Fortinet white logo
Fortinet white logo

CLI Reference

Tips and tricks

Tips and tricks

Basic features and characteristics of the CLI environment provide support and ease of use for many CLI tasks.

Help

To display brief help during command entry, press the question mark (?) key.

Press the question mark (?) key at the command prompt to display a list of the commands available and a description of each command.

Type a word or part of a word, then press the question mark (?) key to display a list of valid word completions or subsequent words, and to display a description of each.

Shortcuts and key commands

Action

Keys

List valid word completions or subsequent words.

If multiple words could complete your entry, display all possible completions with helpful descriptions of each.

?

Complete the word with the next available match.

Press the key multiple times to cycle through available matches.

Tab

Recall the previous command.

Command memory is limited to the current session.

Up arrow, or Ctrl + P

Recall the next command.

Down arrow, or Ctrl + N

Move the cursor left or right within the command line.

Left or Right arrow

Move the cursor to the beginning of the command line.

Ctrl + A

Move the cursor to the end of the command line.

Ctrl + E

Move the cursor backwards one word.

Ctrl + B

Move the cursor forwards one word.

Ctrl + F

Delete the current character.

Ctrl + D

Abort current interactive commands, such as when entering multiple lines.

If you are not currently within an interactive command such as config or edit, this closes the CLI connection.

Ctrl + C

Continue typing a command on the next line for a multi-line command.

For each line that you want to continue, terminate it with a backslash ( \ ).

To complete the command line, terminate it by pressing the spacebar and then the Enter key, without an immediately preceding backslash.

\ then Enter

Command abbreviation

In most cases, you can abbreviate words in the command line to their smallest number of non-ambiguous characters. For example, the command get system status could be abbreviated to g sy st.

Some commands may not be abbreviated. See the notes in the specific commands.

Environment variables

The CLI supports the following environment variables. Variable names are case-sensitive.

$USERFROM

The management access type (ssh, telnet, jsconsole for the CLI Console widget and so on) and the IP address of the administrator that configured the item.

$USERNAME

The account name of the administrator that configured the item.

$SerialNum

The serial number of the FortiMail unit.

For example, the FortiMail unit’s host name can be set to its serial number.

config system global

set hostname $SerialNum

end

As another example, you could log in as admin1, then configure a restricted secondary administrator account for yourself named admin2, whose first-name is admin1 to indicate that it is another of your accounts:

config system admin

edit admin2

set first-name $USERNAME

Special characters

The characters <, >, (,), #, ', and “ are not permitted in most CLI fields. These characters are special characters, sometimes also called reserved characters.

You may be able to enter a special character as part of a string’s value by using a special command, enclosing it in quotes, or preceding it with an escape sequence — in this case, a backslash ( \ ) character.

Character

Keys

?

Ctrl + V then ?

Tab

Ctrl + V then Tab

Space

(to be interpreted as part of a string value, not to end the string)

Enclose the string in quotation marks: "Security Administrator".

Enclose the string in single quotes: 'Security Administrator'.

Precede the space with a backslash: Security\ Administrator.

'

(to be interpreted as part of a string value, not to end the string)

\'

"

(to be interpreted as part of a string value, not to end the string)

\"

\

\\

Language support

Characters such as ñ, é, symbols, and ideographs are sometimes acceptable input. Support varies by the nature of the item being configured.

For example, the host name must not contain special characters, and so the GUI and CLI will not accept most symbols and non-ASCII encoded characters as input when configuring the host name. This means that languages other than English often are not supported. However, some configuration items, such as names and comments, may be able to use the language of your choice. But dictionary profiles support terms encoded in UTF-8, and therefore support a number of languages.

In addition, names of items in the configuration entered using non-ASCII encodings may not display correctly in event log messages.

It is simplest to use only US-ASCII characters when configuring the FortiMail unit using the GUI or CLI. Using only ASCII, you do not need to worry about:

  • mail transfer agent (MTA) encoding support
  • mail user agent (MUA) language support
  • web browser language support
  • Telnet and/or SSH client support
  • font availability
  • compatibility of your input’s encoding with the encoding/language setting of the GUI
  • switching input methods when entering a command word such as get in ASCII but a setting that uses a different encoding

If you choose to configure parts of the FortiMail unit using non-ASCII characters, verify that all systems interacting with the FortiMail unit also support the same encodings. You should also use the same encoding throughout the configuration if possible in order to avoid needing to switch the language settings of the GUI and your web browser or Telnet/SSH client while you work.

Screen paging

You can configure the CLI to, when displaying multiple pages’ worth of output, pause after displaying each page’s worth of text. When the display pauses, the last line displays ‑‑More‑‑. You can then either:

  • Press the spacebar to display the next page.
  • Type Q to truncate the output and return to the command prompt.

