Execute commands
Execute commands are used for the tasks listed below. These commands are run from the base context.
-
Backup
-
Factory Reset
-
License
-
Ping and traceroute
-
SSH
-
Reboot and shutdown
-
Restore image
-
Restore config
-
Important: Any configuration that isn’t explicitly defined in the backup configuration will be removed upon restore. The one exception is admin user settings (which are left untouched). All other config (interface, route, etc) will be reset to default and then have the configuration present in the provided config applied.
-
All methods of restore will first create a back-up configuration prior to applying the new config.
-
Available commands
|
Command |
Description |
|||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
Enters a shell to interact with the appliance more directly. See shell commands for details. |
|||||||||||||||||||||||||||
|
|
Force a failover to the other member of this HA pair |
|||||||||||||||||||||||||||
|
|
Lists the available commands under execute |
|||||||||||||||||||||||||||
|
|
Enters the database shell |
|||||||||||||||||||||||||||
|
|
Show sensor information. |
|||||||||||||||||||||||||||
|
|
Set the system system time (hh:mm:ss format, hh: 0-23 mm: 0-59 ss: 0-59). |
|||||||||||||||||||||||||||
|
|
Set the system date (yyyy-mm-dd format, yyyy: 2023, mm: 1-12, dd: 1-31). |
|||||||||||||||||||||||||||
|
|
Reset configuration and disk partition to factory default |
|||||||||||||||||||||||||||
|
|
Reset to factory default and shutdown |
|||||||||||||||||||||||||||
|
|
Restore database using a local database backup |
|||||||||||||||||||||||||||
|
|
Restore database using a remote database backup downloaded via scp Argument descriptions: <host> Remote host <username> Remote username <password> Remote password <backup> Path to database backup on remote host (.gz) |
|||||||||||||||||||||||||||
|
|
Reset to factory default and reboot. |
|||||||||||||||||||||||||||
|
|
|
|
Backup |
|
||||
|
|
Backs up the current system configuration locally to disk (/bsc/backups/). |
||||
|
|
Backs up the current system configuration via FTP to the remote destination using the provided username and password. The port option may be omitted if the destination uses the default FTP port (21) |
||||
|
|
Backs up the current system configuration remotely via SCP to the destination provided. The port option may be omitted if the destination uses the default SSH port (22) |
||||
|
|
Backs up the current system configuration to the specified TFTP destination |
||||
|
License |
|
||||
|
|
Add the raw license string to the system |
||||
|
|
Import the specified remote license file on the specified tftp host |
||||
|
|
Import the specified remote license file from the specified host via SCP |
||||
|
PING & Traceroute |
|
||||
|
|
PING the specified host |
||||
|
|
PING the specified IPv6 host |
||||
|
|
Trace the route between this system and the specified host |
||||
|
Shutdown & Reboot |
|
||||
|
|
Reboots the system |
||||
|
|
Shuts down the system |
||||
|
Restore |
|
||||
|
|
Install the .out image located on the specified remote host. Image is downloaded via SCP.
Note: This command is used for upgrading the software on the system. |
||||
|
|
Install the .out image located on the specified remote host. Image is downloaded via FTP.
Note: This command is used for upgrading the software on the system. |
||||
|
|
Install the .out image located on the specified remote host. Image is downloaded via TFTP.
Note: This command is used for upgrading the software on the system. |
||||
|
|
Restore a local configuration backup
Arguments <hostname> Backup to restore <date> Date of backup. Format is yyyy-mm-dd (2023-12-31) |
||||
|
|
Restore a remote backup via scp
Arguments <host> Remote host <user> Remote user <path> Remote directory containing back-up files <date> Date of backup. Format is yyyy-mm-dd (2023-12-31) |
||||
|
|
Restore the configuration stored locally. Tab completion can be used to list the available configuration backups |
||||
|
|
Restore the configuration stored on the remote host at the specified location. Configuration downloaded via SCP |
||||
|
|
Restore the configuration stored on the remote host at the specified location. Configuration downloaded via FTP |
||||
|
|
Restore the configuration stored on the remote host at the specified location. Configuration downloaded via TFTP |
||||
|
|
Used for migrating CentOS configurations to new FortiNAC-OS platform. Important: Do not use without first reviewing the CentOS to FortiNAC-OS Migration documentation in the Documentation Library. Available options:
|
||||
|
Service |
|
||||
|
|
Restart a specified service
<service>... Service = nac: nac.service - NAC Management Process naccontrol: NAC Control Service nacapplication: NAC Application Service nacprobe: NAC Probe Service p0f: Passive OS fingerprinting service dhcpd: DHCPv4 Server Daemon mysqld: MariaDB database server apache2: Apache HTTP Server named: DNS |
||||
|
|
Start a specified service
<service>... Service = nac: nac.service - NAC Management Process naccontrol: NAC Control Service nacapplication: NAC Application Service nacprobe: NAC Probe Service p0f: Passive OS fingerprinting service dhcpd: DHCPv4 Server Daemon mysqld: MariaDB database server apache2: Apache HTTP Server named: DNS |
||||
|
|
Retrieve status of a specified service
<service>... Service = nac: nac.service - NAC Management Process naccontrol: NAC Control Service nacapplication: NAC Application Service nacprobe: NAC Probe Service p0f: Passive OS fingerprinting service dhcpd: DHCPv4 Server Daemon mysqld: MariaDB database server apache2: Apache HTTP Server named: DNS |
||||
|
|
Stop a specified service
<service>... Service = nac: nac.service - NAC Management Process naccontrol: NAC Control Service nacapplication: NAC Application Service nacprobe: NAC Probe Service p0f: Passive OS fingerprinting service dhcpd: DHCPv4 Server Daemon mysqld: MariaDB database server apache2: Apache HTTP Server named: DNS |
||||
|
SQL |
|
||||
|
|
Initializes the FortiNAC database. WARNING: All data written to the database will be erased. Consult Fortinet support before running this command. |
||||
|
SSH |
|
||||
|
|
SSH to the specified host as the specified user |
||||
|
|
Remove the specified known host fingerprint |
||||
|
|
Removes all the SSH host fingerprints from the known hosts |
||||
|
|
Add the specified public key string to the authorized hosts
<type> Key type: ssh-ed25519, ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 <hash> Base64 hash <comment> Comment |
||||
|
|
Import the specified public key from a specified host, using the specified credentials, into the user's authorized hosts via scp |
||||
|
|
Displays the user's authorized hosts |
||||
|
|
Removes any authorized host keys that match the specified host. Tab completion of the <host> is supported. |
||||
|
|
Add a ssh host fingerprint to known hosts
[current-user|nac] "current-user" for your known hosts, or "nac" for the FortiNAC system's known hosts <user> Remote host user <ip> Remote host ip / hostname |
||||
|
|
Remove all ssh host fingerprints from known hosts
[current-user|nac] "current-user" for your known hosts, or "nac" for the FortiNAC system's known hosts |
||||
|
|
Remove the specified host fingerprint from known hosts
[current-user|nac] "current-user" for your known hosts, or "nac" for the FortiNAC system's known hosts <host> Host to remove |
||||
|
|
Display fingerprints from known hosts
[current-user|nac] "current-user" for your known hosts, or "nac" for the FortiNAC system's known hosts |
||||
|
Disk |
|
||||
|
|
Perform a read-only filesystem check for errors on the specified partition |
||||
|
|
List partitions and mountpoints |
||||
|
|
Perform a (fsck) filesystem check on the specified partition |