Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiManager 7.6.3 CLI Reference
    7.6.3
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.12
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.0
    4.0.0

    cdb

    cdb

    Use the following commands for configuration database related settings.

    cdb check

    Use this command to check and repair configuration database.

    Syntax

    diagnose cdb check adom-integrity [adom]

    diagnose cdb check adom-rebuild [adom]

    diagnose cdb check adom-revision [adom] [preview]

    diagnose cdb check internet-service-name [adom]

    diagnose cdb check policy-packages [adom]

    diagnose cdb check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

    diagnose cdb check update-devinfo sslvpn-flag <devname>

    Variable

    Description

    check adom-integrity [adom]

    Check and repair the specified ADOM's database.

    check adom-rebuild [adom]

    Rebuild the specified ADOM.

    check adom-revision [adom] [preview]

    Check or remove invalid ADOM revision database. Optionally, preview the check before running it.

    check internet-service-name [adom]

    Check mis-matched internet service name. Optinally, specify the ADOM.

    check policy-packages [adom]

    Check the policy packages.

    check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

    Update device log disk size.

    • new value: Item new value.
    • 0 | 1: update only empty values (default), or always update (1)
    • model-name: Only update on model name (default: all models).

    check update-devinfo sslvpn-flag <devname>

    Upgrade the device SSL-VPN flag on the specified device.

    cdb manual-fix

    Use this command to manually repair the configuration database.

    Syntax

    diagnose cdb manual-fix adom <adom> <repair action>

    Variable

    Description

    adom <adom> <repair action>

    Manually repair adom configuration database. Enter the ADOM name.

    The following repair actions are available:

    • cli-templates-path: update cli template working path

    • fw-policy-match-vip: Fix firewall policy match-vip after adom upgrades from 7.0 to 7.2

    • generate-adom-ca: Re-generate ADOM CA

    cdb upgrade

    Use this command to upgrade and repair configuration database.

    Syntax

    diagnose cdb upgrade check <action>

    diagnose cdb upgrade force-retry <action>

    diagnose cdb upgrade log

    diagnose cdb upgrade pending-list

    diagnose cdb upgrade summary

    Variable

    Description
    upgrade check <action>

    Perform a check to see if upgrade and repair is necessary.

    • objcfg-integrity: Object config database integrity
    • reference-integrity: Reference table integrity
    • object-sequence: Repair invalid object sequence
    • duplicate-uuid: Reassign duplicated uuid in ADOM database
    • resync-dev-vdoms: Resync and add any missing vdoms from device database to DVM database
    • invalid-install-target: Invalid policy package and template install target
    • fw-addr-type: Firewall address wrong FQDN type

    • normalized-intf-devmapping: Delete invalid device level mapping for normalized interface

    • del-orphan-entry: Delete invalid orphan entries

    • user-group-guest: Drop table of user group guest

    • invalid-assign-status: Invalid assign status entries

    • copy-section-title: Copy section title from previous policy config

    • invalid-created-timestamp: Fix invalid created timestamp

    • fix-gl-policy-ssl-profile: Remove ssl-ssh-profile from global policies with profile-type group

    • recover-global-objs: Recover global objects from local ADOM(s)

    • invalid-visibility: Remove invalid visibility entries from global ADOM

    • invalid-global-policies: Remove invalid global policies

    • wtp-prof-platform-mode: Check and fix wtp prof platform mode

    • invalid-global-assignment: Remove invalid global assignment

    • invalid-device-usage: Remove object's invalid device usage from ADOM

    • duplicate-root-node: Check and fix duplicate ADOM root node

    upgrade force-retry <action>

    Re-run an upgrade that was already performed in previous release.

    • repair-missing-attr-ref: Repair missing reference in attribute

    • add-missing-ref: Add missing reference in policy package

    • fw-addr-name: Firewall address name with space

    • del-invalid-ref: Remove invalid reference in wtp

    • remove-nonexistence-datasrc: Remove already deleted object used in policy

    • upgrade-rtm-history-db: Upgrade RTM history database to new format

    • remove-old-rtm-history-db: Remove old format RTM history database

    • clear-max-policyid: Clear ADOM max_policyid cache

    • refresh-controller-count: Refresh controller license count

    • resync-dbcache: Resync device database cache

    • drop-hitcount: Drop hitcount

    • resync-assignment-obj-cache: Resync Global assignment object cache

    • resync-controller-adom-config: Resync Controller Adom Config

    • upgrade-normalized-intf: Upgrade normalized interface

    • reload-template-action: Reload template action list

    • update-pkgstatus-table: Upgrade package status table

    • add-oid-index: Add unique index to oid column

    • regenerate-cluster-scope: Regenerate Cluster Scope

    • update-table-schema: Update table schema

    • repair-swc-nac-vlans: Repair switch-controller NAC vlans

    • default-cli-templates: Add default cli templates

    • delete-endpoint-control-fctems-null-ems-id: Delete endpoint-control fctems entries with invalid (null) ems-id