This may be useful when displaying lengthy output, such as the list of possible matching commands for command completion, or a long list of settings. Rather than scrolling through or possibly exceeding the buffer of your terminal emulator, you can simply display one page at a time.

To configure the CLI display to pause when the screen is full:

config system console

set output more

end

Baud rate

You can change the default baud rate of the local console connection. For more information, see the FortiMail Administration Guide.

Editing the configuration file on an external host

You can edit the FortiMail configuration on an external host by first backing up the configuration file to a TFTP server. Then edit the configuration file and restore it to the FortiMail unit.

Editing the configuration on an external host can be time-saving if you have many changes to make, especially if your plain text editor provides advanced features such as batch changes.

To edit the configuration on your computer:
  1. Use backup to download the configuration file to a TFTP server, such as your management computer.
  2. Edit the configuration file using a plain text editor that supports Unix-style (LF only, not CR LF)line endings.

    Do not edit the first line. The first line(s) of the configuration file (preceded by a # character) contains information about the firmware version and FortiMail model. If you change the model number, the FortiMail unit will reject the configuration file when you attempt to restore it.

  3. Use restore config to upload the modified configuration file back to the FortiMail unit.

    The FortiMail unit downloads the configuration file and checks that the model information is correct. If it is, the FortiMail unit loads the configuration file and checks each command for errors. If a command is invalid, the FortiMail unit ignores the command. If the configuration file is valid, the FortiMail unit restarts and loads the new configuration.

Retrieve command default value

You can use the get default-value command to retrieve the default value of any command table and its objects, from anywhere in the CLI console. This can be especially useful since default values may vary depending upon other prerequisite commands, which FortiMail firmware version you are running, or which FortiMail model you have.

This feature also helps administrators avoid using the unset command in order to see what the default value of any given field may be.

For example, enter the following to retrieve the default values under config system admin:

get default-value system admin

System Time: 2023-08-17 09:07:28 PDT (Uptime: 1d 2h 5m)

access : cli gui rest

access-profile :

auth-strategy : local

language :

level : system

password : *

ssh-certificate :

sshkey :

status : enable

theme : Green

trusted-hosts : 0.0.0.0/0 ::/0

webmode : simple

wildcard : disable

Tips and tricks

Tips and tricks

Basic features and characteristics of the CLI environment provide support and ease of use for many CLI tasks.

Help

To display brief help during command entry, press the question mark (?) key.

Press the question mark (?) key at the command prompt to display a list of the commands available and a description of each command.

Type a word or part of a word, then press the question mark (?) key to display a list of valid word completions or subsequent words, and to display a description of each.

Shortcuts and key commands

Action

Keys

List valid word completions or subsequent words.

If multiple words could complete your entry, display all possible completions with helpful descriptions of each.

?

Complete the word with the next available match.

Press the key multiple times to cycle through available matches.

Tab

Recall the previous command.

Command memory is limited to the current session.

Up arrow, or Ctrl + P

Recall the next command.

Down arrow, or Ctrl + N

Move the cursor left or right within the command line.

Left or Right arrow

Move the cursor to the beginning of the command line.

Ctrl + A

Move the cursor to the end of the command line.

Ctrl + E

Move the cursor backwards one word.

Ctrl + B

Move the cursor forwards one word.

Ctrl + F

Delete the current character.

Ctrl + D

Abort current interactive commands, such as when entering multiple lines.

If you are not currently within an interactive command such as config or edit, this closes the CLI connection.

Ctrl + C

Continue typing a command on the next line for a multi-line command.

For each line that you want to continue, terminate it with a backslash ( \ ).

To complete the command line, terminate it by pressing the spacebar and then the Enter key, without an immediately preceding backslash.

\ then Enter

Command abbreviation

In most cases, you can abbreviate words in the command line to their smallest number of non-ambiguous characters. For example, the command get system status could be abbreviated to g sy st.

Some commands may not be abbreviated. See the notes in the specific commands.

Environment variables

The CLI supports the following environment variables. Variable names are case-sensitive.

$USERFROM

The management access type (ssh, telnet, jsconsole for the CLI Console widget and so on) and the IP address of the administrator that configured the item.

$USERNAME

The account name of the administrator that configured the item.

$SerialNum

The serial number of the FortiMail unit.

For example, the FortiMail unit’s host name can be set to its serial number.

config system global

set hostname $SerialNum

end

As another example, you could log in as admin1, then configure a restricted secondary administrator account for yourself named admin2, whose first-name is admin1 to indicate that it is another of your accounts:

config system admin

edit admin2

set first-name $USERNAME

Special characters

The characters <, >, (,), #, ', and “ are not permitted in most CLI fields. These characters are special characters, sometimes also called reserved characters.

