Fortinet white logo
Fortinet white logo

CLI Reference

fmpolicy

fmpolicy

Use these commands to perform policy and object related actions:

fmpolicy check-upgrade-object

Use this command to check/upgrade objects by syntax.

Syntax

execute fmpolicy check-upgrade-object manual {checking | fixing} {basic | auto | misc | full}

execute fmpolicy check-upgrade-object report

execute fmpolicy check-upgrade-object reset

Variable

Description

<action>

Enter the auto upgrade action:

  • manual: run auto-upgrade manually.
  • report: show checking/upgrade report.
  • reset: cleanup saved checking/upgrade status

{checking | fixing}

  • checking: only do checking.
  • fixing: checking and fixing.

{basic | auto | misc | full}

  • basic: only do basic (know cases) checking/fixing.
  • auto: only do auto (syntax based) checking/fixing.
  • misc: only do misc (know cases) checking/fixing.
  • full: do a full basic/auto/misc checking/fixing.

fmpolicy clone-adom-object

Use this command to clone an ADOM object.

Syntax

execute fmpolicy clone-adom-object <src-adom> <category> <key> <target-adom> <new-key>

Variable

Description

<arc-adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<target-adom>

Enter the name of the target ADOM.

<new-key>

Enter the name of the new key.

fmpolicy copy-adom-object

Use this command to set the policy to copy an ADOM object.

Syntax

execute fmpolicy copy-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy install-config

Use this command to install the configuration for an ADOM.

Syntax

execute fmpolicy install-config <adom> <device_id> <revname>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_id>

Enter the device id of the ADOM.

<revname>

Enter the revision name.

fmpolicy link-adom-object

Use this command to link ADOM object to the device DB.

Syntax

execute fmpolicy link-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM:

104: FortiCarrier

148: FortiFirewall

128: Unmanaged_Devices

3: root

<category>

Enter the category name.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy print-adom-database

Use this command to display the device database configuration for an ADOM.

Syntax

execute fmpolicy print-adom-database <adom_name> <output_filename>

fmpolicy print-adom-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-adom-object <adom_name>

execute fmpolicy print-adom-object <adom_name> <category> {all | list} <output>

execute fmpolicy print-adom-object Global <category> {all | list} <output>

Variable

Description

<adom_name>

Enter the name of the ADOM or “Global”.

<category>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package

Use this command to display the package for an ADOM.

Syntax

execute fmpolicy print-adom-package <adom> <template_name> <package_name> <category_name> <object_name> [<output>]

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<template_name>

Enter the policy package/template name.

<package_name>

Enter the package name ID.

<category_name>

Enter the category name.

<object_name>

Show object by name.

  • all: Show all objects.
  • list: Get all objects.

[<output>]

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package-assignment

Use this command to display the packages and provisioning templates assignment information for an ADOM.

Syntax

execute fmpolicy print-adom-package-assignment <adom> <policy package/template name>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”:

  • 104: FortiCarrier

  • 149: FortiFirewall

  • 128: Unmanaged_Devices

  • 3: root

<policy package/template name>

Enter the policy package or the template name:

  • 1: Policy Packages

  • 5: System Templates

  • 8: FortiClient Templates

  • 9: Threat Weight Templates

  • 10: WTP Packages

  • 14: FortiExtender Packages

  • 11: WAN Templates

  • 12: FortiSwitch Packages

  • 20: All Non-policy Packages

fmpolicy print-adom-policyblock

Use this command to display the policy block for an ADOM.

Syntax

execute fmpolicy print-adom-policyblock <adom> <policy_block_name> <category_name> <object_name> <output>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<policy_block_name>

Enter the policy block name ID.

<category_name>

Enter the category name.

<object_name>

Show object by name.

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-database

Use this command to print the device database configuration.

Syntax

execute fmpolicy print-device-database <adom> <device_name> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-nonsync-config

Use this command to print the device non-HAsync configuration.

Syntax

execute fmpolicy print-device-nonsync-config <adom> <device_name> <member> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<member>

Enter the HA member's serial number.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-device-object <adom> <device_name> <vdom> <category> {<key> | list | all} <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<vdom>

Enter the VDOM name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy promote-adom-object

Use this command to promote an ADOM object.

Syntax

execute fmpolicy promote-adom-object <adom> <category> <key> <new-key>

Variable

Description

<adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<new-key>

Enter the name of the new key.

fmpolicy upload-print-log

Use this command to upload the latest print command logs to a server.

Syntax

execute fmpolicy upload-print-log [ftp|scp|sftp] <server> <port> <path> <user> <passwd>

Variable

Description

[ftp|scp|sftp]

Enter the type of server to upload the logs to.

<server>

Enter the server IP address or DNS.

<port>

Enter the port number (0 for default).

<path>

Enter the path on the server.

<user>

Enter the username.

<passwd.

