

    Press <Enter> to delete all or type "tunnel" to delete sesison only.

    string

    execute vpn sslvpn del-tunnel

    Delete session connection.

    execute vpn sslvpn del-tunnel <index>

    Parameter

    Description

    Type

    Size

    <index>

    Session index.

    string

    execute vpn sslvpn del-web

    Delete web connection.

    execute vpn sslvpn del-web <index>

    Parameter

    Description

    Type

    Size

    <index>

    Web index.

    string

    execute vpn sslvpn list

    List connections.

    execute vpn sslvpn list <web|tunnel>

    Parameter

    Description

    Type

    Size

    <web|tunnel>

    Web or session.

    string

    Previous
    Next