Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.4.0 CLI Reference
    7.4.0
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Command syntax

    Command syntax

    When entering a command, the command line interface (CLI) requires that you use valid syntax, and conform to expected input constraints. It will reject invalid commands.

    Fortinet documentation uses the following conventions to describe valid command syntax.

    See also

    Using the CLI

    Terminology

    Each command line consists of a command word that is usually followed by words for the configuration data or other specific item that the command uses or affects:

    get system admin

    To describe the function of each word in the command line, especially if that nature has changed between firmware versions, Fortinet uses terms with the following definitions.

    config system interface

    edit <port_name>

    set status {up | down|

    set ip <interface_ipv4mask>

    next

    end

    Command syntax terminology:

    • Command — A word that begins the command line and indicates an action that the FortiMail unit should perform on a part of the configuration or host on the network, such as config or execute. Together with other words, such as fields or values, that end when you press the Enter key, it forms a command line. Exceptions include multi-line command lines, which can be entered using an escape sequence (See Shortcuts and key commands ).

    Valid command lines must be unambiguous if abbreviated (see Command abbreviation ). Optional words or other command line permutations are indicated by syntax notation (See Notation ).

    This CLI reference is organized alphabetically by object for the config command, and by the name of the command for remaining top-level commands.

    • Object — A part of the configuration that contains tables and/or fields. Valid command lines must be specific enough to indicate an individual object.
    • Subcommand — A kind of command that is available only when nested within the scope of another command. After entering a command, its applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command. Indentation is used to indicate levels of nested commands (See Indentation ).

    Not all top-level commands have sub-commands. Available sub-commands vary by their containing scope (See Sub-commands ).

    • Table — A set of fields that is one of possibly multiple similar sets which each have a name or number, such as an administrator account, policy, or network interface. These named or numbered sets are sometimes referenced by other parts of the configuration that use them (See Notation ).
    • Option — A kind of value that must be one or more words from of a fixed set of options (See Notation ).
    • Field — The name of a setting, such as ip or hostname. Fields in some tables must be configured with values. Failure to configure a required field will result in an invalid object configuration error message, and the FortiMail unit will discard the invalid table.
    • Value — A number, letter, IP address, or other type of input that is usually your configuration setting held by a field. Some commands, however, require multiple input values which may not be named but are simply entered in sequential order in the same command line. Valid input types are indicated by constraint notation (See Notation ).

    Indentation

    Indentation indicates levels of nested commands, which indicate what other sub-commands are available from within the scope.

    For example, the edit sub-command is available only within a command that affects tables, and the next sub-command is available only from within the edit sub-command:

    config system interface

    edit port1

    set status up

    next

    end

    For information about available sub-commands, see Sub-commands.

    See also

    Terminology

    Notation

    Notation

    Brackets, braces, and pipes are used to denote valid permutations of the syntax. Constraint notations, such as <address_ipv4>, indicate which data types or string patterns are acceptable value input.

    Command syntax notation:

    Convention

    Description

    Square brackets [ ]

    A non-required word or series of words. For example:

    [verbose {1 | 2 | 3}]

    indicates that you may either omit or type both the verbose word and its accompanying option, such as:

    verbose 3

    Angle brackets < >

    A word constrained by data type.

    To define acceptable input, the angled brackets contain a descriptive name followed by an underscore ( _ ) and suffix that indicates the valid data type. For example:

    <retries_int>

    indicates that you must enter a number of retries, such as 5.

    Data types include:

