Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiManager 6.4.8 CLI Reference
    6.4.8
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.12
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.0
    4.0.0

    interface

    interface

    Use this command to edit the configuration of a FortiManager network interface.

    Syntax

    config system interface

    edit <port>

    set status {up | down}

    set ip <ipv4_mask>

    set allowaccess {http https ping snmp ssh webservice}

    set serviceaccess {fclupdates fgtupdates webfilter-antispam}

    set update-service-ip <ip&netmask>

    set rating-service-ip <ip&netmask>

    set speed {1000full 100full 100half 10full 10half auto}

    set description <string>

    set alias <string>

    set mtu <integer>

    config ipv6

    set ip6-address <ipv6 prefix>

    set ip6-allowaccess {http https https-logging ping snmp ssh webservice}

    set ip6-autoconf {enable | disable}

    end

    end

    Variable

    Description

    <port>

    The port can be set to a port number such as port1, port2, port3, or port4. Different FortiManager models have different numbers of ports.

    status {up | down}

    Start (up) or stop (down) the interface (default = up). If the interface is stopped it does not accept or send packets. If you stop a physical interface, VLAN interfaces associated with it also stop.

    ip <ipv4_mask>

    Enter the interface IPv4 address and netmask. The IPv4 address cannot be on the same subnet as any other interface.

    allowaccess {http https ping snmp ssh webservice}

    Enter the types of management access permitted on this interface. Separate multiple selected types with spaces.

    If you want to add or remove an option from the list, retype the list as required.

    serviceaccess {fclupdates fgtupdates webfilter-antispam}

    Enter the types of service access permitted on this interface. Separate multiple selected types with spaces. If you want to add or remove an option from the list, retype the list as required.

    • fclupdates: FortiClient updates access.
    • fgtupdates: FortiGate updates access.
    • webfilter-antispam: Web filtering and antispam access.

    update-service-ip <ip&netmask>

    The IP address for the FortiGate update service. It must be on the same subnet as the interface IP address.

    This variable is only available when serviceaccess is fgtupdates.

    rating-service-ip <ip&netmask>

    The IP address for the FortiGate rating service. It must be on the same subnet as the interface IP address.

    This variable is only available when serviceaccess is webfilter-antispam.

    speed {1000full 100full 100half 10full 10half auto}

    Enter the speed and duplexing the network port uses:

    • 100full: 100M full-duplex
    • 100half: 100M half-duplex
    • 10full: 10M full-duplex
    • 10half: 10M half-duplex
    • auto: Automatically negotiate the fastest common speed (default)

    description <string>

    Enter a description of the interface (character limit = 63).

    alias <string>

    Enter an alias for the interface.

    mtu <integer>

    Set the maximum transportation unit (68 - 9000, default = 1500).

    Variables forconfig ipv6subcommand:

    ip6-address <ipv6 prefix>

    IPv6 address/prefix of interface.

    ip6-allowaccess {http https https-logging ping snmp ssh webservice}

    Allow management access to the interface.

    ip6-autoconf {enable | disable}

    Enable/disable address automatic configuration (SLAAC) (default = enable).

    Example

    This example shows how to set the FortiManager port1 interface IPv4 address and network mask to 192.168.100.159 and 255.255.255.0, and the management access to ping, https, and ssh.

    config system interface

    edit port1

    set allowaccess ping https ssh

    set ip 192.168.110.26 255.255.255.0

    set status up

    end

    Previous
    Next

    interface

    interface

    Use this command to edit the configuration of a FortiManager network interface.

    Syntax

    config system interface

    edit <port>

    set status {up | down}

    set ip <ipv4_mask>

    set allowaccess {http https ping snmp ssh webservice}

    set serviceaccess {fclupdates fgtupdates webfilter-antispam}

    set update-service-ip <ip&netmask>

    set rating-service-ip <ip&netmask>

    set speed {1000full 100full 100half 10full 10half auto}

    set description <string>

    set alias <string>

    set mtu <integer>

    config ipv6

    set ip6-address <ipv6 prefix>

    set ip6-allowaccess {http https https-logging ping snmp ssh webservice}

    set ip6-autoconf {enable | disable}

    end

    end

    Variable

    Description

    <port>

    The port can be set to a port number such as port1, port2, port3, or port4. Different FortiManager models have different numbers of ports.

    status {up | down}

    Start (up) or stop (down) the interface (default = up). If the interface is stopped it does not accept or send packets. If you stop a physical interface, VLAN interfaces associated with it also stop.

    ip <ipv4_mask>

    Enter the interface IPv4 address and netmask. The IPv4 address cannot be on the same subnet as any other interface.

    allowaccess {http https ping snmp ssh webservice}

    Enter the types of management access permitted on this interface. Separate multiple selected types with spaces.

    If you want to add or remove an option from the list, retype the list as required.

    serviceaccess {fclupdates fgtupdates webfilter-antispam}

    Enter the types of service access permitted on this interface. Separate multiple selected types with spaces. If you want to add or remove an option from the list, retype the list as required.

    • fclupdates: FortiClient updates access.
    • fgtupdates: FortiGate updates access.
    • webfilter-antispam: Web filtering and antispam access.

    update-service-ip <ip&netmask>

    The IP address for the FortiGate update service. It must be on the same subnet as the interface IP address.

    This variable is only available when serviceaccess is fgtupdates.

    rating-service-ip <ip&netmask>

    The IP address for the FortiGate rating service. It must be on the same subnet as the interface IP address.

    This variable is only available when serviceaccess is webfilter-antispam.

    speed {1000full 100full 100half 10full 10half auto}

    Enter the speed and duplexing the network port uses:

    • 100full: 100M full-duplex
    • 100half: 100M half-duplex
    • 10full: 10M full-duplex
    • 10half: 10M half-duplex
    • auto: Automatically negotiate the fastest common speed (default)

    description <string>

    Enter a description of the interface (character limit = 63).

    alias <string>

    Enter an alias for the interface.

    mtu <integer>

    Set the maximum transportation unit (68 - 9000, default = 1500).

    Variables forconfig ipv6subcommand:

    ip6-address <ipv6 prefix>

    IPv6 address/prefix of interface.

    ip6-allowaccess {http https https-logging ping snmp ssh webservice}

    Allow management access to the interface.

    ip6-autoconf {enable | disable}

    Enable/disable address automatic configuration (SLAAC) (default = enable).

    Example

    This example shows how to set the FortiManager port1 interface IPv4 address and network mask to 192.168.100.159 and 255.255.255.0, and the management access to ping, https, and ssh.

    config system interface

    edit port1

    set allowaccess ping https ssh

    set ip 192.168.110.26 255.255.255.0

    set status up

    end

    Previous
    Next