To view interface information for port1 | |
Script | show system interface port1 |
Output | config system interface edit "port1" set vdom "root" set ip 172.20.120.148 255.255.255.0 set allowaccess ping https ssh set type physical next end |
Variations | Remove the interface name to see a list that includes all the interfaces on the FortiGate device including virtual interfaces such as VLANs. |
To view the entries in the static routing table | |
Script | show route static |
Output | config router static edit 1 set device "port1" set gateway 172.20.120.2 next edit 2 set device "port2" set distance 7 set dst 172.20.120.0 255.255.255.0 set gateway 172.20.120.2 next end |
Variations | none |
To view information about all the configured FDN servers on this device | |
Script | diag debug rating |
Output | Locale : english The service is not enabled. |
Variations | Output for this script will vary based on the state of the FortiGate device. The above output is for a FortiGate device that has never been registered. For a registered FortiGate device without a valid license, the output would be similar to: Locale : english License : Unknown Expiration : N/A Hostname : guard.fortinet.net -=- Server List (Tue Oct 3 09:34:46 2006) -=- IP Weight Round-time TZ Packets Curr Lost Total Lost ** None ** |
Any scripts that you will be running on the global database must include the full CLI commands and not use short forms for the commands. Short form commands will not run on the global database. |
To create a new account profile called policy_admin allowing read-only access to policy related areas | |
Script | config system accprofile edit "policy_admin" set avgrp read set fwgrp read set ipsgrp read set loggrp read set spamgrp read set sysgrp read set webgrp read next end |
Output | Starting script execution config system accprofile (accprofile)# edit "policy_admin" set avgrp read set fwgrp read set ipsgrp read set loggrp read set spamgrp read set sysgrp read set webgrp read next end exit new entry 'policy_admin' added (policy_admin)# set avgrp read (policy_admin)# set fwgrp read (policy_admin)# set ipsgrp read (policy_admin)# set loggrp read (policy_admin)# set spamgrp read (policy_admin)# set sysgrp read (policy_admin)# set webgrp read (policy_admin)# next (accprofile)# end MyFortiGate # MyFortiGate # MyFortiGate # exit |
Variations | This profile is read-only to allow a policy administrator to monitor this device’s configuration and traffic. Variations may include enabling other areas as read-only or write privileges based on that account type’s needs. |