Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

System Commands

Command

Description

reboot

Reboot the FortiSandbox. All sessions will be terminated. The unit will go offline and there will be a delay while it restarts.

config-reset

Reset the FortiSandbox configuration to factory default settings. Job data will be kept.

For installed VM images, their clone numbers and Scan Profile settings are set back to default.

factory-reset

Reset the FortiSandbox configuration to factory default settings. All data are deleted.

For installed VM images, only Default VMs are kept and their clone number and Scan Profile settings are set to default values.

shutdown

Shutdown the FortiSandbox.

status

Display the FortiSandbox firmware version, serial number, system time, disk usage, image status check, Microsoft Windows VM status, VM network access configuration, and RAID information.

sandbox-engines

Display FortiSandbox FortiGuard component versions including the Tracer Engine, Rating Engine, Traffic Sniffer, Botnet Signature Database, IPS Signature Database, and Android engine versions.

vm-license -l

List embedded Windows Product key information.

vm-status

Show VM system status and their license situation.

If there is an issue with a VM, an error message will be displayed with information to help troubleshoot the problem.

vm-reset

Activate and initialize a VM image again. Sometimes it is necessary to rebuild a VM image when it is broken.

Optionally, specify a VM name with -n <VM name>, or all VMs will be reset.

fw-upgrade

Upgrade or re-install the FortiSandbox firmware via Secure Copy (SCP) or File Transfer Protocol (FTP) server.

See fw-upgrade for details.

reset-widgets

Reset the GUI widgets.

cleandb

Clean up the internal database and job information. This command will erase all stored data and reboot the device.

This command only works on devices that are in standalone mode.

log-purge

Delete all system logs.

pending-jobs

Show the status of or delete pending jobs.

See pending-jobs for details.

device-authorization

Configure new client device authorization .

See device-authorization for details.

iptables

Enable/disable IP tables.

See iptables for details.

usg-license

Convert the unit to be USG licensed.

See usg-license for details.

hc-settings

Configure the unit as a HA-Cluster mode unit.

See hc-settings for details.

hc-status -l

List the status of HA-Cluster units.

hc-slave

Add/update/remove a slave unit to/from an HA-Cluster. This command can only be run on a slave unit.

hc-master

Enable/disable the malware detection features on master unit.

Use -s<percent> to turn on file scan and set the percentage of the scanning capacity to be used. If no number is entered, 50% will be used.

upload license

Download firmware license file from a server and install it.

See upload-license for details.

resize-hd

After changing the virtual hard disk size on the hypervisor, execute this command to make the change recognizable to the firmware.

This command is only available for FSA_VM-Base and FSAVM00 models.

confirm-id

Set confirm ID for Microsoft Windows or Office activation.

See confirm-id for details.

vm-customized

Install customized VM.

See vm-customized for details.

sandboxing-cache

Enable/disable sandboxing result check.

See sandboxing-cache for details.

reset-scan-profile

Reset the clone number and file extension association back to firmware default values using the -r option.

sandboxing-prefilter

Enable/disable sandboxing prefilter for file types.

See sandboxing-prefilter for details.

sandboxing-embeddedurl

Enable/disable feature for sandboxing embedded urls in PDF or OFFICE documents.

See sandboxing-embeddedurl for details.

filesize-limit

Set file size limitation for scan input type, in megabytes (default = 200).

See filesize-limit for details.

remote-auth-timeout

Set the timeout for remote authentication.

See remote-auth-timeout for details.

log-dropped

Enable/disable the log file drop event.

See log-dropped for details.

vm-internet

Allow Virtual Machines to access external network through outgoing port3 and set gateway for port3.

See vm-internet for details.

cm-status -l

List the status of units joining the Global Threat Information Network.

fsck-storage

Check the file system on the hard disk and repair it if it's not clean. System reboots immediately.

raid-rebuild

Rebuild raid after a new HD replaces a bad one.

See raid-rebuild for details.

reset-sandbox-engine

Reset the tracer/rating engine back to firmware default.

See reset-sandbox-engine for details.

set-maintainer

Enable/disable the maintainer account.

