Fortinet white logo
Fortinet white logo

CLI Reference

dvm

dvm

Use the following commands for DVM related settings.

dvm adom

Use this command to list or clone ADOMs.

Syntax

diagnose dvm adom clone <adom> <new_adom>

diagnose dvm adom reset-default-flags

diagnose dvm adom list

Variable

Description

clone <adom> <new_adom>

Clone an ADOM. Enter the name of the ADOM that will be cloned, and the name of the clone.

reset-default-flags

Reset ADOM default flags.

list

List ADOMs, state, product, OS version (OSVER), major release (MR), name, mode, VPN management, and IPS.

dvm capability

Use this command to set the DVM capability.

Syntax

diagnose dvm capability set {all | standard}

diagnose dvm capability show

Variable

Description

set {all | standard}

Set the capability to all or standard.

show

Show what the capability is set to.

dvm chassis

Use this command to list chassis and supported chassis models.

Syntax

diagnose dvm chassis list

diagnose dvm chassis supported models

Variable

Description

list

List chassis.

supported-models

List supported chassis models.

dvm check-integrity

Use this command to check the DVM database integrity.

Syntax

diagnose dvm check-integrity

dvm csf

Use this command to print the CSF configuration.

Syntax

diagnose dvm csf <adom> <category>

Variable

Description

<adom>

The ADOM name.

<category>

The category:

  • all: Dump all CSF categories
  • group: Dump CSF group
  • intf-role: Dump interface role
  • user-device: Dump user device

dvm dbstatus

Use this command to print the database status.

Syntax

diagnose dvm dbstatus

dvm debug

Use this command to enable/disable debug channels, and show debug message related to DVM.

Syntax

diagnose dvm debug {enable | disable} <channel> <channel> <channel> <channel> <channel>

diagnose dvm debug trace [filter]

Variable

Description

{enable | disable}

Enable/disable debug channels.

trace

Show the DVM debug message.

<channel>

The following channels are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor

<filter>

The following filters are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor.

dvm device

Use this command to list devices or objects referencing a device.

Syntax

diagnose dvm device coordinate <action> [device]

diagnose dvm device delete <adom> <device>

diagnose dvm device dynobj <device>

diagnose dvm device list <device> <vdom>

diagnose dvm device monitor <device> <api>

diagnose dvm device object-reference <device> <vdom> <category> <object>

Variable

Description

coordinate <action> [device]

List device coordinate.

Enter an action:

  • list

  • update

  • clear

Optionally, enter a device name or OID.

delete <adom> <device>

Delete a device in a specific ADOM.

dynobj <device>

List dynamic objects on this device.

list <device> <vdom>

List devices. Optionally, enter a device or VDOM name.

monitor <device> <api>

JSON API for device monitor. Specify the device name and the monitor API name.

object-reference <device> <vdom> <category> <object>

List object reference. Specify the device name, VDOM, category (or all for all categories), and object.

Example

The following example shows the results of running the monitor command for WiFi clients.

FMG-VM64 # diagnose dvm device monitor FortiGate-VM64 wifi/client

Request :

{

"id": 1473975442,

"method": "exec",

"params": [

{

"data": {

"action": "get",

"resource": "/api/v2/monitor/wifi/client",

"target": [

"adom/root/device/FortiGate-VM64"

]

},

"url": "sys/proxy/json"

}

]

}

Response :

{

"id": 1473975442,

"result": [

{

"data": [

{

"response": {

"action": "select",

"build": 0623,

"http_method": "GET",

"name": "client",

"path": "wifi",

"results": null,

"serial": "FGVMEV0000000000",

"status": "success",

"vdom": "root",

"version": "v7.0.12"

},

"status": {

"code": 0,

"message": "OK"

},

"target": "FortiGate-VM64"

}

],

"status": {

"code": 0,

"message": "OK"

},

"url": "sys/proxy/json"

}

]

}

dvm device-tree-update

Use this command to enable/disable device tree automatic updates.

Syntax

diagnose dvm device-tree-update {enable | disable}

Variable

Description

{enable | disable}

Enable/disable device tree automatic updates.

dvm extender

Use these commands to list FortiExtender devices, synchronize FortiExtender data via JSON, and perform other actions.

