System commands
This chapter describes the administration commands for a FortiPolicy system.
These commands are used to configure and view FortiPolicy settings and deployments.
You must enclose non-alphabet characters in double quotes in CLI commands. |
Basic mode commands
Use general system commands to configure settings, view history, enter other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:
Basic commands
delete
Description |
Delete system configuration. |
Mode(s) |
Basic | Support |
Syntax |
delete <param> ? |
Parameters |
ntp | webproxy |
Example |
The following example deletes NTP information. fortipolicy-um> delete ntp |
enable
Description |
Enable the FortiPolicy CLI to display another command view. |
Mode(s) |
Basic | Support |
Syntax |
enable <param> ? |
Parameters |
console | maintenance |
Example |
The following example enables the CLI console view: fortipolicy-um> enable console hostname (console)# show versions |
exit
Description |
Exits the current CLI session mode. |
Mode(s) |
Basic | Support |
Syntax |
exit |
Parameters |
None |
Example |
The following example ends a command mode or CLI session. fortipolicy-um> exit |
help
Description |
Displays information about the CLI help system. |
Mode(s) |
Basic | Support |
Syntax |
help |
Parameters |
None |
Example |
The following example shows some of the output of the CONTEXT SENSITIVE HELP [?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference. AUTO-COMPLETION The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions. [enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained. [tab] - Auto-completes [space] - Auto-completes, or if the command is already resolved inserts a space. If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it. Use ? to learn command parameters and option: fortipolicy-um> show n? Show ntp peering configurations |
history
Description |
Display the current session's command line history |
Mode(s) |
Basic | Support |
Syntax |
history |
Parameters |
None |
Example |
The following example displays the command line history. fortipolicy-um> history |
ping
Description |
Send messages to network hosts. | ||||||||
Mode(s) |
Basic | Support | ||||||||
Syntax |
ping | ||||||||
Parameters |
|
||||||||
Example |
The following example sends a ICMP IPv4 message to the network hose. fortipolicy-um> ping ip |
reboot
Description |
Reboot the system. |
Mode(s) |
Basic | Support |
Syntax |
reboot |
Parameters |
forcefsck |
Example |
The following example runs a force file system check on reboot. fortipolicy-um> forcefsck reboot |
resize
Description |
Resize console to terminal size. |
Mode(s) |
Basic | Support |
Syntax |
resize |
Parameters |
[integer] Number of lines |
Example |
The following example returns command line history for the current CLI session. fortipolicy-um> resize 80 25 |
restart services
Description |
Restarts FortiPolicy services. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mode(s) |
Basic | Support | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Syntax |
restart services <param> ? | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Parameters |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Example |
The following example restarts all FortiPolicy services. fortipolicy-um> restart services all |
set
Description |
Sets several FortiPolicy system configurations. |
||||||
Mode(s) |
Basic | Support | ||||||
Syntax |
set <param> ? | ||||||
Parameters |
|
||||||
Example |
The following example sets default logging for all FortiPolicy components. fortipolicy-um> set login The following example enables a FortiPolicy restricted shell support session access; you will be prompted to enter a Verification Code, One Time Password (OTP) and Shared Secret: fortipolicy-um> set support enabled The following example sets the support account expiration date from the default (1 day) to the maximum allowed 14 days. fortipolicy-um> set support enable maxdays 14 The following example disables support account access: fortipolicy-um> set support disabled |
shell
Description |
Displays the FortiPolicy restricted shell provided you have set up support account access with a Verification Code, OTP and Shared Secret. |
Mode(s) |
Basic | Support |
Syntax |
shell |
Parameters |
None |
Example |
The following example drops the session to the restricted shell. fortipolicy-um> shell *************************************************************** Accessing FortiPolicy Support Shell - Unauthorized access prohibited. *************************************************************** Support Verification Code(v3): *************** |
show
Description |
Displays FortiPolicy system configuration information. | ||||||||||||||||||
Mode(s) |
Basic | Support | ||||||||||||||||||
Syntax |
show | ||||||||||||||||||
Subcommands and Parameters |
|
||||||||||||||||||
Example |
The following example displays the support account status: fortipolicy-um> show support status Locked: no Expired: no (expires 2018-6-13 Shell: enabled OTP: configured Status: enabled The following example displays the last log file for error messages. fortipolicy-um> show log file /var/log/messages last 1 2018-06-12 00:59:17, 358 (none) syslog.err rsyslogd: cannot connect to 10.1.1.1:10514: Connection refused [v8.33.1 try http://www.rsyslog.com/e/2027 The following example displays services that are DOWN or UP and running. fortipolicy-um> show services CertificateAuthority [DOWN] ConfigUpdate --------[UP] ContainerEngine------[UP] ... The following example requests display of the last 10 system boot messages.
|
ssh
Description |
Specifies the IP address to which an SSH connection should be made. Note: After an SSH session to the FortiPolicy-UM, you can use the CLI to jump to the backend servers. For cloud deployments (or where you use SSH keys), you will need to setup ssh-agent on your originating SSH client machine. |
Mode(s) |
Basic | Support |
Syntax |
ssh {reset-host-key} <IP Address> |
Sub-commands & Parameters |
ssh <IP Address> ssh reset-host-key <IP Address> |
Example |
The following example sets the IP address for an SSH connection.
The following example resets the IP address for an SSH connection. fortipolicy-um> ssh reset-host-key 10.2.2.4 NOTE: Do not to use this command by default; best to use only when your DNS resource pool has rotated. |
top
Description |
Returns to the default Basic Mode CLI session from the restricted shell or other view modes. |
Mode(s) |
Support |
Syntax |
top |
Parameters |
None |
Example |
The following example returns the FortiPolicy CLI session to the default CLI view. fortipolicy-um> top |
test
Description |
Test commands. |
Mode(s) |
Basic | Support |
Syntax |
test |
Parameters |
None |
Example |
The following example tests the commands. fortipolicy-um> test |
traceroute
Description |
Tracks and prints the route packet path to a network host. |
||||||||
Mode(s) |
Basic | Support | ||||||||
Syntax |
traceroute | ||||||||
Parameters |
|
||||||||
Example |
The following example traces and displays the packet path to network host 10.1.1.4. fortipolicy-um> traceroute ip 10.1.1.4 |