Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiExtender 7.6.4 CLI Reference
    7.6.4
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.3

    config system interface

    config system interface

    Description: Configure system interface settings.

    config system interface
  edit <name>
    set *type [loopback | virtual-wan | vlan | capwap | dummy]
    set status [up| down]
    set mode [static | dhcp]
    set ip {ipv4-address}
    set gateway {ipv4-address}
    set mtu-override [enable | disable]
    set mtu [512-1500] *available when mtu-override is set to enable
    set distance [1 – 512]
    set vrrp-virtual-mac [enable | disable]
    set allowaccess {option1}, {option2}, ...
    set security-mode [none|captive-portal]
    set security-external-web {string}
    set security-groups <name1>, <name2>, ...
    set security-exempt-list {string}
    set security-redirect-url {string}
    set defaultgw [enable | disable] *available when mode is set to dhcp
    set dns-server-override [enable | disable] *available when mode is set to dhcp
    set redundant-by [priority | cost] *available when type is set to virtual-wan
    set algorithm [redundant | WRR] *available when type is set to virtual-wan
    set FEC [source_ip | dest_ip | source_dest_ip_pair | connection] *available when type is set to virtual-wan
    set session-timeout [0 – 86400] *available when type is set to virtual-wan
    set grace-period [0 – 10000000] *available when type is set to virtual-wan
    set members <name1>, <name2>, …*available when type is set to virtual-wan
    set rid [1 | 2] *available when type is set to capwap
    set *vid [1 – 4089] *available when type is set to vlan
    set *ingress-intf <name1>
unset
    Parameter Description Type Size Default
    type Interface type. option - none
    Option Description
    loopback Loopback interface.
    virtual-wan Virtual-WAN interface.
    vlan VLAN interface.
    capwap CAPWAP interface.
    dummy Dummy interface.
    status Interface status. option - up
    Option Description
    up Bring the interface up.
    down Bring the interface down.
    mode Addressing mode. option - static
    Option Description
    static Static mode.
    dhcp DHCP mode.
    ip Interface IP address and subnet mask (in x.x.x.x/24 format). IPv4 address - none
    gateway Interface's connected gateway. string - none

    mtu-override

    Status of MTU override.

    option

    -

    disable

    Option Description
    enable Enable MTU override.
    disable Disable MTU override.

    mtu

    MTU value for the interface.

    integer

    512 - 1500

    1500

    distance

    Route metric of the interface gateway.

    integer

    1 - 512

    5

    vrrp-virtual-mac

    Use of virtual MAC for VRRP.

    option

    -

    disable

    Option Description
    enable Enable VRRP virtual MAC.
    disable Disable VRRP virtual MAC.

    allowaccess

    Types of management access allowed to this interface.

    option

    -

    none

    security-mode

    Turn on captive portal authentication for this interface.

    option

    -

    none

    Option Description
    none

    No security option.
    captive-portal Captive portal authentication.

    security-external-web

    URL of external authentication web server.

    string

    Maximum length: 255

    -

    security-groups

    Names of user groups that can authenticate with the captive portal.

    options

    -

    		 -

    security-exempt-list

    Name of security-exempt-list.

    options

    -

    		 -

    security-redirect-url

    URL redirection after disclaimer/authentication.

    string

    Maximum length: 255

    		 -

    defaultgw

    Ability to get the gateway IP from the DHCP server.

    option

    -

    enable

    Option Description
    enable

    Enable getting the gateway IP from the DHCP server.
    disable Disable getting the gateway IP from the DHCP server.

    dns-server-override

    Use DNS acquired by DHCP.

    option

    -

    enable

    Option Description
    enable Enable DNS server override.
    disable Disable DNS server override.

    redundant-by

    Use of the benchmark for redundant algorithm.

    option

    -

    priority

    Option Description
    priority Redundant by priority.
    cost Redundant by cost.

    algorithm

    LLB algorithm.

    option

    -

    redundant

    Option Description
    redundant Redundant as algorithm.
    WRR WRR as algorithm.

    FEC

    Forward equivalence class.

    option

    -

    source_ip

    Option Description
    source_ip Forward equivalence class by source IP.
    dest_ip Forward equivalence class by destination IP.
    source_dest_ip_pair Forward equivalence class by source and destination IP pair.
    connection Forward equivalence class by connection.

    session-timeout

    FEC session timeout in seconds.

    integer

    0 - 86400

    60

    grace-period

    Grace period measured in seconds before failback.

    integer

    0 - 10000000

    0

    members

    Link members of virtual WAN.

    option

    -

    none

    rid

    CAPWAP virtual interface ID.

    integer

    1, 2

    1

    vid

    VLAN ID.

    integer

    1 - 4089

    0

    ingress-intf

    CAPWAP or VLAN interface's parent interface.

    option

    -

    none

    Option Description
    lan LAN as the ingress interface.
    lo Loopback as the ingress interface.
    lte1 LTE 1 as the ingress interface.
    wan WAN as the ingress interface.
    port4 Port 4 as the ingress interface.

    Sfp-dsl

    sfp-dsl status

    option

    -

    disable

    Option Description
    enable Enable sfp-dsl.
    disable Disable sfp-dsl.