    • set-trust-ca-cn-endpoint-control-fctems: Set trust-ca-cn disable for endpoint-control fctems entries with certificate-fingerprint

    • fix-dev-double-obj: Add global default entries to double-scoped objects for vdom enabled devices

    • upgrade_router_route_map: Upgrade router route-map default values

    • fsw-manager-key-upgrade: Upgrade FortiSwitch Manager to use name instead of serial number as key

    • adom-copy-default-double-objects: Copy default double objects in adoms

    • router-static-vrf-unspecified: Support router static vrf default value as 'unspecified'

    • fix-fw-ssl-ssh-profile-dot-quit-nd: Support new no-default-value attr "quic" in "firewall ssl-ssh-profile {https dot}"

    • upgrade-adom-fw-ssl-ssh-profile-quic: Upgrade ADOM firewall ssl-ssh-profile {https dot} quic

    • upgrade-adom-fw-multicast-policy-logtraffic: Upgrade ADOM firewall multicast-policy logtraffic

    • fix-objcfg_switch_controller_security_policy_802_1X-nd: Support new no-default-value attr "switch-controller security-policy 802-1X dacl"

    • del-invalid-node: Remove invalid policy node

    • delete-extender-controller-extender-null-id: Delete extender-controller extender entries with invalid (null) id

    • update-wireless-controller-vap-sec: Update wireless-controller vap security config when the mode is captive-portal related

    upgrade log

    Display the configuration database upgrade log.

    upgrade pending-list

    Display the list of upgrades scheduled for the next reboot.

    upgrade summary

    Display the firmware upgrade summary.
    Previous
    Next

    cdb

    cdb

    Use the following commands for configuration database related settings.

    cdb check

    Use this command to check and repair configuration database.

    Syntax

    diagnose cdb check adom-integrity [adom]

    diagnose cdb check adom-rebuild [adom]

    diagnose cdb check adom-revision [adom] [preview]

    diagnose cdb check internet-service-name [adom]

    diagnose cdb check policy-packages [adom]

    diagnose cdb check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

    diagnose cdb check update-devinfo sslvpn-flag <devname>

    Variable

    Description

    check adom-integrity [adom]

    Check and repair the specified ADOM's database.

    check adom-rebuild [adom]

    Rebuild the specified ADOM.

    check adom-revision [adom] [preview]

    Check or remove invalid ADOM revision database. Optionally, preview the check before running it.

    check internet-service-name [adom]

    Check mis-matched internet service name. Optinally, specify the ADOM.

    check policy-packages [adom]

    Check the policy packages.

    check update-devinfo logdisk-size [new value] [0 | 1] [model-name]

    Update device log disk size.

    • new value: Item new value.
    • 0 | 1: update only empty values (default), or always update (1)
    • model-name: Only update on model name (default: all models).

    check update-devinfo sslvpn-flag <devname>

    Upgrade the device SSL-VPN flag on the specified device.

    cdb manual-fix

    Use this command to manually repair the configuration database.

    Syntax

    diagnose cdb manual-fix adom <adom> <repair action>

    Variable

    Description

    adom <adom> <repair action>

    Manually repair adom configuration database. Enter the ADOM name.

    The following repair actions are available:

    • cli-templates-path: update cli template working path

    • fw-policy-match-vip: Fix firewall policy match-vip after adom upgrades from 7.0 to 7.2

    • generate-adom-ca: Re-generate ADOM CA

    cdb upgrade

    Use this command to upgrade and repair configuration database.

    Syntax

    diagnose cdb upgrade check <action>

    diagnose cdb upgrade force-retry <action>

    diagnose cdb upgrade log

    diagnose cdb upgrade pending-list

    diagnose cdb upgrade summary

    Variable

    Description
    upgrade check <action>

    Perform a check to see if upgrade and repair is necessary.

