Fortinet black logo

CLI Reference

dvm

dvm

Use the following commands for DVM related settings.

dvm adom

Use this command to list or clone ADOMs.

Syntax

diagnose dvm adom clone <adom> <new_adom>

diagnose dvm adom list

Variable

Description

clone <adom> <new_adom>

Clone an ADOM. Enter the name of the ADOM that will be cloned, and the name of the clone.

list

List ADOMs, state, product, OS version (OSVER), major release (MR), name, mode, VPN management, and IPS.

dvm capability

Use this command to set the DVM capability.

Syntax

diagnose dvm capability set {all | standard}

diagnose dvm capability show

Variable

Description

set {all | standard}

Set the capability to all or standard.

show

Show what the capability is set to.

dvm chassis

Use this command to list chassis and supported chassis models.

Syntax

diagnose dvm chassis list

diagnose dvm chassis supported models

Variable

Description

list

List chassis.

supported-models

List supported chassis models.

dvm check-integrity

Use this command to check the DVM database integrity.

Syntax

diagnose dvm check-integrity

dvm csf

Use this command to print the CSF configuration.

Syntax

diagnose dvm csf <adom> <category>

Variable

Description

<adom>

The ADOM name.

<category>

The category:

  • all: Dump all CSF categories
  • group: Dump CSF group
  • intf-role: Dump interface role
  • user-device: Dump user device

dvm dbstatus

Use this command to print the database status.

Syntax

diagnose dvm dbstatus

dvm debug

Use this command to enable/disable debug channels.

Syntax

diagnose dvm debug {enable | disable} <channel> <channel> <channel>

Variable

Description

{enable | disable}

Enable/disable debug channels.

<channel>

The following channels are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor

dvm device

Use this command to list devices or objects referencing a device.

Syntax

diagnose dvm device delete <adom> <device>

diagnose dvm device dynobj <device>

diagnose dvm device list <device> <vdom>

diagnose dvm device monitor <device> <api>

diagnose dvm device object-reference <device> <vdom> <category> <object>

Variable

Description

delete <adom> <device>

Delete a device in a specific ADOM.

dynobj <device>

List dynamic objects on this device.

list <device> <vdom>

List devices. Optionally, enter a device or VDOM name.

monitor <device> <api>

JSON API for device monitor. Specify the device name and the monitor API name.

object-reference <device> <vdom> <category> <object>

List object reference. Specify the device name, VDOM, category (or all for all categories), and object.

Example

The following example shows the results of running the monitor command for WiFi clients.

FMG-VM64 # diagnose dvm device monitor FortiGate-VM64 wifi/client

Request :

{

"id": 1473975442,

"method": "exec",

"params": [

{

"data": {

"action": "get",

"resource": "/api/v2/monitor/wifi/client",

"target": [

"adom/root/device/FortiGate-VM64"

]

},

"url": "sys/proxy/json"

}

]

}

Response :

{

"id": 1473975442,

"result": [

{

"data": [

{

"response": {

"action": "select",

"build": 2549,

"http_method": "GET",

"name": "client",

"path": "wifi",

"results": null,

"serial": "FGVMEV0000000000",

"status": "success",

"vdom": "root",

"version": "v6.4.10"

},

"status": {

"code": 0,

"message": "OK"

},

"target": "FortiGate-VM64"

}

],

"status": {

"code": 0,

"message": "OK"

},

"url": "sys/proxy/json"

}

]

}

dvm device-tree-update

Use this command to enable/disable device tree automatic updates.

Syntax

diagnose dvm device-tree-update {enable | disable}

Variable

Description

{enable | disable}

Enable/disable device tree automatic updates.

dvm extender

Use these commands to list FortiExtender devices, synchronize FortiExtender data via JSON, and perform other actions.