    • <xxx_name>: A name referring to another part of the configuration, such as policy_A.
    • <xxx_index>: An index number referring to another part of the configuration, such as 0 for the first static route.
    • <xxx_pattern>: A regular expression or word with wild cards that matches possible variations, such as *@example.com to match all email addresses ending in @example.com. If the pattern does not, for example, accept regular expressions, but requires wild cards only, note that in the Description column.
    • <xxx_fqdn>: A fully qualified domain name (FQDN), such as mail.example.com.
    • <xxx_email>: An email address, such as admin@mail.example.com.
    • <xxx_url>: A uniform resource locator (URL) and its associated protocol and host name prefix, which together form a uniform resource identifier (URI), such as http://www.fortinet./com/.
    • <xxx_ipv4>: An IPv4 address, such as 192.168.1.99.
    • <xxx_v4mask>: A dotted decimal IPv4 netmask, such as 255.255.255.0.
    • <xxx_ipv4mask>: A dotted decimal IPv4 address and netmask separated by a space, such as 192.168.1.99 255.255.255.0.
    • <xxx_ipv4/mask>: A dotted decimal IPv4 address and CIDR-notation netmask separated by a slash, such as such as 192.168.1.99/24.
    • <xxx_ipv4range>: A hyphen ( - ) delimited inclusive range of IPv4 addresses, such as 192.168.1.1-192.168.1.255.
    • <xxx_ipv6>: A colon( : )-delimited hexadecimal IPv6 address, such as 3f2e:6a8b:78a3:0d82:1725:6a2f:0370:6234.
    • <xxx_v6mask>: An IPv6 netmask, such as /96.
    • <xxx_ipv6mask>: An IPv6 address and netmask separated by a space.
    • <xxx_str>: A string of characters that is not another data type, such as P@ssw0rd. Strings containing spaces or special characters must be surrounded in quotes or use escape sequences. See Special characters .
    • <xxx_float>: A decimal number that is not another data type, such as 10.000000 for a threshold.
    • <xxx_int>: An integer number that is not another data type, such as 15 for the number of minutes.

    Curly braces { }

    A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces.

    You must enter at least one of the options, unless the set of options is surrounded by square brackets [ ].

    Options delimited by vertical bars |

    Mutually exclusive options. For example:

    {enable | disable}

    indicates that you must enter either enable or disable, but must not enter both.

    Options delimited by spaces

    Non-mutually exclusive options. For example:

    {http https ping snmp ssh telnet}

    indicates that you may enter all or a subset of those options, in any order, in a space-delimited list, such as:

    ping https ssh

    Note: To change the options, you must re-type the entire list. For example, to add snmp to the previous example, you would type:

    ping https snmp ssh

    If the option adds to or subtracts from the existing list of options, instead of replacing it, or if the list is comma-delimited, the exception will be noted.

    See also

    Indentation

    Terminology

    Previous
    Next

    Command syntax

    Command syntax

    When entering a command, the command line interface (CLI) requires that you use valid syntax, and conform to expected input constraints. It will reject invalid commands.

    Fortinet documentation uses the following conventions to describe valid command syntax.

    See also

    Using the CLI

    Terminology

    Each command line consists of a command word that is usually followed by words for the configuration data or other specific item that the command uses or affects:

    get system admin

    To describe the function of each word in the command line, especially if that nature has changed between firmware versions, Fortinet uses terms with the following definitions.

    config system interface

    edit <port_name>

    set status {up | down|

    set ip <interface_ipv4mask>

    next

    end

    Command syntax terminology:

    • Command — A word that begins the command line and indicates an action that the FortiMail unit should perform on a part of the configuration or host on the network, such as config or execute. Together with other words, such as fields or values, that end when you press the Enter key, it forms a command line. Exceptions include multi-line command lines, which can be entered using an escape sequence (See Shortcuts and key commands ).

    Valid command lines must be unambiguous if abbreviated (see Command abbreviation ). Optional words or other command line permutations are indicated by syntax notation (See Notation ).

    This CLI reference is organized alphabetically by object for the config command, and by the name of the command for remaining top-level commands.

    • Object — A part of the configuration that contains tables and/or fields. Valid command lines must be specific enough to indicate an individual object.
    • Subcommand — A kind of command that is available only when nested within the scope of another command. After entering a command, its applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command. Indentation is used to indicate levels of nested commands (See Indentation ).

    Not all top-level commands have sub-commands. Available sub-commands vary by their containing scope (See Sub-commands ).

    • Table — A set of fields that is one of possibly multiple similar sets which each have a name or number, such as an administrator account, policy, or network interface. These named or numbered sets are sometimes referenced by other parts of the configuration that use them (See Notation ).
    • Option — A kind of value that must be one or more words from of a fixed set of options (See Notation ).
    • Field — The name of a setting, such as ip or hostname. Fields in some tables must be configured with values. Failure to configure a required field will result in an invalid object configuration error message, and the FortiMail unit will discard the invalid table.
    • Value — A number, letter, IP address, or other type of input that is usually your configuration setting held by a field. Some commands, however, require multiple input values which may not be named but are simply entered in sequential order in the same command line. Valid input types are indicated by constraint notation (See Notation ).