    Autodect

    Enable/disable sfp-dsl auto-detect.

    option

    -

    enable

    Phy-mode

    DSL physical mode.

    option

    -

    vdsl

    Option Description
    Vdsl
    Adsl
    Previous
    Next

    config system interface

    config system interface

    Description: Configure system interface settings.

    config system interface
  edit <name>
    set *type [loopback | virtual-wan | vlan | capwap | dummy]
    set status [up| down]
    set mode [static | dhcp]
    set ip {ipv4-address}
    set gateway {ipv4-address}
    set mtu-override [enable | disable]
    set mtu [512-1500] *available when mtu-override is set to enable
    set distance [1 – 512]
    set vrrp-virtual-mac [enable | disable]
    set allowaccess {option1}, {option2}, ...
    set security-mode [none|captive-portal]
    set security-external-web {string}
    set security-groups <name1>, <name2>, ...
    set security-exempt-list {string}
    set security-redirect-url {string}
    set defaultgw [enable | disable] *available when mode is set to dhcp
    set dns-server-override [enable | disable] *available when mode is set to dhcp
    set redundant-by [priority | cost] *available when type is set to virtual-wan
    set algorithm [redundant | WRR] *available when type is set to virtual-wan
    set FEC [source_ip | dest_ip | source_dest_ip_pair | connection] *available when type is set to virtual-wan
    set session-timeout [0 – 86400] *available when type is set to virtual-wan
    set grace-period [0 – 10000000] *available when type is set to virtual-wan
    set members <name1>, <name2>, …*available when type is set to virtual-wan
    set rid [1 | 2] *available when type is set to capwap
    set *vid [1 – 4089] *available when type is set to vlan
    set *ingress-intf <name1>
unset
    Parameter Description Type Size Default
    type Interface type. option - none
    Option Description
    loopback Loopback interface.
    virtual-wan Virtual-WAN interface.
    vlan VLAN interface.
    capwap CAPWAP interface.
    dummy Dummy interface.
    status Interface status. option - up
    Option Description
    up Bring the interface up.
    down Bring the interface down.
    mode Addressing mode. option - static
    Option Description
    static Static mode.
    dhcp DHCP mode.
    ip Interface IP address and subnet mask (in x.x.x.x/24 format). IPv4 address - none
    gateway Interface's connected gateway. string - none

    mtu-override

    Status of MTU override.

    option

    -

    disable

    Option Description
    enable Enable MTU override.
    disable Disable MTU override.

    mtu

    MTU value for the interface.

    integer

    512 - 1500

    1500

    distance

    Route metric of the interface gateway.

    integer

    1 - 512

    5

    vrrp-virtual-mac

    Use of virtual MAC for VRRP.

    option

    -

    disable

    Option Description
    enable Enable VRRP virtual MAC.
    disable Disable VRRP virtual MAC.

    allowaccess

    Types of management access allowed to this interface.

    option

    -

    none

    security-mode

    Turn on captive portal authentication for this interface.

    option

    -

    none

    Option Description
    none

    No security option.
    captive-portal Captive portal authentication.

    security-external-web

    URL of external authentication web server.

    string

    Maximum length: 255

    -

    security-groups

    Names of user groups that can authenticate with the captive portal.

    options

    -

    		 -

    security-exempt-list

    Name of security-exempt-list.

    options

    -

    		 -

    security-redirect-url

    URL redirection after disclaimer/authentication.

    string

    Maximum length: 255

    		 -

    defaultgw

    Ability to get the gateway IP from the DHCP server.

    option

    -

    enable

    Option Description
    enable

    Enable getting the gateway IP from the DHCP server.
    disable Disable getting the gateway IP from the DHCP server.

    dns-server-override

    Use DNS acquired by DHCP.

    option

    -

    enable

    Option Description
    enable Enable DNS server override.
    disable Disable DNS server override.

    redundant-by

    Use of the benchmark for redundant algorithm.

    option

    -

    priority

    Option Description
    priority Redundant by priority.
    cost Redundant by cost.

    algorithm

    LLB algorithm.

    option

    -

    redundant

    Option Description
    redundant Redundant as algorithm.
    WRR WRR as algorithm.

    FEC

    Forward equivalence class.

    option

    -

    source_ip

    Option Description
    source_ip Forward equivalence class by source IP.
    dest_ip Forward equivalence class by destination IP.
    source_dest_ip_pair Forward equivalence class by source and destination IP pair.
    connection Forward equivalence class by connection.

    session-timeout

    FEC session timeout in seconds.

    integer

    0 - 86400

    60

    grace-period

    Grace period measured in seconds before failback.

    integer

    0 - 10000000

    0

    members

    Link members of virtual WAN.

    option

    -

    none

    rid

    CAPWAP virtual interface ID.

    integer

    1, 2

    1

    vid

    VLAN ID.

    integer

    1 - 4089

    0

    ingress-intf

    CAPWAP or VLAN interface's parent interface.

    option

    -

    none

    Option Description
    lan LAN as the ingress interface.
    lo Loopback as the ingress interface.
    lte1 LTE 1 as the ingress interface.
    wan WAN as the ingress interface.
    port4 Port 4 as the ingress interface.

    Sfp-dsl

    sfp-dsl status

    option

    -

    disable

    Option Description
    enable Enable sfp-dsl.
    disable Disable sfp-dsl.

    Autodect

    Enable/disable sfp-dsl auto-detect.

    option

    -

    enable

    Phy-mode

    DSL physical mode.

    option

    -

    vdsl

    Option Description
    Vdsl
    Adsl
    Previous
    Next