Syntax

diagnose dvm extender copy-data-to-device <device>

diagnose dvm extender import-profile <device> <vdom> <name>

diagnose dvm extender import-template <device> <extender id>

diagnose dvm extender list [device]

diagnose dvm extender reset-adom <adom> [clear-only] [skip-restart]

diagnose dvm extender set-template <device> <extender id> <template>

diagnose dvm extender sync-extender-data <device> [savedb] [syncadom] [task]

Variable

Description

copy-data-to-device <device>

Copy extender data (data plan and SIM profile) to the device. Enter the device name.

import-profile <device> <vdom> <name>

Import extender profile to the ADOM. Enter the device name or ID, VDOM, and profile name.

import-template <device> <extender id>

Import dataplan and SIM profile to the ADOM template. Enter the device name or ID, and the extender ID.

list [device]

List FortiExtender devices, or those connected to a specific device.

reset-adom <adom> [clear-only] [skip-restart]

Reset all extender data in the ADOM:

  • adom: Enter 104 for FortiCarrier, 130 for FortiFirewall, 134 for Unmanaged_Devices, and 3 for root

Optionally, use the following variables:

  • clear-only: Do not sync extender data to the ADOM

  • skip-restart: Do not restart FortiManager after the operation

set-template <device> <extender id> <template>

Set template to the extender modem. Enter the device name or ID, extender ID, and template.

sync-extender-data <device> [savedb] [syncadom] [task]

Synchronize FortiExtender data by JSON. Optionally: save the data to the database, synchronize the ADOM, and/or create a task.

dvm fap

Use this command to list the FortiAP devices connected to a device.

Syntax

diagnose dvm fap list <devname>

Variable

Description

<devname>

The name of the device.

dvm fsw

Use this command to list the FortiSwitch devices connected to a device.

Syntax

diagnose dvm fsw list <devname>

Variable

Description

<devname>

The name of the device.

dvm group

Use this command to list groups.

Syntax

diagnose dvm group list

Variable

Description

list

List groups.

dvm lock

Use this command to print the DVM lock states.

Syntax

diagnose dvm lock

dvm proc

Use this command to list DVM process (dvmcmd) information.

Syntax

diagnose dvm proc list

dvm remove

Use these commands to remove the autoupdate log files or remove all unused IPS package files.

Syntax

diagnose dvm remove autoupdate-log <device oid>

diagnose dvm remove unused-ips-packages

Variable

Description

autoupdate-log <device oid>

Remove autoupdate debug log files. Enter the device OID.

unused-ips-packages

Remove all unused IPS package files.

dvm supported-platforms

Use this command to list supported platforms and firmware versions.

Syntax

diagnose dvm supported-platforms fimg-list

diagnose dvm supported-platforms fortiswitch [<adom>]

diagnose dvm supported-platforms list <detail>

diagnose dvm supported-platforms mr-list

Variable

Description

fimg-list

List supported platforms by fimg ID.

fortiswitch [<adom>]

List supported platforms in FortiSwitch manager. Optionally, enter the ADOM name.

list <detail>

List supported platforms by device type. Enter detail to show details with syntax support.

mr-list

List supported platforms by major release.

dvm task

Use this command to repair or reset the task database.

Syntax

diagnose dvm task list <adom> <type>

diagnose dvm task repair

diagnose dvm task reset

Variable

Description

list <adom> <type>

List task database information.

repair

Repair the task database while preserving existing data where possible. The FortiManager will reboot after the repairs.

reset

Reset the task database to its factory default state. All existing tasks and the task history will be erased. The FortiManager will reboot after the reset.

dvm taskline

Use this command to repair the task lines.

Syntax

diagnose dvm taskline repair

Variable

Description

repair

Repair the task lines while preserving data wherever possible. The FortiManager will reboot after the repairs.

dvm transaction-flag

Use this command to edit or display DVM transaction flags.

Syntax

diagnose dvm transaction-flag [abort | debug | none]

Variable

Description

transaction-flag [abort | debug | none]

Set the transaction flag.

dvm workflow

Use this command to edit or display workflow information.

Syntax

diagnose dvm workflow log-list <adom_name> <workflow_session_ID>

diagnose dvm workflow session-list [adom_name]

diagnose dvm workflow workflow-db-reset <adom> [skip-restart]

Variable

Description

log list <adom_name> <workflow_session_ID>

List workflow session logs.

session list [adom_name]

List workflow sessions.

workflow-db-reset <adom> [skip-restart]

Reset workflow database from ADOM rundb. Optonally, don't restart FortiManager after the operation.

dvm

dvm

Use the following commands for DVM related settings.

dvm adom

Use this command to list or clone ADOMs.