    Indentation

    Indentation indicates levels of nested commands, which indicate what other sub-commands are available from within the scope.

    For example, the edit sub-command is available only within a command that affects tables, and the next sub-command is available only from within the edit sub-command:

    config system interface

    edit port1

    set status up

    next

    end

    For information about available sub-commands, see Sub-commands.

    See also

    Terminology

    Notation

    Notation

    Brackets, braces, and pipes are used to denote valid permutations of the syntax. Constraint notations, such as <address_ipv4>, indicate which data types or string patterns are acceptable value input.

    Command syntax notation:

    Convention

    Description

    Square brackets [ ]

    A non-required word or series of words. For example:

    [verbose {1 | 2 | 3}]

    indicates that you may either omit or type both the verbose word and its accompanying option, such as:

    verbose 3

    Angle brackets < >

    A word constrained by data type.

    To define acceptable input, the angled brackets contain a descriptive name followed by an underscore ( _ ) and suffix that indicates the valid data type. For example:

    <retries_int>

    indicates that you must enter a number of retries, such as 5.

    Data types include:

    • <xxx_name>: A name referring to another part of the configuration, such as policy_A.
    • <xxx_index>: An index number referring to another part of the configuration, such as 0 for the first static route.
    • <xxx_pattern>: A regular expression or word with wild cards that matches possible variations, such as *@example.com to match all email addresses ending in @example.com. If the pattern does not, for example, accept regular expressions, but requires wild cards only, note that in the Description column.
    • <xxx_fqdn>: A fully qualified domain name (FQDN), such as mail.example.com.
    • <xxx_email>: An email address, such as admin@mail.example.com.
    • <xxx_url>: A uniform resource locator (URL) and its associated protocol and host name prefix, which together form a uniform resource identifier (URI), such as http://www.fortinet./com/.
    • <xxx_ipv4>: An IPv4 address, such as 192.168.1.99.
    • <xxx_v4mask>: A dotted decimal IPv4 netmask, such as 255.255.255.0.
    • <xxx_ipv4mask>: A dotted decimal IPv4 address and netmask separated by a space, such as 192.168.1.99 255.255.255.0.
    • <xxx_ipv4/mask>: A dotted decimal IPv4 address and CIDR-notation netmask separated by a slash, such as such as 192.168.1.99/24.
    • <xxx_ipv4range>: A hyphen ( - ) delimited inclusive range of IPv4 addresses, such as 192.168.1.1-192.168.1.255.
    • <xxx_ipv6>: A colon( : )-delimited hexadecimal IPv6 address, such as 3f2e:6a8b:78a3:0d82:1725:6a2f:0370:6234.
    • <xxx_v6mask>: An IPv6 netmask, such as /96.
    • <xxx_ipv6mask>: An IPv6 address and netmask separated by a space.
    • <xxx_str>: A string of characters that is not another data type, such as P@ssw0rd. Strings containing spaces or special characters must be surrounded in quotes or use escape sequences. See Special characters .
    • <xxx_float>: A decimal number that is not another data type, such as 10.000000 for a threshold.
    • <xxx_int>: An integer number that is not another data type, such as 15 for the number of minutes.

    Curly braces { }

    A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces.

    You must enter at least one of the options, unless the set of options is surrounded by square brackets [ ].

    Options delimited by vertical bars |

    Mutually exclusive options. For example:

    {enable | disable}

    indicates that you must enter either enable or disable, but must not enter both.

    Options delimited by spaces

    Non-mutually exclusive options. For example:

    {http https ping snmp ssh telnet}

    indicates that you may enter all or a subset of those options, in any order, in a space-delimited list, such as:

    ping https ssh

    Note: To change the options, you must re-type the entire list. For example, to add snmp to the previous example, you would type:

    ping https snmp ssh

    If the option adds to or subtracts from the existing list of options, instead of replacing it, or if the list is comma-delimited, the exception will be noted.

    See also

    Indentation

    Terminology

    Previous
    Next