Fortinet black logo

CLI Reference Manual

Home FortiNAC-F 7.2.4 CLI Reference Manual
7.2.4
7.4.0
7.2.4
7.2.3
7.2.1
7.2.0

Shell Commands

Shell Commands

Enters a shell to interact with the appliance more directly. Once in this mode, many of the commands used in CentOS are the same.

It is handled inside the shell context

To enter the shell context, from the base context run:

execute enter-shell

The following commands are available:

Command

Description

DeviceImport

Imports (create) devices based on the contents of the input CSV file. This tool only supports importing SNMP devices that are managed using SNMPv1

For usage details see CLI import tool in the Administration Guide.

All entries in the file should be for devices of the same type.

EntitlementsTool

The poll function uses the serial number to look up entitlements

getDefaultGW

Displays port1 default gateway

getIPAddr

Displays port1 IP address

device -ip <device ip> -setAttr -name <name> -value <value>

To support per-device SSH authentication customizations.

Available options:

Name

Value

SSH_KEX

A quoted string containing names of key exchange algorithms separated by a space. (Order is preserved)

SSH_CIPHERS

A quoted string containing names of ciphers separated by a space

SSH_MACS

A quoted string containing names macs separated by a space

SSH_KBD_ENABLED

A string containing true or false. Enables/Disables keyboard-interactive. Disabled by default

Example 1 - Override the default kex list:

device -ip 10.12.228.126 -setAttr -name SSH_KEX -value "diffie-hellman-group1-sha1 diffie-hellman--sha1"

Example 2 - Eable keyboard-interactive:

device -ip 10.12.228.126 -setAttr -name SSH_KBD_ENABLED -value true

Example 3 - Remove or restore default settings (remove the attribute):

device -ip 10.12.228.126 -delAttr -name SSH_KBD_ENABLED

sudo grab-log-snapshot

Creates a one-time snapshot of the logs available on the appliance. For details see KB article 190755

For Admin UI instructions see Download logs in the Administration Guide

SendCoA

This program will exercise the Radius rfc5176 functionality

Selection Options:

        -ip <NAS device IP>
        -mac <Mac address of client to impact>
        -dis <disconnect command>
        -policy <VLAN/Role/etc to change for the client using CoA command>

If no operation is specified, then this message is displayed

Example 1 - To issue a disconnect command to a device.

        SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

Example 2 - To change the policy on a client.

        SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -policy Production

shutdownNAC

Shuts down FortiNAC processes

No option: Stops Yams process & idles system (if HA system, will not failover)

-kill: Stops Yams and CampusManager processes

(If done without idling system first, will force failover on HA systems)

startupNAC

Starts up FortiNAC processes (Yams & CampusManager)

sudo systemctl status dhcpd

Confirm running state of the DHCP service. Type “q” to return to prompt

sudo ydb_dated_backup

Database backup with timestamp included in filename. Backs up locally to disk (/bsc/backups/).

For Admin UI instructions see Database backup/restore in the Administration Guide

sudo systemctl status named

Confirm running state of the named service. Type “q” to return to prompt

uptime

The number of days/min/sec since last power up or reboot.

sudo ydb_restore_full_backup

Load a previously saved database backup. For Admin UI instructions see Database backup/restore in the Administration Guide

Previous
Next

Shell Commands

Enters a shell to interact with the appliance more directly. Once in this mode, many of the commands used in CentOS are the same.

It is handled inside the shell context

To enter the shell context, from the base context run:

execute enter-shell

The following commands are available:

Command

Description

DeviceImport

Imports (create) devices based on the contents of the input CSV file. This tool only supports importing SNMP devices that are managed using SNMPv1

For usage details see CLI import tool in the Administration Guide.

All entries in the file should be for devices of the same type.

EntitlementsTool

The poll function uses the serial number to look up entitlements

getDefaultGW

Displays port1 default gateway

getIPAddr

Displays port1 IP address

device -ip <device ip> -setAttr -name <name> -value <value>

To support per-device SSH authentication customizations.

Available options:

Name

Value

SSH_KEX

A quoted string containing names of key exchange algorithms separated by a space. (Order is preserved)

SSH_CIPHERS

A quoted string containing names of ciphers separated by a space

SSH_MACS

A quoted string containing names macs separated by a space

SSH_KBD_ENABLED

A string containing true or false. Enables/Disables keyboard-interactive. Disabled by default

Example 1 - Override the default kex list:

device -ip 10.12.228.126 -setAttr -name SSH_KEX -value "diffie-hellman-group1-sha1 diffie-hellman--sha1"

Example 2 - Eable keyboard-interactive:

device -ip 10.12.228.126 -setAttr -name SSH_KBD_ENABLED -value true

Example 3 - Remove or restore default settings (remove the attribute):

device -ip 10.12.228.126 -delAttr -name SSH_KBD_ENABLED

sudo grab-log-snapshot

Creates a one-time snapshot of the logs available on the appliance. For details see KB article 190755

For Admin UI instructions see Download logs in the Administration Guide

SendCoA

This program will exercise the Radius rfc5176 functionality

Selection Options:

        -ip <NAS device IP>
        -mac <Mac address of client to impact>
        -dis <disconnect command>
        -policy <VLAN/Role/etc to change for the client using CoA command>

If no operation is specified, then this message is displayed

Example 1 - To issue a disconnect command to a device.

        SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

Example 2 - To change the policy on a client.

        SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -policy Production

shutdownNAC

Shuts down FortiNAC processes

No option: Stops Yams process & idles system (if HA system, will not failover)

-kill: Stops Yams and CampusManager processes

(If done without idling system first, will force failover on HA systems)

startupNAC

Starts up FortiNAC processes (Yams & CampusManager)

sudo systemctl status dhcpd

Confirm running state of the DHCP service. Type “q” to return to prompt

sudo ydb_dated_backup

Database backup with timestamp included in filename. Backs up locally to disk (/bsc/backups/).

For Admin UI instructions see Database backup/restore in the Administration Guide

sudo systemctl status named

Confirm running state of the named service. Type “q” to return to prompt

uptime

The number of days/min/sec since last power up or reboot.

sudo ydb_restore_full_backup

Load a previously saved database backup. For Admin UI instructions see Database backup/restore in the Administration Guide

Previous
Next