Syntax

diagnose dvm adom clone <adom> <new_adom>

diagnose dvm adom reset-default-flags

diagnose dvm adom list

Variable

Description

clone <adom> <new_adom>

Clone an ADOM. Enter the name of the ADOM that will be cloned, and the name of the clone.

reset-default-flags

Reset ADOM default flags.

list

List ADOMs, state, product, OS version (OSVER), major release (MR), name, mode, VPN management, and IPS.

dvm capability

Use this command to set the DVM capability.

Syntax

diagnose dvm capability set {all | standard}

diagnose dvm capability show

Variable

Description

set {all | standard}

Set the capability to all or standard.

show

Show what the capability is set to.

dvm chassis

Use this command to list chassis and supported chassis models.

Syntax

diagnose dvm chassis list

diagnose dvm chassis supported models

Variable

Description

list

List chassis.

supported-models

List supported chassis models.

dvm check-integrity

Use this command to check the DVM database integrity.

Syntax

diagnose dvm check-integrity

dvm csf

Use this command to print the CSF configuration.

Syntax

diagnose dvm csf <adom> <category>

Variable

Description

<adom>

The ADOM name.

<category>

The category:

  • all: Dump all CSF categories
  • group: Dump CSF group
  • intf-role: Dump interface role
  • user-device: Dump user device

dvm dbstatus

Use this command to print the database status.

Syntax

diagnose dvm dbstatus

dvm debug

Use this command to enable/disable debug channels, and show debug message related to DVM.

Syntax

diagnose dvm debug {enable | disable} <channel> <channel> <channel> <channel> <channel>

diagnose dvm debug trace [filter]

Variable

Description

{enable | disable}

Enable/disable debug channels.

trace

Show the DVM debug message.

<channel>

The following channels are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor

<filter>

The following filters are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor.

dvm device

Use this command to list devices or objects referencing a device.

Syntax

diagnose dvm device coordinate <action> [device]

diagnose dvm device delete <adom> <device>

diagnose dvm device dynobj <device>

diagnose dvm device list <device> <vdom>

diagnose dvm device monitor <device> <api>

diagnose dvm device object-reference <device> <vdom> <category> <object>

Variable

Description

coordinate <action> [device]

List device coordinate.

Enter an action:

  • list

  • update

  • clear

Optionally, enter a device name or OID.

delete <adom> <device>

Delete a device in a specific ADOM.

dynobj <device>

List dynamic objects on this device.

list <device> <vdom>

List devices. Optionally, enter a device or VDOM name.

monitor <device> <api>

JSON API for device monitor. Specify the device name and the monitor API name.

object-reference <device> <vdom> <category> <object>

List object reference. Specify the device name, VDOM, category (or all for all categories), and object.

Example

The following example shows the results of running the monitor command for WiFi clients.

FMG-VM64 # diagnose dvm device monitor FortiGate-VM64 wifi/client

Request :

{

"id": 1473975442,

"method": "exec",

"params": [

{

"data": {

"action": "get",

"resource": "/api/v2/monitor/wifi/client",

"target": [

"adom/root/device/FortiGate-VM64"

]

},

"url": "sys/proxy/json"

}

]

}

Response :

{

"id": 1473975442,

"result": [

{

"data": [

{

"response": {

"action": "select",

"build": 0623,

"http_method": "GET",

"name": "client",

"path": "wifi",

"results": null,

"serial": "FGVMEV0000000000",

"status": "success",

"vdom": "root",

"version": "v7.0.12"

},

"status": {

"code": 0,

"message": "OK"

},

"target": "FortiGate-VM64"

}

],

"status": {

"code": 0,

"message": "OK"

},

"url": "sys/proxy/json"

}

]

}

dvm device-tree-update

Use this command to enable/disable device tree automatic updates.

Syntax

diagnose dvm device-tree-update {enable | disable}

Variable

Description

{enable | disable}

Enable/disable device tree automatic updates.

dvm extender

Use these commands to list FortiExtender devices, synchronize FortiExtender data via JSON, and perform other actions.

