System commands
This chapter describes the administration commands for a FortiPolicy system.
These commands are used to configure and view FortiPolicy settings and deployments.
|
You must enclose non-alphabet characters in double quotes in CLI commands. |
Basic mode commands
Use general system commands to configure settings, view history, enter other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:
Basic commands
delete
|
Description |
Delete system configuration |
|
Mode(s) |
Basic | Support |
|
Syntax |
delete <param> |
|
Parameters |
ntp | webproxy |
|
Example |
The following example deletes NTP information.
|
enable
|
Description |
Enable the FortiPolicy CLI to display another command view. |
|
Mode(s) |
Basic | Support |
|
Syntax |
enable <param> |
|
Parameters |
console | maintenance |
|
Example |
The following example enables the CLI console view: fortipolicy-um> enable console hostname (console)# show versions |
exit
|
Description |
Exits the current CLI session mode. |
|
Mode(s) |
Basic | Support |
|
Syntax |
exit |
|
Parameters |
None |
|
Example |
The following example ends a command mode or CLI session.
|
factoryreset
|
Description |
Removes all configuration and re-format the drives back to default state. Backup all data that needs to be retained. If the system is updated, this reset will revert back to the factory settings. To go through the initial FirstBoot configuration again, serial console access is needed after the reset. This command can be run either on console or SSH into the admin CLI. This command is currently only supported on a hardware install, and will not work on virtual installs. |
||||
|
Mode(s) |
Basic |
||||
|
Syntax |
execute factoryreset <param> |
||||
|
Parameters |
|
||||
|
Example |
The following removes the configuration and reboots the system.
|
help
|
Description |
Displays information about the CLI help system. |
|
Mode(s) |
Basic | Support |
|
Syntax |
help |
|
Parameters |
None |
|
Example |
The following example shows some of the output of the help command. CONTEXT SENSITIVE HELP [?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference. AUTO-COMPLETION The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions. [enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained. [tab] - Auto-completes [space] - Auto-completes, or if the command is already resolved inserts a space. If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it. Use ? to learn command parameters and option: fortipolicy-um> show n? Show ntp peering configurations |
history
|
Description |
Display the current session's command line history |
|
Mode(s) |
Basic | Support |
|
Syntax |
history |
|
Parameters |
None |
|
Example |
The following example displays the command line history.
|
ping
|
Description |
Send messages to network hosts. |
||||||||
|
Mode(s) |
Basic | Support |
||||||||
|
Syntax |
ping |
||||||||
|
Parameters |
|
||||||||
|
Example |
The following example sends a ICMP IPv4 message to thenetwork hose.
|
reboot
|
Description |
Reboot the system. |
|
Mode(s) |
Basic | Support |
|
Syntax |
reboot |
|
Parameters |
forcefsck |
|
Example |
The following example runs a force file system check on reboot.
|
resize
|
Description |
Resize console to terminal size. |
|
Mode(s) |
Basic | Support |
|
Syntax |
resize |
|
Parameters |
[integer] Number of lines |
|
Example |
The following example returns command line history for the current CLI session.
|
restart services
|
Description |
Restarts FortiPolicy services. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Mode(s) |
Basic | Support |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Syntax |
restart services <param> |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Parameters |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Example |
The following example restarts all FortiPolicy services.
|
set
|
Description |
Sets several FortiPolicy system configurations. |
||||||
|
Mode(s) |
Basic | Support |
||||||
|
Syntax |
set <param> |
||||||
|
Parameters |
|
||||||
|
Example |
The following example sets default logging for all FortiPolicy components.
The following example enables a FortiPolicy restricted shell support session access; you will be prompted to enter a Verification Code, One Time Password (OTP) and Shared Secret:
The following example sets the support account expiration date from the default (1 day) to the maximum allowed 14 days.
The following example disables support account access:
|
shell
|
Description |
Displays the FortiPolicy restricted shell provided you have set up support account access with a Verification Code, OTP and Shared Secret. |
|
Mode(s) |
Basic | Support |
|
Syntax |
shell |
|
Parameters |
None |
|
Example |
The following example drops the session to the restricted shell. fortipolicy-um> shell *************************************************************** Accessing FortiPolicy Support Shell - Unauthorized access prohibited. *************************************************************** Support Verification Code(v3): *************** |
show
|
Description |
Displays FortiPolicy system configuration information. |
||||||||||||||||||
|
Mode(s) |
Basic | Support |
||||||||||||||||||
|
Syntax |
show |
||||||||||||||||||
|
Parameters |
|
||||||||||||||||||
|
Example |
The following example displays the support account status: fortipolicy-um> show support status Locked: no Expired: no (expires 2018-6-13 Shell: enabled OTP: configured Status: enabled The following example displays the last log file for error messages. fortipolicy-um> show log file /var/log/messages last 1 2018-06-12 00:59:17, 358 (none) syslog.err rsyslogd: cannot connect to 10.1.1.1:10514: Connection refused [v8.33.1 try http://www.rsyslog.com/e/2027 The following example displays services that are DOWN or UP and running. fortipolicy-um> show services CertificateAuthority [DOWN] ConfigUpdate --------[UP] ContainerEngine------[UP] ... The following example requests display of the last 10 system boot messages.
|
ssh
|
Description |
Specifies the IP address to which an SSH connection should be made. Note: After an SSH session to the FortiPolicy-UM, you can use the CLI to jump to the backend servers. For cloud deployments (or where you use SSH keys), you will need to setup ssh-agent on your originating SSH client machine. |
|
Mode(s) |
Basic | Support |
|
Syntax |
ssh {reset-host-key} <IP Address> |
|
Parameters |
ssh <IP Address> ssh reset-host-key <IP Address> |
|
Example |
The following example sets the IP address for an SSH connection.
The following example resets the IP address for an SSH connection.
NOTE: Do not to use this command by default; best to use only when your DNS resource pool has rotated. |
top
|
Description |
Returns to the default Basic Mode CLI session from the restricted shell or other view modes. |
|
Mode(s) |
Support |
|
Syntax |
top |
|
Parameters |
None |
|
Example |
The following example returns the FortiPolicy CLI session to the default CLI view.
|
test
|
Description |
Test commands. |
|
Mode(s) |
Basic | Support |
|
Syntax |
test |
|
Parameters |
None |
|
Example |
The following example tests the commands.
|
traceroute
|
Description |
Tracks and prints the route packet path to a network host. |
||||||||
|
Mode(s) |
Basic | Support |
||||||||
|
Syntax |
traceroute |
||||||||
|
Parameters |
|
||||||||
|
Example |
The following example traces and displays the packet path to network host 10.1.1.4.
|