Fortinet white logo
Fortinet white logo

CLI Reference

cdb

cdb

Use this command to check and repair or upgrade and repair the object configuration database and global policy assignment table.

Syntax

diagnose cdb check adom-integrity [adom]

diagnose cdb check adom-rebuild [adom]

diagnose cdb check adom-revision [adom] [preview]

diagnose cdb check internet-service-name [adom]

diagnose cdb check policy-packages [adom]

diagnose cdb check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

diagnose cdb check update-devinfo sslvpn-flag <devname>

diagnose cdb upgrade check <action>

diagnose cdb upgrade force-retry <action>

diagnose cdb upgrade log

diagnose cdb upgrade pending-list

diagnose cdb upgrade summary

Variable

Description

check adom-integrity [adom]

Check and repair the specified ADOM's database.

check adom-rebuild [adom]

Rebuild the specified ADOM.

check adom-revision [adom] [preview]

Check or remove invalid ADOM revision database. Optionally, preview the check before running it.

check internet-service-name [adom]

Check mis-matched internet service name. Optinally, specify the ADOM.

check policy-packages [adom]

Check the policy packages.

check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

Update device log disk size.

  • new value: Item new value.
  • 0 | 1: update only empty values (default), or always update (1)
  • model-name: Only update on model name (default: all models).

check update-devinfo sslvpn-flag <devname>

Upgrade the device SSL-VPN flag on the specified device.

upgrade check <action>

Perform a check to see if upgrade and repair is necessary.

  • objcfg-integrity: Object config database integrity
  • reference-integrity: Reference table integrity
  • object-sequence: Repair invalid object sequence
  • duplicate-uuid: Reassign duplicated uuid in ADOM database
  • resync-dev-vdoms: Resync and add any missing vdoms from device database to DVM database
  • invalid-install-target: Invalid policy package and template install target
  • fw-addr-type: Firewall address wrong FQDN type
  • normalized-intf-devmapping: Delete invalid device level mapping for normalized interface

  • del-orphan-entry: Delete invalid orphan entries

  • user-group-guest: Drop table of user group guest

  • invalid-assign-status: Invalid assign status entries

  • copy-section-title: Copy section title from previous policy config

  • invalid-created-timestamp: Fix invalid created timestamp

  • fix-gl-policy-ssl-profile: Remove ssl-ssh-profile from global policies with profile-type group

  • recover-global-objs: Recover global objects from local ADOM(s)

  • invalid-visibility: Remove invalid visibility entries from global ADOM

  • invalid-global-policies: Remove invalid global policies

  • wtp-prof-platform-mode: Check and fix wtp prof platform mode

  • invalid-global-assignment: Remove invalid global assignment

  • invalid-device-usage: Remove object's invalid device usage from ADOM

  • duplicate-root-node: Check and fix duplicate ADOM root node

upgrade force-retry <action>

Re-run an upgrade that was already performed in previous release.

  • clear-max-policyid - Clear ADOM max_policyid cache
  • refresh-controller-count - Refresh controller license count
  • resync-dbcache - Resync device database cache

upgrade log

Display the configuration database upgrade log.

upgrade pending-list

Display the list of upgrades scheduled for the next reboot.

upgrade summary

Display the firmware upgrade summary.

cdb

cdb

Use this command to check and repair or upgrade and repair the object configuration database and global policy assignment table.

Syntax

diagnose cdb check adom-integrity [adom]

diagnose cdb check adom-rebuild [adom]

diagnose cdb check adom-revision [adom] [preview]

diagnose cdb check internet-service-name [adom]

diagnose cdb check policy-packages [adom]

diagnose cdb check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

diagnose cdb check update-devinfo sslvpn-flag <devname>

diagnose cdb upgrade check <action>

diagnose cdb upgrade force-retry <action>

diagnose cdb upgrade log

diagnose cdb upgrade pending-list

diagnose cdb upgrade summary

Variable

Description

check adom-integrity [adom]

Check and repair the specified ADOM's database.

check adom-rebuild [adom]

Rebuild the specified ADOM.

check adom-revision [adom] [preview]

Check or remove invalid ADOM revision database. Optionally, preview the check before running it.

check internet-service-name [adom]

Check mis-matched internet service name. Optinally, specify the ADOM.

check policy-packages [adom]

Check the policy packages.

check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

Update device log disk size.

  • new value: Item new value.
  • 0 | 1: update only empty values (default), or always update (1)
  • model-name: Only update on model name (default: all models).

check update-devinfo sslvpn-flag <devname>

Upgrade the device SSL-VPN flag on the specified device.

upgrade check <action>

Perform a check to see if upgrade and repair is necessary.

  • objcfg-integrity: Object config database integrity
  • reference-integrity: Reference table integrity
  • object-sequence: Repair invalid object sequence
  • duplicate-uuid: Reassign duplicated uuid in ADOM database
  • resync-dev-vdoms: Resync and add any missing vdoms from device database to DVM database
  • invalid-install-target: Invalid policy package and template install target
  • fw-addr-type: Firewall address wrong FQDN type
  • normalized-intf-devmapping: Delete invalid device level mapping for normalized interface

  • del-orphan-entry: Delete invalid orphan entries

  • user-group-guest: Drop table of user group guest

  • invalid-assign-status: Invalid assign status entries

  • copy-section-title: Copy section title from previous policy config

  • invalid-created-timestamp: Fix invalid created timestamp

  • fix-gl-policy-ssl-profile: Remove ssl-ssh-profile from global policies with profile-type group

  • recover-global-objs: Recover global objects from local ADOM(s)

  • invalid-visibility: Remove invalid visibility entries from global ADOM

  • invalid-global-policies: Remove invalid global policies

  • wtp-prof-platform-mode: Check and fix wtp prof platform mode

  • invalid-global-assignment: Remove invalid global assignment

  • invalid-device-usage: Remove object's invalid device usage from ADOM

  • duplicate-root-node: Check and fix duplicate ADOM root node

upgrade force-retry <action>

Re-run an upgrade that was already performed in previous release.

  • clear-max-policyid - Clear ADOM max_policyid cache
  • refresh-controller-count - Refresh controller license count
  • resync-dbcache - Resync device database cache

upgrade log

Display the configuration database upgrade log.

upgrade pending-list

Display the list of upgrades scheduled for the next reboot.

upgrade summary

Display the firmware upgrade summary.