Syntax

diagnose dvm extender copy-data-to-device <device>

diagnose dvm extender import-dataplan-to-adom <device>

diagnose dvm extender import-sim-profile-to-adom <device>

diagnose dvm extender list [device]

diagnose dvm extender reset-adom <adom> [clear-only] [skip-restart]

diagnose dvm extender set-sim-profile <device> <extender id> {modem1 | modem2 | all | none} <sim profile>

diagnose dvm extender sync-extender-data <device> [savedb] [syncadom] [task]

Variable

Description

copy-data-to-device <device>

Copy extender data (data plan and SIM profile) to the device. Enter the device name.

import-dataplan-to-adom <device>

Import data plan to the ADOM. Enter the device name.

import-sim-profile-to-adom <device>

Import SIM data to the ADOM. Enter the device name.

list [device]

List FortiExtender devices, or those connected to a specific device.

reset-adom <adom> [clear-only] [skip-restart]

Reset all extender data in the ADOM:

  • adom: Enter 104 for FortiCarrier, 130 for FortiFirewall, 134 for Unmanaged_Devices, and 3 for root

Optionally, use the following variables:

  • clear-only: Do not sync extender data to the ADOM

  • skip-restart: Do not restart FortiManager after the operation

set-sim-profile <device> <extender id> {modem1 | modem2 | all | none} <sim profile>

Set the SIM profile to extender modem. Enter the device name, extender ID, SIM profile, and choose the modem.

sync-extender-data <device> [savedb] [syncadom] [task]

Synchronize FortiExtender data by JSON. Optionally: save the data to the database, synchronize the ADOM, and/or create a task.

dvm fap

Use this command to list the FortiAP devices connected to a device.

Syntax

diagnose dvm fap list <devname>

Variable

Description

<devname>

The name of the device.

dvm fsw

Use this command to list the FortiSwitch devices connected to a device.

Syntax

diagnose dvm fsw list <devname>

Variable

Description

<devname>

The name of the device.

dvm group

Use this command to list groups.

Syntax

diagnose dvm group list

Variable

Description

list

List groups.

dvm lock

Use this command to print the DVM lock states.

Syntax

diagnose dvm lock

dvm proc

Use this command to list DVM process (dvmcmd) information.

Syntax

diagnose dvm proc list

dvm remove

Use this command to remove all unused IPS package files.

Syntax

diagnose dvm remove unused-ips-packages

dvm supported-platforms

Use this command to list supported platforms and firmware versions.

Syntax

diagnose dvm supported-platforms list <detail>

diagnose dvm supported-platforms mr-list

diagnose dvm supported-platforms fortiswitch [<adom>]

Variable

Description

list <detail>

List supported platforms by device type. Enter detail to show details with syntax support.

mr-list

List supported platforms by major release.

fortiswitch [<adom>]

List supported platforms in FortiSwitch manager.

dvm task

Use this command to repair or reset the task database.

Syntax

diagnose dvm task list <adom> <type>

diagnose dvm task repair

diagnose dvm task reset

Variable

Description

list <adom> <type>

List task database information.

repair

Repair the task database while preserving existing data where possible. The FortiManager will reboot after the repairs.

reset

Reset the task database to its factory default state. All existing tasks and the task history will be erased. The FortiManager will reboot after the reset.

dvm taskline

Use this command to repair the task lines.

Syntax

diagnose dvm taskline repair

Variable

Description

repair

Repair the task lines while preserving data wherever possible. The FortiManager will reboot after the repairs.

dvm transaction-flag

Use this command to edit or display DVM transaction flags.

Syntax

diagnose dvm transaction-flag [abort | debug | none]

Variable

Description

transaction-flag [abort | debug | none]

Set the transaction flag.

dvm workflow

Use this command to edit or display workflow information.

Syntax

diagnose dvm workflow log-list <adom_name> <workflow_session_ID>

diagnose dvm workflow session-list [adom_name]

diagnose dvm workflow workflow-db-reset <adom> [skip-restart]

Variable

Description

log list <adom_name> <workflow_session_ID>

List workflow session logs.

session list [adom_name]

List workflow sessions.

workflow-db-reset <adom> [skip-restart]

Reset workflow database from ADOM rundb. Optonally, don't restart FortiManager after the operation.

dvm

dvm

Use the following commands for DVM related settings.

dvm adom

Use this command to list or clone ADOMs.