You may be able to enter a special character as part of a string’s value by using a special command, enclosing it in quotes, or preceding it with an escape sequence — in this case, a backslash ( \ ) character.

Character

Keys

?

Ctrl + V then ?

Tab

Ctrl + V then Tab

Space

(to be interpreted as part of a string value, not to end the string)

Enclose the string in quotation marks: "Security Administrator".

Enclose the string in single quotes: 'Security Administrator'.

Precede the space with a backslash: Security\ Administrator.

'

(to be interpreted as part of a string value, not to end the string)

\'

"

(to be interpreted as part of a string value, not to end the string)

\"

\

\\

Language support

Characters such as ñ, é, symbols, and ideographs are sometimes acceptable input. Support varies by the nature of the item being configured.

For example, the host name must not contain special characters, and so the GUI and CLI will not accept most symbols and non-ASCII encoded characters as input when configuring the host name. This means that languages other than English often are not supported. However, some configuration items, such as names and comments, may be able to use the language of your choice. But dictionary profiles support terms encoded in UTF-8, and therefore support a number of languages.

In addition, names of items in the configuration entered using non-ASCII encodings may not display correctly in event log messages.

It is simplest to use only US-ASCII characters when configuring the FortiMail unit using the GUI or CLI. Using only ASCII, you do not need to worry about:

  • mail transfer agent (MTA) encoding support
  • mail user agent (MUA) language support
  • web browser language support
  • Telnet and/or SSH client support
  • font availability
  • compatibility of your input’s encoding with the encoding/language setting of the GUI
  • switching input methods when entering a command word such as get in ASCII but a setting that uses a different encoding

If you choose to configure parts of the FortiMail unit using non-ASCII characters, verify that all systems interacting with the FortiMail unit also support the same encodings. You should also use the same encoding throughout the configuration if possible in order to avoid needing to switch the language settings of the GUI and your web browser or Telnet/SSH client while you work.

Screen paging

You can configure the CLI to, when displaying multiple pages’ worth of output, pause after displaying each page’s worth of text. When the display pauses, the last line displays ‑‑More‑‑. You can then either:

  • Press the spacebar to display the next page.
  • Type Q to truncate the output and return to the command prompt.

This may be useful when displaying lengthy output, such as the list of possible matching commands for command completion, or a long list of settings. Rather than scrolling through or possibly exceeding the buffer of your terminal emulator, you can simply display one page at a time.

To configure the CLI display to pause when the screen is full:

config system console

set output more

end

Baud rate

You can change the default baud rate of the local console connection. For more information, see the FortiMail Administration Guide.

Editing the configuration file on an external host

You can edit the FortiMail configuration on an external host by first backing up the configuration file to a TFTP server. Then edit the configuration file and restore it to the FortiMail unit.

Editing the configuration on an external host can be time-saving if you have many changes to make, especially if your plain text editor provides advanced features such as batch changes.

To edit the configuration on your computer:
  1. Use backup to download the configuration file to a TFTP server, such as your management computer.
  2. Edit the configuration file using a plain text editor that supports Unix-style (LF only, not CR LF)line endings.

    Do not edit the first line. The first line(s) of the configuration file (preceded by a # character) contains information about the firmware version and FortiMail model. If you change the model number, the FortiMail unit will reject the configuration file when you attempt to restore it.

  3. Use restore config to upload the modified configuration file back to the FortiMail unit.

    The FortiMail unit downloads the configuration file and checks that the model information is correct. If it is, the FortiMail unit loads the configuration file and checks each command for errors. If a command is invalid, the FortiMail unit ignores the command. If the configuration file is valid, the FortiMail unit restarts and loads the new configuration.

Retrieve command default value

You can use the get default-value command to retrieve the default value of any command table and its objects, from anywhere in the CLI console. This can be especially useful since default values may vary depending upon other prerequisite commands, which FortiMail firmware version you are running, or which FortiMail model you have.

This feature also helps administrators avoid using the unset command in order to see what the default value of any given field may be.

For example, enter the following to retrieve the default values under config system admin:

get default-value system admin

System Time: 2023-08-17 09:07:28 PDT (Uptime: 1d 2h 5m)

access : cli gui rest

access-profile :

auth-strategy : local

language :

level : system

password : *

ssh-certificate :

sshkey :

status : enable

theme : Green

trusted-hosts : 0.0.0.0/0 ::/0

webmode : simple

wildcard : disable