Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

CLI basics

This section covers command line interface basic information.

Command help

You can press the question mark (?) key to display command help.

  • Press the question mark (?) key at the command prompt to display a list of the commands available and a description of each command.
  • Enter a command followed by a space and press the question mark (?) key to display a list of the options available for that command and a description of each option.
  • Enter a command followed by an option and press the question mark (?) key to display a list of additional options available for that command option combination and a description of each option.

Command tree

Enter tree to display the FortiAnalyzer CLI command tree. To capture the full output, connect to your device using a terminal emulation program, such as PuTTY, and capture the output to a log file. For config commands, use the tree command to view all available variables and sub-commands.

Command completion

You can use the tab key or the question mark (?) key to complete commands.

  • You can press the tab key at any prompt to scroll through the options available for that prompt.
  • You can type the first characters of any command and press the tab key or the question mark (?) key to complete the command or to scroll through the options that are available at the current cursor position.
  • After completing the first word of a command, you can press the space bar and then the tab key to scroll through the options available at the current cursor position.

Recalling commands

You can recall previously entered commands by using the Up and Down arrow keys to scroll through commands you have entered.

Editing commands

Use the left and right arrow keys to move the cursor back and forth in a recalled command. You can also use Backspace and Delete keys, and the control keys listed in the following table to edit the command.

Function

Key combination

Beginning of line

Control key + A

End of line

Control key + E

Back one character

Control key + B

Forward one character

Control key + F

Delete current character

Control key + D

Previous command

Control key + P

Next command

Control key + N

Abort the command

Control key + C

If used at the root prompt, exit the CLI

Control key + C

Line continuation

To break a long command over multiple lines, use a \ at the end of each line.

Command abbreviation

You can abbreviate commands and command options to the smallest number of non-ambiguous characters. For example, the command get system status can be abbreviated to g sy st.

Environment variables

The FortiAnalyzer CLI supports several environment variables.

$USERFROM

The management access type (SSH, Telnet and so on) and the IPv4 address of the logged in administrator.

$USERNAME

The user account name of the logged in administrator.

$SerialNum

The serial number of the FortiAnalyzer unit.

Variable names are case sensitive. In the following example, when entering the variable, you can type $ followed by a tab to auto-complete the variable to ensure that you have the exact spelling and case. Continue pressing tab until the variable you want to use is displayed.

config system global

set hostname $SerialNum

end

Encrypted password support

After you enter a clear text password using the CLI, the FortiAnalyzer unit encrypts the password and stores it in the configuration file with the prefix ENC. For example:

show system admin user user1

config system admin user

edit "user1"

set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f

set profileid "Standard_User"

next

end

It is also possible to enter an already encrypted password. For example, type:

config system admin

then press Enter.

Enter:

edit user1

then press Enter.

Enter:

set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f

then press Enter.

Enter:

end

then press Enter.

Entering spaces in strings

When a string value contains a space, do one of the following:

  • Enclose the string in quotation marks, "Security Administrator", for example.
  • Enclose the string in single quotes, 'Security Administrator', for example.
  • Use a backslash (“\”) preceding the space, Security\ Administrator, for example.

Entering quotation marks in strings

If you want to include a quotation mark, single quote, or apostrophe in a string, you must precede the character with a backslash character. To include a backslash, enter two backslashes.

Entering a question mark (?) in a string

If you want to include a question mark (?) in a string, you must precede the question mark with CTRL-V. Entering a question mark without first entering CTRL-V causes the CLI to display possible command completions, terminating the string.

International characters

The CLI supports international characters in strings.

Special characters

The characters <, >, (, ), #, ’, and " are not permitted in most CLI fields, but you can use them in passwords. If you use the apostrophe (‘) or quote (") character, you must precede it with a backslash (\) character when entering it in the CLI set command.

IPv4 address formats

You can enter an IPv4 address and subnet using either dotted decimal or slash-bit format. For example you can type either:

set ip 192.168.1.1 255.255.255.0

or

set ip 192.168.1.1/24

The IPv4 address is displayed in the configuration file in dotted decimal format.

Changing the baud rate

Using execute console baudrate, you can change the default console connection baud rate.

Changing the default baud rate is not available on all models.

Debug log levels

The following table lists available debug log levels on your FortiAnalyzer.

0

Emergency

The system has become unusable.

1

Alert

Immediate action is required.

2

Critical

Functionality is affected.

3

Error

An erroneous condition exists and functionality is probably affected.

4

Warning

Function might be affected.

5

Notice

Notification of normal events.

6

Information

General information about system operations.

7

Debug

Detailed information useful for debugging purposes.

8

Maximum

Maximum log level.

CLI basics

This section covers command line interface basic information.

Command help

You can press the question mark (?) key to display command help.