Syntax

diagnose dvm extender copy-data-to-device <device>

diagnose dvm extender import-profile <device> <vdom> <name>

diagnose dvm extender import-template <device> <extender id>

diagnose dvm extender list [device]

diagnose dvm extender reset-adom <adom> [clear-only] [skip-restart]

diagnose dvm extender set-template <device> <extender id> <template>

diagnose dvm extender sync-extender-data <device> [savedb] [syncadom] [task]

Variable

Description

copy-data-to-device <device>

Copy extender data (data plan and SIM profile) to the device. Enter the device name.

import-profile <device> <vdom> <name>

Import extender profile to the ADOM. Enter the device name or ID, VDOM, and profile name.

import-template <device> <extender id>

Import dataplan and SIM profile to the ADOM template. Enter the device name or ID, and the extender ID.

list [device]

List FortiExtender devices, or those connected to a specific device.

reset-adom <adom> [clear-only] [skip-restart]

Reset all extender data in the ADOM:

  • adom: Enter 104 for FortiCarrier, 130 for FortiFirewall, 134 for Unmanaged_Devices, and 3 for root

Optionally, use the following variables:

  • clear-only: Do not sync extender data to the ADOM

  • skip-restart: Do not restart FortiManager after the operation

set-template <device> <extender id> <template>

Set template to the extender modem. Enter the device name or ID, extender ID, and template.

sync-extender-data <device> [savedb] [syncadom] [task]

Synchronize FortiExtender data by JSON. Optionally: save the data to the database, synchronize the ADOM, and/or create a task.

dvm fap

Use this command to list the FortiAP devices connected to a device.

Syntax

diagnose dvm fap list <devname>

Variable

Description

<devname>

The name of the device.

dvm fsw

Use this command to list the FortiSwitch devices connected to a device.

Syntax

diagnose dvm fsw list <devname>

Variable

Description

<devname>

The name of the device.

dvm group

Use this command to list groups.

Syntax

diagnose dvm group list

Variable

Description

list

List groups.

dvm lock

Use this command to print the DVM lock states.

Syntax

diagnose dvm lock

dvm proc

Use this command to list DVM process (dvmcmd) information.

Syntax

diagnose dvm proc list

dvm remove

Use these commands to remove the autoupdate log files or remove all unused IPS package files.

Syntax

diagnose dvm remove autoupdate-log <device oid>

diagnose dvm remove unused-ips-packages

Variable

Description

autoupdate-log <device oid>

Remove autoupdate debug log files. Enter the device OID.

unused-ips-packages

Remove all unused IPS package files.

dvm supported-platforms

Use this command to list supported platforms and firmware versions.

Syntax

diagnose dvm supported-platforms fimg-list

diagnose dvm supported-platforms fortiswitch [<adom>]

diagnose dvm supported-platforms list <detail>

diagnose dvm supported-platforms mr-list

Variable

Description

fimg-list

List supported platforms by fimg ID.

fortiswitch [<adom>]

List supported platforms in FortiSwitch manager. Optionally, enter the ADOM name.

list <detail>

List supported platforms by device type. Enter detail to show details with syntax support.

mr-list

List supported platforms by major release.

dvm task

Use this command to repair or reset the task database.

Syntax

diagnose dvm task list <adom> <type>

diagnose dvm task repair

diagnose dvm task reset

Variable

Description

list <adom> <type>

List task database information.

repair

Repair the task database while preserving existing data where possible. The FortiManager will reboot after the repairs.

reset

Reset the task database to its factory default state. All existing tasks and the task history will be erased. The FortiManager will reboot after the reset.

dvm taskline

Use this command to repair the task lines.

Syntax

diagnose dvm taskline repair

Variable

Description

repair

Repair the task lines while preserving data wherever possible. The FortiManager will reboot after the repairs.

dvm transaction-flag

Use this command to edit or display DVM transaction flags.

Syntax

diagnose dvm transaction-flag [abort | debug | none]

Variable

Description

transaction-flag [abort | debug | none]

Set the transaction flag.

dvm workflow

Use this command to edit or display workflow information.

Syntax

diagnose dvm workflow log-list <adom_name> <workflow_session_ID>

diagnose dvm workflow session-list [adom_name]

diagnose dvm workflow workflow-db-reset <adom> [skip-restart]

Variable

Description

log list <adom_name> <workflow_session_ID>

List workflow session logs.

session list [adom_name]

List workflow sessions.

workflow-db-reset <adom> [skip-restart]

Reset workflow database from ADOM rundb. Optonally, don't restart FortiManager after the operation.