CLI basics
This section covers command line interface basic information.
Command help
You can press the question mark (?) key to display command help.
- Press the question mark (?) key at the command prompt to display a list of the commands available and a description of each command.
- Enter a command followed by a space and press the question mark (?) key to display a list of the options available for that command and a description of each option.
- Enter a command followed by an option and press the question mark (?) key to display a list of additional options available for that command option combination and a description of each option.
Command tree
Enter tree
to display the FortiManager CLI command tree. To capture the full output, connect to your device using a terminal emulation program, such as PuTTY, and capture the output to a log file. For config
commands, use the tree
command to view all available variables and sub-commands.
Command completion
You can use the tab key or the question mark (?) key to complete commands.
- You can press the tab key at any prompt to scroll through the options available for that prompt.
- You can type the first characters of any command and press the tab key or the question mark (?) key to complete the command or to scroll through the options that are available at the current cursor position.
- After completing the first word of a command, you can press the space bar and then the tab key to scroll through the options available at the current cursor position.
Recalling commands
You can recall previously entered commands by using the Up and Down arrow keys to scroll through commands you have entered.
Editing commands
Use the left and right arrow keys to move the cursor back and forth in a recalled command. You can also use Backspace and Delete keys, and the control keys listed in the following table to edit the command.
Function |
Key combination |
---|---|
Beginning of line |
Control key + A |
End of line |
Control key + E |
Back one character |
Control key + B |
Forward one character |
Control key + F |
Delete current character |
Control key + D |
Previous command |
Control key + P |
Next command |
Control key + N |
Abort the command |
Control key + C |
If used at the root prompt, exit the CLI |
Control key + C |
Line continuation
To break a long command over multiple lines, use a \ at the end of each line.
Command abbreviation
You can abbreviate commands and command options to the smallest number of non-ambiguous characters. For example, the command get system status
can be abbreviated to g sy st
.
Environment variables
The FortiManager CLI supports several environment variables.
$USERFROM |
The management access type (SSH, Telnet and so on) and the IPv4 address of the logged in administrator. |
$USERNAME |
The user account name of the logged in administrator. |
$SerialNum |
The serial number of the FortiManager unit. |
Variable names are case sensitive. In the following example, when entering the variable, you can type $
followed by a tab to auto-complete the variable to ensure that you have the exact spelling and case. Continue pressing tab until the variable you want to use is displayed.
config system global
set hostname $SerialNum
end
Encrypted password support
After you enter a clear text password using the CLI, the FortiManager unit encrypts the password and stores it in the configuration file with the prefix ENC. For example:
show system admin user user1
config system admin user
edit "user1"
set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f
set profileid "Standard_User"
next
end
It is also possible to enter an already encrypted password. For example, type:
config system admin
then press Enter
.
Enter:
edit user1
then press Enter
.
Enter:
set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f
then press Enter
.
Enter:
end
then press Enter
.
Entering spaces in strings
When a string value contains a space, do one of the following:
- Enclose the string in quotation marks,
"Security Administrator"
, for example. - Enclose the string in single quotes,
'Security Administrator'
, for example. - Use a backslash (“\”) preceding the space,
Security\ Administrator
, for example.
Entering quotation marks in strings
If you want to include a quotation mark, single quote or apostrophe in a string, you must precede the character with a backslash character. To include a backslash, enter two backslashes.
Entering a question mark (?) in a string
If you want to include a question mark (?) in a string, you must precede the question mark with CTRL-V. Entering a question mark without first entering CTRL-V causes the CLI to display possible command completions, terminating the string.
International characters
The CLI supports international characters in strings.
Special characters
The characters <, >, (, ), #, ’, and " are not permitted in most CLI fields, but you can use them in passwords. If you use the apostrophe (‘) or quote (") character, you must precede it with a backslash (\) character when entering it in the CLI set
command.
IPv4 address formats
You can enter an IPv4 address and subnet using either dotted decimal or slash-bit format. For example you can type either:
set ip 192.168.1.1 255.255.255.0
or
set ip 192.168.1.1/24
The IPv4 address is displayed in the configuration file in dotted decimal format.
Editing the configuration file
You can change the FortiManager configuration by backing up the configuration file to an FTP, SCP, or SFTP server. You can then make changes to the file and restore it to the FortiManager unit.
Use the execute backup all-settings
command to back up the configuration file to a TFTP server. For example:
execute backup all-settings ftp 10.10.0.1 mybackup.cfg myid mypass
Edit the configuration file using a text editor.
Related commands are listed together in the configuration file. You can edit the configuration by adding, changing, or deleting the CLI commands in the configuration file.
The first line of the configuration file contains information about the firmware version and FortiManager model. Do not edit this line. If you change this information the FortiManager unit will reject the configuration file when you attempt to restore it.
Use the execute restore all-settings
command to copy the edited configuration file back to the FortiManager unit. For example:
execute restore all-settings ftp 10.10.0.1 mybackup.cfg myid mypass
The FortiManager unit receives the configuration file and checks to make sure the firmware version and model information is correct. If it is, the FortiManager unit loads the configuration file and checks each command for errors. If the FortiManager unit finds an error, an error message is displayed after the command and the command is rejected. The FortiManager unit then restarts and loads the new configuration.
Changing the baud rate
Using execute console baudrate
, you can change the default console connection baud rate.
Changing the default baud rate is not available on all models. |
Debug log levels
The following table lists available debug log levels on your FortiManager.
0 |
Emergency |
The system has become unusable. |
1 |
Alert |
Immediate action is required. |
2 |
Critical |
Functionality is affected. |
3 |
Error |
An erroneous condition exists and functionality is probably affected. |
4 |
Warning |
Function might be affected. |
5 |
Notice |
Notification of normal events. |
6 |
Information |
General information about system operations. |
7 |
Debug |
Detailed information useful for debugging purposes. |
8 |
Maximum |
Maximum log level. |