Execute commands

Execute commands

Execute commands are used for the tasks listed below. These commands are run from the base context.

Backup
Factory Reset
License
Ping and traceroute
SSH
Reboot and shutdown
Restore image
Restore config
- Important: Any configuration that isn’t explicitly defined in the backup configuration will be removed upon restore. The one exception is admin user settings (which are left untouched). All other config (interface, route, etc) will be reset to default and then have the configuration present in the provided config applied.
- All methods of restore will first create a back-up configuration prior to applying the new config.

Available commands

Command

Description

execute enter-shell

Enters a shell to interact with the appliance more directly. See shell commands for details.

execute help

Lists the available commands under execute

execute db-shell

Enters the database shell

execute factoryreset

Resets the system to the factory default for the version installed. The user will be prompted once to continue with the operation, and again when the reset is complete to reboot the system.

execute tcpdump [-v] [-c=<count>] [-G=<seconds>] [-i=<port>] [-Q=<direction>] [-s=<snaplen>] [-w=<file>] [-x | -xx | -X | -XX] [<filter>...]

Sniff packets on the specified interface.

Available options:

`[<filter>...]`	Sniffer filter
`-c=<count>`	Maximum number of packets to capture
`-G=<seconds>`	Maximum duration in seconds to capture
`-i=<port>`	Port to sniff packets on
`-Q=<direction>`	Packet direction(s) to capture [in\|out\|inout]
`-s=<snaplen>`	Number of bytes to snarf from each packet
`-v, --verbose`	Enable verbose output
`-w=<file>`	Write captured packets to specified file
`-x`	Display packet data (minus link level header) in hex
`-X`	Display packet data (minus link level header) in hex and ASCII
`-xx`	Display packet data (including link level header) in hex
`-XX`	Display packet data (including link level header) in hex and ASCII
`help`	Display usage

Execute a tcpdump. All options correspond with their tcpdump equivalents. Additionally, file specified via –w only uses the filename portion (all files are stored in the user’s home directory).

Backup

execute backup config local

Backs up the current system configuration locally to disk (/bsc/backups/).

execute backup config ftp [<remote filename>] [<ftp server:port>] [<username>] [<password>]

Backs up the current system configuration via FTP to the remote destination using the provided username and password.

The port option may be omitted if the destination uses the default FTP port (21)

execute backup config scp [<remote filename>] [<scp server:port>] [<username>] [<password>]

Backs up the current system configuration remotely via SCP to the destination provided.

The port option may be omitted if the destination uses the default SSH port (22)

execute backup config tftp [<remote filename>] [<tftp server>]

Backs up the current system configuration to the specified TFTP destination

License

execute license add [<license>]

Add the raw license string to the system

execute license import tftp [<remote host>] [<remote file>]

Import the specified remote license file on the specified tftp host

execute license import scp [<remote file>] [<remote host>] [<username>] [<password>]

Import the specified remote license file from the specified host via SCP

PING & Traceroute

execute ping [<host>]

PING the specified host

execute ping6 [<host>]

PING the specified IPv6 host

execute traceroute [<host>]

Trace the route between this system and the specified host

Shutdown & Reboot

execute reboot

Reboots the system

execute shutdown

Shuts down the system

Restore

execute restore image scp [<remote out file>] [<host>] [<username>] [<password>]

Install the .out image located on the specified remote host. Image is downloaded via SCP

execute restore image ftp [<remote out file>] [<host>] [<username>] [<password>]

Install the .out image located on the specified remote host. Image is downloaded via FTP

execute restore image tftp [<remote out file>] [<host>]

Install the .out image located on the specified remote host. Image is downloaded via TFTP

execute restore config local [<local config backup>]

Restore the configuration stored locally. Tab completion can be used to list the available configuration backups

execute restore config scp [<remote file>] [<host>] [<username>] [<password>]

Restore the configuration stored on the remote host at the specified location. Configuration downloaded via SCP

execute restore config ftp [<remote file>] [<host>] [<username>] [<password>]

Restore the configuration stored on the remote host at the specified location. Configuration downloaded via FTP

execute restore config tftp [<remote file>] [<host>]

Restore the configuration stored on the remote host at the specified location. Configuration downloaded via TFTP

execute restore legacy-migrate [COMMAND]

Used for migrating CentOS configurations to new FortiNAC-OS platform. Important: Do not use without first reviewing the CentOS to FortiNAC-OS Migration documentation in the Documentation Library.

Available options:

local	Import legacy config from a local bundle
remote	Import legacy config from a remote system

SSH

execute ssh [<user@host>]

SSH to the specified host as the specified user

execute ssh-known-hosts remove-host [<host>]

Remove the specified known host fingerprint

execute ssh-known-hosts remove-all

Removes all the SSH host fingerprints from the known hosts

execute ssh-authorized-keys add <public key string>

Adds the specified public key to the user's authorized hosts

execute ssh-authorized-keys import scp <file path> <host> <username> <password>

Import the specified public key from a specified host, using the specified credentials, into the user's authorized hosts via scp

execute ssh-authorized-keys list

Displays the user's authorized hosts

execute ssh-authorized-keys remove <host>

Removes any authorized host keys that match the specified host. Tab completion of the <host> is supported.

Execute commands

Execute commands are used for the tasks listed below. These commands are run from the base context.

Backup

Factory Reset

License

Ping and traceroute

SSH

Reboot and shutdown

Restore image

Restore config

Important: Any configuration that isn’t explicitly defined in the backup configuration will be removed upon restore. The one exception is admin user settings (which are left untouched). All other config (interface, route, etc) will be reset to default and then have the configuration present in the provided config applied.
All methods of restore will first create a back-up configuration prior to applying the new config.

Available commands

Command

Description

execute enter-shell

Enters a shell to interact with the appliance more directly. See shell commands for details.

execute help

Lists the available commands under execute

execute db-shell

Enters the database shell

execute factoryreset

Resets the system to the factory default for the version installed. The user will be prompted once to continue with the operation, and again when the reset is complete to reboot the system.

execute tcpdump [-v] [-c=<count>] [-G=<seconds>] [-i=<port>] [-Q=<direction>] [-s=<snaplen>] [-w=<file>] [-x | -xx | -X | -XX] [<filter>...]

Sniff packets on the specified interface.

Available options:

`[<filter>...]`	Sniffer filter
`-c=<count>`	Maximum number of packets to capture
`-G=<seconds>`	Maximum duration in seconds to capture
`-i=<port>`	Port to sniff packets on
`-Q=<direction>`	Packet direction(s) to capture [in\|out\|inout]
`-s=<snaplen>`	Number of bytes to snarf from each packet
`-v, --verbose`	Enable verbose output
`-w=<file>`	Write captured packets to specified file
`-x`	Display packet data (minus link level header) in hex
`-X`	Display packet data (minus link level header) in hex and ASCII
`-xx`	Display packet data (including link level header) in hex
`-XX`	Display packet data (including link level header) in hex and ASCII
`help`	Display usage