Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI reference

    Home FortiNDR 7.6.2 CLI reference
    7.6.2
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.0
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0

    config system interface

    config system interface

    Use this command to configure allowed and denied administrative access protocols, up or down administrative status for the network interfaces of FortiNDR.

    Syntax

    config system interface

    edit <physical_interface_str>

    set allowaccess {ping https ssh telnet}

    set discover {enable | disable}

    set ip {ipv4mask}

    set mode {static | dhcp}

    set mtu <mtu_int>

    set sniffer {off | ndrd | snifferd}

    set speed {auto | 10full | 10half | 100full | 100half | 1000full}

    set status {down | up}

    end

    Variable

    Description

    Default

    <physical_interface_str>

    Name of the physical network interface, such as port1.

    allowaccess {ping | https | ssh | telnet}

    Add one or more protocols to the list of protocols that allow administrative access to FortiNDR through this network interface:

    ping

    		 Allow ICMP ping responses from this network interface.

    https

    		 Allow secure HTTP (HTTPS) access to the web-based manager and per-recipient quarantines.

    ssh

    		 Allow SSH access to the CLI

    telnet

    		 Allow Telnet access to the CLI.

    HTTP and Telnet connections are not secure and can be intercepted by a third party. To reduce risk, enable this option only on network interfaces connected directly to your management computer.

    Varies by network interface.

    discover {enable | disable}

    Allow discovery of the interface on this port.

    ip <ipv4mask>

    IP address and netmask of the network interface.

    set mtu <mtu_int>

    Sets the maximum packet or Ethernet frame size in bytes.

    The Maximum Transmission Unit (MTU) determines the largest size of packets or Ethernet frames that can be transmitted without fragmentation. Setting the correct MTU is crucial for optimal network performance and reliability. If the MTU is not aligned with the requirements of your network, packets may require fragmentation or defragmentation at network nodes, which can lead to performance issues and packet drops.

    The valid range is from 68 to 9702 bytes.

    mode {static | dhcp}

    Interface mode.

    static

    sniffer {off | ndrd | snifferd}

    Sniffer mode of the network interface. This option is only available on sniffer network interfaces.

    ndrd

    snifferd

    speed {auto | 10full | 10half | 100full | 100half | 1000full}

    Speed of the network interface. Some network interfaces might not support all speeds.

    auto

    status {down | up}

    up enables the network interface to send and receive traffic.

    down disables the network interface.

    up

    Previous
    Next

    config system interface

    config system interface

    Use this command to configure allowed and denied administrative access protocols, up or down administrative status for the network interfaces of FortiNDR.

    Syntax

    config system interface

    edit <physical_interface_str>

    set allowaccess {ping https ssh telnet}

    set discover {enable | disable}

    set ip {ipv4mask}

    set mode {static | dhcp}

    set mtu <mtu_int>

    set sniffer {off | ndrd | snifferd}

    set speed {auto | 10full | 10half | 100full | 100half | 1000full}

    set status {down | up}

    end

    Variable

    Description

    Default

    <physical_interface_str>

    Name of the physical network interface, such as port1.

    allowaccess {ping | https | ssh | telnet}

    Add one or more protocols to the list of protocols that allow administrative access to FortiNDR through this network interface:

    ping

    		 Allow ICMP ping responses from this network interface.

    https

    		 Allow secure HTTP (HTTPS) access to the web-based manager and per-recipient quarantines.

    ssh

    		 Allow SSH access to the CLI

    telnet

    		 Allow Telnet access to the CLI.

    HTTP and Telnet connections are not secure and can be intercepted by a third party. To reduce risk, enable this option only on network interfaces connected directly to your management computer.

    Varies by network interface.

    discover {enable | disable}

    Allow discovery of the interface on this port.

    ip <ipv4mask>

    IP address and netmask of the network interface.

    set mtu <mtu_int>

    Sets the maximum packet or Ethernet frame size in bytes.

    The Maximum Transmission Unit (MTU) determines the largest size of packets or Ethernet frames that can be transmitted without fragmentation. Setting the correct MTU is crucial for optimal network performance and reliability. If the MTU is not aligned with the requirements of your network, packets may require fragmentation or defragmentation at network nodes, which can lead to performance issues and packet drops.

    The valid range is from 68 to 9702 bytes.

    mode {static | dhcp}

    Interface mode.

    static

    sniffer {off | ndrd | snifferd}

    Sniffer mode of the network interface. This option is only available on sniffer network interfaces.

    ndrd

    snifferd

    speed {auto | 10full | 10half | 100full | 100half | 1000full}

    Speed of the network interface. Some network interfaces might not support all speeds.

    auto

    status {down | up}

    up enables the network interface to send and receive traffic.

    down disables the network interface.

    up

    Previous
    Next