Enter the user's password.

fmpolicy

fmpolicy

Use these commands to perform policy and object related actions:

fmpolicy check-upgrade-object

Use this command to check/upgrade objects by syntax.

Syntax

execute fmpolicy check-upgrade-object manual {checking | fixing} {basic | auto | misc | full}

execute fmpolicy check-upgrade-object report

execute fmpolicy check-upgrade-object reset

Variable

Description

<action>

Enter the auto upgrade action:

  • manual: run auto-upgrade manually.
  • report: show checking/upgrade report.
  • reset: cleanup saved checking/upgrade status

{checking | fixing}

  • checking: only do checking.
  • fixing: checking and fixing.

{basic | auto | misc | full}

  • basic: only do basic (know cases) checking/fixing.
  • auto: only do auto (syntax based) checking/fixing.
  • misc: only do misc (know cases) checking/fixing.
  • full: do a full basic/auto/misc checking/fixing.

fmpolicy clone-adom-object

Use this command to clone an ADOM object.

Syntax

execute fmpolicy clone-adom-object <src-adom> <category> <key> <target-adom> <new-key>

Variable

Description

<arc-adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<target-adom>

Enter the name of the target ADOM.

<new-key>

Enter the name of the new key.

fmpolicy copy-adom-object

Use this command to set the policy to copy an ADOM object.

Syntax

execute fmpolicy copy-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy install-config

Use this command to install the configuration for an ADOM.

Syntax

execute fmpolicy install-config <adom> <device_id> <revname>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_id>

Enter the device id of the ADOM.

<revname>

Enter the revision name.

fmpolicy link-adom-object

Use this command to link ADOM object to the device DB.

Syntax

execute fmpolicy link-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM:

104: FortiCarrier

148: FortiFirewall

128: Unmanaged_Devices

3: root

<category>

Enter the category name.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy print-adom-database

Use this command to display the device database configuration for an ADOM.

Syntax

execute fmpolicy print-adom-database <adom_name> <output_filename>

fmpolicy print-adom-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-adom-object <adom_name>

execute fmpolicy print-adom-object <adom_name> <category> {all | list} <output>

execute fmpolicy print-adom-object Global <category> {all | list} <output>

Variable

Description

<adom_name>

Enter the name of the ADOM or “Global”.

<category>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package

Use this command to display the package for an ADOM.

Syntax

execute fmpolicy print-adom-package <adom> <template_name> <package_name> <category_name> <object_name> [<output>]

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<template_name>

Enter the policy package/template name.

<package_name>

Enter the package name ID.

<category_name>

Enter the category name.

<object_name>

Show object by name.

  • all: Show all objects.
  • list: Get all objects.

[<output>]

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package-assignment

Use this command to display the packages and provisioning templates assignment information for an ADOM.

Syntax

execute fmpolicy print-adom-package-assignment <adom> <policy package/template name>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”:

  • 104: FortiCarrier

  • 149: FortiFirewall

  • 128: Unmanaged_Devices

  • 3: root

<policy package/template name>

Enter the policy package or the template name:

  • 1: Policy Packages

  • 5: System Templates

  • 8: FortiClient Templates

  • 9: Threat Weight Templates

  • 10: WTP Packages

  • 14: FortiExtender Packages

  • 11: WAN Templates

  • 12: FortiSwitch Packages

  • 20: All Non-policy Packages

fmpolicy print-adom-policyblock

Use this command to display the policy block for an ADOM.

Syntax

execute fmpolicy print-adom-policyblock <adom> <policy_block_name> <category_name> <object_name> <output>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<policy_block_name>

Enter the policy block name ID.

<category_name>

Enter the category name.

<object_name>

Show object by name.

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-database

Use this command to print the device database configuration.

Syntax

execute fmpolicy print-device-database <adom> <device_name> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-nonsync-config

Use this command to print the device non-HAsync configuration.

Syntax

execute fmpolicy print-device-nonsync-config <adom> <device_name> <member> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<member>

Enter the HA member's serial number.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-device-object <adom> <device_name> <vdom> <category> {<key> | list | all} <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_name>

Enter the name of the device.

<vdom>

Enter the VDOM name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy promote-adom-object

Use this command to promote an ADOM object.

Syntax

execute fmpolicy promote-adom-object <adom> <category> <key> <new-key>

Variable

Description

<adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<new-key>

Enter the name of the new key.

fmpolicy upload-print-log

Use this command to upload the latest print command logs to a server.

Syntax

execute fmpolicy upload-print-log [ftp|scp|sftp] <server> <port> <path> <user> <passwd>

Variable

Description

[ftp|scp|sftp]

Enter the type of server to upload the logs to.

<server>

Enter the server IP address or DNS.

<port>

Enter the port number (0 for default).

<path>

Enter the path on the server.

<user>

Enter the username.

<passwd.

Enter the user's password.