Syntax

diagnose dvm adom clone <adom> <new_adom>

diagnose dvm adom list

Variable

Description

clone <adom> <new_adom>

Clone an ADOM. Enter the name of the ADOM that will be cloned, and the name of the clone.

list

List ADOMs, state, product, OS version (OSVER), major release (MR), name, mode, VPN management, and IPS.

dvm capability

Use this command to set the DVM capability.

Syntax

diagnose dvm capability set {all | standard}

diagnose dvm capability show

Variable

Description

set {all | standard}

Set the capability to all or standard.

show

Show what the capability is set to.

dvm chassis

Use this command to list chassis and supported chassis models.

Syntax

diagnose dvm chassis list

diagnose dvm chassis supported models

Variable

Description

list

List chassis.

supported-models

List supported chassis models.

dvm check-integrity

Use this command to check the DVM database integrity.

Syntax

diagnose dvm check-integrity

dvm csf

Use this command to print the CSF configuration.

Syntax

diagnose dvm csf <adom> <category>

Variable

Description

<adom>

The ADOM name.

<category>

The category:

  • all: Dump all CSF categories
  • group: Dump CSF group
  • intf-role: Dump interface role
  • user-device: Dump user device

dvm dbstatus

Use this command to print the database status.

Syntax

diagnose dvm dbstatus

dvm debug

Use this command to enable/disable debug channels.

Syntax

diagnose dvm debug {enable | disable} <channel> <channel> <channel>

Variable

Description

{enable | disable}

Enable/disable debug channels.

<channel>

The following channels are available: all, dvm_db, dvm_dev, shelfmgr, ipmi, lib, dvmcmd, dvmcore, gui, and monitor

dvm device

Use this command to list devices or objects referencing a device.

Syntax

diagnose dvm device delete <adom> <device>

diagnose dvm device dynobj <device>

diagnose dvm device list <device> <vdom>

diagnose dvm device monitor <device> <api>

diagnose dvm device object-reference <device> <vdom> <category> <object>

Variable

Description

delete <adom> <device>

Delete a device in a specific ADOM.

dynobj <device>

List dynamic objects on this device.

list <device> <vdom>

List devices. Optionally, enter a device or VDOM name.

monitor <device> <api>

JSON API for device monitor. Specify the device name and the monitor API name.

object-reference <device> <vdom> <category> <object>

List object reference. Specify the device name, VDOM, category (or all for all categories), and object.

Example

The following example shows the results of running the monitor command for WiFi clients.

FMG-VM64 # diagnose dvm device monitor FortiGate-VM64 wifi/client

Request :

{

"id": 1473975442,

"method": "exec",

"params": [

{

"data": {

"action": "get",

"resource": "/api/v2/monitor/wifi/client",

"target": [

"adom/root/device/FortiGate-VM64"

]

},

"url": "sys/proxy/json"

}

]

}

Response :

{

"id": 1473975442,

"result": [

{

"data": [

{

"response": {

"action": "select",

"build": 2549,

"http_method": "GET",

"name": "client",

"path": "wifi",

"results": null,

"serial": "FGVMEV0000000000",

"status": "success",

"vdom": "root",

"version": "v6.4.10"

},

"status": {

"code": 0,

"message": "OK"

},

"target": "FortiGate-VM64"

}

],

"status": {

"code": 0,

"message": "OK"

},

"url": "sys/proxy/json"

}

]

}

dvm device-tree-update

Use this command to enable/disable device tree automatic updates.

Syntax

diagnose dvm device-tree-update {enable | disable}

Variable

Description

{enable | disable}

Enable/disable device tree automatic updates.

dvm extender

Use these commands to list FortiExtender devices, synchronize FortiExtender data via JSON, and perform other actions.

