Fortigate
Fortigate
Command Cheet sheet
Cheet sheet created by By Frederic Kasmirczak (http://www.frederick.lu), I just simply converted it to a wiki for copy and paste easiness.
| Main Command Structure | |
|---|---|
| Command | Description |
| show | Display changes to the default configuration |
| get | List the configuration of the current object or table |
| edit | Create or edit a table in the current object |
| edit 0 | will use the next ID available in a sequence number |
| set | Set a filed / Reset a field to the default value |
| end | Save the current changes |
| abort | Exit commands without saving the fields |
| delete | Remove a table from the current object |
| Basic | |
|---|---|
| Command | Description |
| get sys status | Show status summary |
| get sys perf stat | Show Fortigate ressources summary |
| execute ping | Ping something |
| execute shutdown | Shutdown the device/reboot with reboot |
| get sys arp | Show the current arp table |
| execute date/time | Show the current date / time |
| delete | Remove a table from the current object |
| Interface | |
|---|---|
| Command | Description |
| show sys int | Show interfaces status Sh sys int ? will show a summary |
| config sys interface edit port1 set ip x.x.x.x/y.y set allowaccess ssh ping end |
Basic interface ip configuration |
| diag netlink device list | Show interfaces statistics (errors) |
| get hardware nic port1 | Show interfaces statistics |
| Disk | |
|---|---|
| Command | Description |
| diag hard deviceinfo disk | Show disks and partitions usage |
| diag sys flash list | Show partitions status |
| execute setnextreboot | Select partition for the next reboot |
| execute factoryreset | Reset to factory default (2 to keep network) |
| execute formatlogdisk | Format log disk |
| Static Routing | |
|---|---|
| Command | Description |
| config router static edit 0 set device internal Set dst x.x.x.x/y.y set gateway z.z.z.z end |
Add a static route |
| get router info routingtable details x.x.x.x | Display the route used to reach the IP x.x.x.x Default gw will show Network not in table |
| get router info routingtable database | Display the current routing table |
| diag ip route list | Display the kernel routing table |
| Backup / Restore | |
|---|---|
| Command | Description |
| exe restore conf | Backup Fortigate configuration |
| exe backup config | Restore Fortigate configuration |
| High availability | |
|---|---|
| Command | Description |
| get sys ha status diag sys ha status |
Show HA conf summary |
| diag deb en diag deb console timestamp en diag deb app hatalk 1 diag deb app hasync 1 |
Troubleshoot HA synchronization issue |
| diag sys ha showcsum <int> | Show the config file checksum (can be execute on both members to compare) |
| exec ha synchronize all | Synchronize all parts of the configuration |
| diag sys ha resetuptime | Reset ha uptime criteria |
| diag sniffer packet haint 'ether[12:2]=0x8890' 6 | Sniffer on heartbeat ports (here haint) |
| exec ha manage <id> | Connect on a subordonate device |
CLI Commands
Force failover
Run this command on the primary node to reset the uptime which should force a HA failover:
diagnose sys ha reset-uptime
HA Checksum
Factory reset
This will wipe the unit and restore it to factory defaults, ensure you have a backup before continuing.
execute factoryreset