  • Press the question mark (?) key at the command prompt to display a list of the commands available and a description of each command.
  • Enter a command followed by a space and press the question mark (?) key to display a list of the options available for that command and a description of each option.
  • Enter a command followed by an option and press the question mark (?) key to display a list of additional options available for that command option combination and a description of each option.

Command tree

Enter tree to display the FortiAnalyzer CLI command tree. To capture the full output, connect to your device using a terminal emulation program, such as PuTTY, and capture the output to a log file. For config commands, use the tree command to view all available variables and sub-commands.

Command completion

You can use the tab key or the question mark (?) key to complete commands.

  • You can press the tab key at any prompt to scroll through the options available for that prompt.
  • You can type the first characters of any command and press the tab key or the question mark (?) key to complete the command or to scroll through the options that are available at the current cursor position.
  • After completing the first word of a command, you can press the space bar and then the tab key to scroll through the options available at the current cursor position.

Recalling commands

You can recall previously entered commands by using the Up and Down arrow keys to scroll through commands you have entered.

Editing commands

Use the left and right arrow keys to move the cursor back and forth in a recalled command. You can also use Backspace and Delete keys, and the control keys listed in the following table to edit the command.

Function

Key combination

Beginning of line

Control key + A

End of line

Control key + E

Back one character

Control key + B

Forward one character

Control key + F

Delete current character

Control key + D

Previous command

Control key + P

Next command

Control key + N

Abort the command

Control key + C

If used at the root prompt, exit the CLI

Control key + C

Line continuation

To break a long command over multiple lines, use a \ at the end of each line.

Command abbreviation

You can abbreviate commands and command options to the smallest number of non-ambiguous characters. For example, the command get system status can be abbreviated to g sy st.

Environment variables

The FortiAnalyzer CLI supports several environment variables.

$USERFROM

The management access type (SSH, Telnet and so on) and the IPv4 address of the logged in administrator.

$USERNAME

The user account name of the logged in administrator.

$SerialNum

The serial number of the FortiAnalyzer unit.

Variable names are case sensitive. In the following example, when entering the variable, you can type $ followed by a tab to auto-complete the variable to ensure that you have the exact spelling and case. Continue pressing tab until the variable you want to use is displayed.

config system global

set hostname $SerialNum

end

Encrypted password support

After you enter a clear text password using the CLI, the FortiAnalyzer unit encrypts the password and stores it in the configuration file with the prefix ENC. For example:

show system admin user user1

config system admin user

edit "user1"

set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f

set profileid "Standard_User"

next

end

It is also possible to enter an already encrypted password. For example, type:

config system admin

then press Enter.

Enter:

edit user1

then press Enter.

Enter:

set password ENC UAGUDZ1yEaG30620s6afD3Gac1FnOT0BC1rVJmMFc9ubLlW4wEvHcqGVq+ZnrgbudK7aryyf1scXcXdnQxskRcU3E9XqOit82PgScwzGzGuJ5a9f

then press Enter.

Enter:

end

then press Enter.

Entering spaces in strings

When a string value contains a space, do one of the following:

  • Enclose the string in quotation marks, "Security Administrator", for example.
  • Enclose the string in single quotes, 'Security Administrator', for example.
  • Use a backslash (“\”) preceding the space, Security\ Administrator, for example.

Entering quotation marks in strings

If you want to include a quotation mark, single quote, or apostrophe in a string, you must precede the character with a backslash character. To include a backslash, enter two backslashes.

Entering a question mark (?) in a string

If you want to include a question mark (?) in a string, you must precede the question mark with CTRL-V. Entering a question mark without first entering CTRL-V causes the CLI to display possible command completions, terminating the string.

International characters

The CLI supports international characters in strings.

Special characters

The characters <, >, (, ), #, ’, and " are not permitted in most CLI fields, but you can use them in passwords. If you use the apostrophe (‘) or quote (") character, you must precede it with a backslash (\) character when entering it in the CLI set command.

IPv4 address formats

You can enter an IPv4 address and subnet using either dotted decimal or slash-bit format. For example you can type either:

set ip 192.168.1.1 255.255.255.0

or

set ip 192.168.1.1/24

The IPv4 address is displayed in the configuration file in dotted decimal format.

Changing the baud rate

Using execute console baudrate, you can change the default console connection baud rate.

Changing the default baud rate is not available on all models.

Debug log levels

The following table lists available debug log levels on your FortiAnalyzer.

0

Emergency

The system has become unusable.

1

Alert

Immediate action is required.

2

Critical

Functionality is affected.

3

Error

An erroneous condition exists and functionality is probably affected.

4

Warning

Function might be affected.

5

Notice

Notification of normal events.

6

Information

General information about system operations.

7

Debug

Detailed information useful for debugging purposes.

8

Maximum

Maximum log level.