Syntax

diagnose dvm extender copy-data-to-device <device>

diagnose dvm extender import-dataplan-to-adom <device>

diagnose dvm extender import-sim-profile-to-adom <device>

diagnose dvm extender list [device]

diagnose dvm extender reset-adom <adom> [clear-only] [skip-restart]

diagnose dvm extender set-sim-profile <device> <extender id> {modem1 | modem2 | all | none} <sim profile>

diagnose dvm extender sync-extender-data <device> [savedb] [syncadom] [task]

Variable

Description

copy-data-to-device <device>

Copy extender data (data plan and SIM profile) to the device. Enter the device name.

import-dataplan-to-adom <device>

Import data plan to the ADOM. Enter the device name.

import-sim-profile-to-adom <device>

Import SIM data to the ADOM. Enter the device name.

list [device]

List FortiExtender devices, or those connected to a specific device.

reset-adom <adom> [clear-only] [skip-restart]

Reset all extender data in the ADOM:

  • adom: Enter 104 for FortiCarrier, 130 for FortiFirewall, 134 for Unmanaged_Devices, and 3 for root

Optionally, use the following variables:

  • clear-only: Do not sync extender data to the ADOM

  • skip-restart: Do not restart FortiManager after the operation

set-sim-profile <device> <extender id> {modem1 | modem2 | all | none} <sim profile>

Set the SIM profile to extender modem. Enter the device name, extender ID, SIM profile, and choose the modem.

sync-extender-data <device> [savedb] [syncadom] [task]

Synchronize FortiExtender data by JSON. Optionally: save the data to the database, synchronize the ADOM, and/or create a task.

dvm fap

Use this command to list the FortiAP devices connected to a device.

Syntax

diagnose dvm fap list <devname>

Variable

Description

<devname>

The name of the device.

dvm fsw

Use this command to list the FortiSwitch devices connected to a device.

Syntax

diagnose dvm fsw list <devname>

Variable

Description

<devname>

The name of the device.

dvm group

Use this command to list groups.

Syntax

diagnose dvm group list

Variable

Description

list

List groups.

dvm lock

Use this command to print the DVM lock states.

Syntax

diagnose dvm lock

dvm proc

Use this command to list DVM process (dvmcmd) information.

Syntax

diagnose dvm proc list

dvm remove

Use this command to remove all unused IPS package files.

Syntax

diagnose dvm remove unused-ips-packages

dvm supported-platforms

Use this command to list supported platforms and firmware versions.

Syntax

diagnose dvm supported-platforms list <detail>

diagnose dvm supported-platforms mr-list

diagnose dvm supported-platforms fortiswitch [<adom>]

Variable

Description

list <detail>

List supported platforms by device type. Enter detail to show details with syntax support.

mr-list

List supported platforms by major release.

fortiswitch [<adom>]

List supported platforms in FortiSwitch manager.

dvm task

Use this command to repair or reset the task database.

Syntax

diagnose dvm task list <adom> <type>

diagnose dvm task repair

diagnose dvm task reset

Variable

Description

list <adom> <type>

List task database information.

repair

Repair the task database while preserving existing data where possible. The FortiManager will reboot after the repairs.

reset

Reset the task database to its factory default state. All existing tasks and the task history will be erased. The FortiManager will reboot after the reset.

dvm taskline

Use this command to repair the task lines.

Syntax

diagnose dvm taskline repair

Variable

Description

repair

Repair the task lines while preserving data wherever possible. The FortiManager will reboot after the repairs.

dvm transaction-flag

Use this command to edit or display DVM transaction flags.

Syntax

diagnose dvm transaction-flag [abort | debug | none]

Variable

Description

transaction-flag [abort | debug | none]

Set the transaction flag.

dvm workflow

Use this command to edit or display workflow information.

Syntax

diagnose dvm workflow log-list <adom_name> <workflow_session_ID>

diagnose dvm workflow session-list [adom_name]

diagnose dvm workflow workflow-db-reset <adom> [skip-restart]

Variable

Description

log list <adom_name> <workflow_session_ID>

List workflow session logs.

session list [adom_name]

List workflow sessions.

workflow-db-reset <adom> [skip-restart]

Reset workflow database from ADOM rundb. Optonally, don't restart FortiManager after the operation.