To view interface information for port1: | |
Script | show system interface port1 |
Output | config system interface edit "port1" set vdom "root" set ip 172.20.120.148 255.255.255.0 set allowaccess ping https ssh set type physical next end |
Variations | Remove the interface name to see a list that includes all the interfaces on the FortiGate device including virtual interfaces such as VLANs. |
Note | This script does not work when run on a policy package. |
If the above script is used to be run on the FortiGate Directly (via CLI) or run on device database on a FortiGate has the VDOM enabled. The script will have be modified to the following: config global show system interface port1 end | |
Since running on device database does not yield any useful information. View the log of script running on device: FortiGate-VM64-70 ------- Executing time: 2013-10-15 13:27:32 ------ Starting log (Run on database) config global end Running script on DB success ------- The end of log ---------- | |
The script should be run on the FortiGate Directly (via CLI). View the log of script running on device: FortiGate-VM64-70 ------- Executing time: 2013-10-15 13:52:02 ------ Starting log (Run on device) FortiGate-VM64 $ config global FortiGate-VM64 (global) $ show system interface port1 config system interface edit "port1" set vdom "root" set ip 10.2.66.181 255.255.0.0 set allowaccess ping https ssh snmp http telnet fgfm auto-ipsec radius-acct probe-response capwap set type physical set snmp-index 1 next end FortiGate-VM64 (global) $ end ------- The end of log ---------- | |
To view the entries in the static routing table. To get any useful information, the script has to be re-written for the following if the VDOM is enabled for FortiGate and has to be run on the FortiGate Directly (via CLI). config vdom edit root show route static next end | |
Here is a sample run of the above script running on the FortiGate Directly (via CLI). View the log of script running on device: FortiGate-VM64-70 ------- Executing time: 2013-10-15 14:24:10 ------ Starting log (Run on device) FortiGate-VM64 $ config vdom FortiGate-VM64 (vdom) $ edit root current vf=root:0 FortiGate-VM64 (root) $ show route static config router static edit 1 set device "port1" set gateway 10.2.0.250 next end FortiGate-VM64 (root) $ next FortiGate-VM64 (vdom) $ end ------- The end of log ---------- | |
To view the entries in the static routing table: | |
Script | show route static |
Output | config router static edit 1 set device "port1" set gateway 172.20.120.2 next edit 2 set device "port2" set distance 7 set dst 172.20.120.0 255.255.255.0 set gateway 172.20.120.2 next end |
Variations | none |
To view information about all the configured FDN servers on this device: | |
Script | config global diag debug rating end |
Output | View the log of script running on device: FortiGate-VM64 ------- Executing time: 2013-10-15 14:32:15 ------ Starting log (Run on device) FortiGate-VM64 $ config global FortiGate-VM64 (global) $ diagnose debug rating Locale : english License : Contract Expiration : Thu Jan 3 17:00:00 2030 -=- Server List (Tue Oct 15 14:32:49 2013) -=- IP Weight RTT Flags TZ Packets Curr Lost Total Lost 192.168.100.206 35 2 DIF -8 4068 72 305 192.168.100.188 36 2 F -8 4052 72 308 FortiGate-VM64 (global) $ end ------- The end of log ---------- |
Variations | Output for this script will vary based on the state of the FortiGate device. The above output is for a FortiGate device that has never been registered. For a registered FortiGate device without a valid license, the output would be similar to: Locale : english License : Unknown Expiration : N/A Hostname : guard.fortinet.net -=- Server List (Tue Oct 3 09:34:46 2006) -=- IP Weight Round-time TZ Packets Curr Lost Total Lost ** None ** |
Any scripts that you will be running on the global database must include the full CLI commands and not use short forms for the commands. Short form commands will not run on the global database. |
To create a new account profile called policy_admin allowing read-only access to policy related areas: | |
Script | config global config system accprofile edit "policy_admin" set fwgrp read set loggrp read set sysgrp read next end end |
Output | View the log of script running on device:FortiGate-VM64 ------- Executing time: 2013-10-16 13:39:35 ------ Starting log (Run on device) FortiGate-VM64 $ config global FortiGate-VM64 (global) $ config system accprofile FortiGate-VM64 (accprofile) $ edit "prof_admin" FortiGate-VM64 (prof_admin) $ set fwgrp read FortiGate-VM64 (prof_admin) $ set loggrp read FortiGate-VM64 (prof_admin) $ set sysgrp read FortiGate-VM64 (prof_admin) $ next FortiGate-VM64 (accprofile) $ end FortiGate-VM64 (global) $ end ------- The end of log ---------- |
Variations | This profile is read-only to allow a policy administrator to monitor this device’s configuration and traffic. Variations may include enabling other areas as read-only or write privileges based on that account type’s needs. |