Sub-commands
Each command line consists of a command word that is usually followed by configuration data or other specific item that the command uses or affects:
get system admin
Sub-commands are available from within the scope of some commands. When you enter a sub-command level, the command prompt changes to indicate the name of the current command scope. For example, after entering:
config system admin
the command prompt becomes:
(admin)#
Applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command.
For example, the edit
sub-command is available only within a command that affects tables; the next
sub-command is available only from within the edit
sub-command:
config system interface
edit
port1
set status up
next
end
Sub-command scope is indicated by indentation.
Available sub-commands vary by command. From a command prompt within config
, two types of sub-commands might become available:
- commands affecting fields
- commands affecting tables
Commands for tables
clone <table> | Clone (or make a copy of) a table from the current object. For example, in config firewall policy , you could enter the following command to clone security policy 27 to create security policy 30:clone 27 to 30 In config antivirus profile , you could enter the following command to clone an antivirus profile named av_pro_1 to create a new antivirus profile named av_pro_2 :clone av_pro_1 to av_pro_2 clone may not be available for all tables. |
delete <table> | Remove a table from the current object. For example, in config system admin , you could delete an administrator account named newadmin by typing delete newadmin and pressing Enter. This deletes newadmin and all its fields, such as newadmin ’s first-name and email-address .delete is only available within objects containing tables. |
edit <table> | Create or edit a table in the current object. For example, in config system admin :• edit the settings for the default admin administrator account by typing edit admin . • add a new administrator account with the name newadmin and edit newadmin ‘s settings by typing edit newadmin .edit is an interactive sub-command: further sub-commands are available from within edit .edit changes the prompt to reflect the table you are currently editing.edit is only available within objects containing tables.In objects such as security policies, <table> is a sequence number. To create a new entry without the risk of overwriting an existing one, enter edit 0 . The CLI initially confirms the creation of entry 0, but assigns the next unused number after you finish editing and enter end . |
end | Save the changes to the current object and exit the config command. This returns you to the top-level command prompt. |
get | List the configuration of the current object or table. • In objects, get lists the table names (if present), or fields and their values.• In a table, get lists the fields and their values.For more information on get commands, see the CLI Reference. |
purge | Remove all tables in the current object. For example, in config user local , you could type get to see the list of user names, then type purge and then y to confirm that you want to delete all users.purge is only available for objects containing tables.Caution: Back up the FortiGate before performing a purge . purge cannot be undone. To restore purged tables, the configuration must be restored from a backup.Caution: Do not purge system interface or system admin tables. purge does not provide default tables. This can result in being unable to connect or log in, requiring the FortiGate to be formatted and restored. |
rename <table> to <table> | Rename a table. For example, in config system admin , you could rename admin3 to fwadmin by typing rename admin3 to fwadmin .rename is only available within objects containing tables. |
show | Display changes to the default configuration. Changes are listed in the form of configuration commands. |
Example of table commands
From within the system admin
object, you might enter:
edit admin_1
The CLI acknowledges the new table, and changes the command prompt to show that you are now within the admin_1
table:
new entry 'admin_1' added
(admin_1)#
Commands for fields
abort | Exit both the edit and/or config commands without saving the fields. |
append | Add an option to an existing list. |
end | Save the changes made to the current table or object fields, and exit the config command (to exit without saving, use abort instead). |
get | List the configuration of the current object or table. • In objects, get lists the table names (if present), or fields and their values.• In a table, get lists the fields and their values. |
move | Move an object within a list, when list order is important. For example, rearranging security policies within the policy list. |
next | Save the changes you have made in the current table’s fields, and exit the edit command to the object prompt (to save and exit completely to the root prompt, use end instead).next is useful when you want to create or edit several tables in the same object, without leaving and re-entering the config command each time.next is only available from a table prompt; it is not available from an object prompt. |
select | Clear all options except for those specified. For example, if a group contains members A, B, C, and D and you remove all users except for B, use the command select member B . |
set <field> <value> | Set a field’s value. For example, in config system admin , after typing edit admin , you could type set password newpass to change the password of the admin administrator to newpass .Note: When using set to change a field containing a space-delimited list, type the whole new list. For example, set <field> <new‑value> will replace the list with the <new-value> rather than appending <new-value> to the list. |
show | Display changes to the default configuration. Changes are listed in the form of configuration commands. |
unselect | Remove an option from an existing list. |
unset <field> | Reset the table or object’s fields to default values. For example, in config system admin , after typing edit admin , typing unset password resets the password of the admin administrator account to the default (in this case, no password). |
Example of field commands
To assign the value my1stExamplePassword
to the password
field, enter the following command from within the admin_1
table:
set password my1stExamplePassword
Next, to save the changes and edit the next administrator's table, enter the next
command.