    • objcfg-integrity: Object config database integrity
    • reference-integrity: Reference table integrity
    • object-sequence: Repair invalid object sequence
    • duplicate-uuid: Reassign duplicated uuid in ADOM database
    • resync-dev-vdoms: Resync and add any missing vdoms from device database to DVM database
    • invalid-install-target: Invalid policy package and template install target
    • fw-addr-type: Firewall address wrong FQDN type

    • normalized-intf-devmapping: Delete invalid device level mapping for normalized interface

    • del-orphan-entry: Delete invalid orphan entries

    • user-group-guest: Drop table of user group guest

    • invalid-assign-status: Invalid assign status entries

    • copy-section-title: Copy section title from previous policy config

    • invalid-created-timestamp: Fix invalid created timestamp

    • fix-gl-policy-ssl-profile: Remove ssl-ssh-profile from global policies with profile-type group

    • recover-global-objs: Recover global objects from local ADOM(s)

    • invalid-visibility: Remove invalid visibility entries from global ADOM

    • invalid-global-policies: Remove invalid global policies

    • wtp-prof-platform-mode: Check and fix wtp prof platform mode

    • invalid-global-assignment: Remove invalid global assignment

    • invalid-device-usage: Remove object's invalid device usage from ADOM

    • duplicate-root-node: Check and fix duplicate ADOM root node

    upgrade force-retry <action>

    Re-run an upgrade that was already performed in previous release.

    • repair-missing-attr-ref: Repair missing reference in attribute

    • add-missing-ref: Add missing reference in policy package

    • fw-addr-name: Firewall address name with space

    • del-invalid-ref: Remove invalid reference in wtp

    • remove-nonexistence-datasrc: Remove already deleted object used in policy

    • upgrade-rtm-history-db: Upgrade RTM history database to new format

    • remove-old-rtm-history-db: Remove old format RTM history database

    • clear-max-policyid: Clear ADOM max_policyid cache

    • refresh-controller-count: Refresh controller license count

    • resync-dbcache: Resync device database cache

    • drop-hitcount: Drop hitcount

    • resync-assignment-obj-cache: Resync Global assignment object cache

    • resync-controller-adom-config: Resync Controller Adom Config

    • upgrade-normalized-intf: Upgrade normalized interface

    • reload-template-action: Reload template action list

    • update-pkgstatus-table: Upgrade package status table

    • add-oid-index: Add unique index to oid column

    • regenerate-cluster-scope: Regenerate Cluster Scope

    • update-table-schema: Update table schema

    • repair-swc-nac-vlans: Repair switch-controller NAC vlans

    • default-cli-templates: Add default cli templates

    • delete-endpoint-control-fctems-null-ems-id: Delete endpoint-control fctems entries with invalid (null) ems-id

    • set-trust-ca-cn-endpoint-control-fctems: Set trust-ca-cn disable for endpoint-control fctems entries with certificate-fingerprint

    • fix-dev-double-obj: Add global default entries to double-scoped objects for vdom enabled devices

    • upgrade_router_route_map: Upgrade router route-map default values

    • fsw-manager-key-upgrade: Upgrade FortiSwitch Manager to use name instead of serial number as key

    • adom-copy-default-double-objects: Copy default double objects in adoms

    • router-static-vrf-unspecified: Support router static vrf default value as 'unspecified'

    • fix-fw-ssl-ssh-profile-dot-quit-nd: Support new no-default-value attr "quic" in "firewall ssl-ssh-profile {https dot}"

    • upgrade-adom-fw-ssl-ssh-profile-quic: Upgrade ADOM firewall ssl-ssh-profile {https dot} quic

    • upgrade-adom-fw-multicast-policy-logtraffic: Upgrade ADOM firewall multicast-policy logtraffic

    • fix-objcfg_switch_controller_security_policy_802_1X-nd: Support new no-default-value attr "switch-controller security-policy 802-1X dacl"

    • del-invalid-node: Remove invalid policy node

    • delete-extender-controller-extender-null-id: Delete extender-controller extender entries with invalid (null) id

    • update-wireless-controller-vap-sec: Update wireless-controller vap security config when the mode is captive-portal related

    upgrade log

    Display the configuration database upgrade log.

    upgrade pending-list

    Display the list of upgrades scheduled for the next reboot.

    upgrade summary

    Display the firmware upgrade summary.
    Previous
    Next