See set-maintainer for details.

set-tlsver

Set the allowed TLS version for HTTPS service.

See set-tlsver for details.

fortimail-expired

Enable/disable expired timeout option for FortiMail files.

See fortimail-expired for details.

oftpd-con-mode

Enable/disable conserve mode of OFTPD.

See oftpd-con-mode for details.

device-lenc

Enable/disable OFTPD supporting FortiGate-LENC devices.

See device-lenc for details.

upload-settings

Configure data upload settings to community cloud.

See upload-settings for details.

ai-mode

Enable/disable using AI logic to do job's behavior analysis.

See ai-mode for details.

System Commands

Command

Description

reboot

Reboot the FortiSandbox. All sessions will be terminated. The unit will go offline and there will be a delay while it restarts.

config-reset

Reset the FortiSandbox configuration to factory default settings. Job data will be kept.

For installed VM images, their clone numbers and Scan Profile settings are set back to default.

factory-reset

Reset the FortiSandbox configuration to factory default settings. All data are deleted.

For installed VM images, only Default VMs are kept and their clone number and Scan Profile settings are set to default values.

shutdown

Shutdown the FortiSandbox.

status

Display the FortiSandbox firmware version, serial number, system time, disk usage, image status check, Microsoft Windows VM status, VM network access configuration, and RAID information.

sandbox-engines

Display FortiSandbox FortiGuard component versions including the Tracer Engine, Rating Engine, Traffic Sniffer, Botnet Signature Database, IPS Signature Database, and Android engine versions.

vm-license -l

List embedded Windows Product key information.

vm-status

Show VM system status and their license situation.

If there is an issue with a VM, an error message will be displayed with information to help troubleshoot the problem.

vm-reset

Activate and initialize a VM image again. Sometimes it is necessary to rebuild a VM image when it is broken.

Optionally, specify a VM name with -n <VM name>, or all VMs will be reset.

fw-upgrade

Upgrade or re-install the FortiSandbox firmware via Secure Copy (SCP) or File Transfer Protocol (FTP) server.

See fw-upgrade for details.

reset-widgets

Reset the GUI widgets.

cleandb

Clean up the internal database and job information. This command will erase all stored data and reboot the device.

This command only works on devices that are in standalone mode.

log-purge

Delete all system logs.

pending-jobs

Show the status of or delete pending jobs.

See pending-jobs for details.

device-authorization

Configure new client device authorization .

See device-authorization for details.

iptables

Enable/disable IP tables.

See iptables for details.

usg-license

Convert the unit to be USG licensed.

See usg-license for details.

hc-settings

Configure the unit as a HA-Cluster mode unit.

See hc-settings for details.

hc-status -l

List the status of HA-Cluster units.

hc-slave

Add/update/remove a slave unit to/from an HA-Cluster. This command can only be run on a slave unit.

hc-master

Enable/disable the malware detection features on master unit.

Use -s<percent> to turn on file scan and set the percentage of the scanning capacity to be used. If no number is entered, 50% will be used.

upload license

Download firmware license file from a server and install it.

See upload-license for details.

resize-hd

After changing the virtual hard disk size on the hypervisor, execute this command to make the change recognizable to the firmware.

This command is only available for FSA_VM-Base and FSAVM00 models.

confirm-id

Set confirm ID for Microsoft Windows or Office activation.

See confirm-id for details.

vm-customized

Install customized VM.

See vm-customized for details.

sandboxing-cache

Enable/disable sandboxing result check.

See sandboxing-cache for details.

reset-scan-profile

Reset the clone number and file extension association back to firmware default values using the -r option.

sandboxing-prefilter

Enable/disable sandboxing prefilter for file types.

See sandboxing-prefilter for details.

sandboxing-embeddedurl

Enable/disable feature for sandboxing embedded urls in PDF or OFFICE documents.

See sandboxing-embeddedurl for details.

filesize-limit

Set file size limitation for scan input type, in megabytes (default = 200).

See filesize-limit for details.

remote-auth-timeout

Set the timeout for remote authentication.

See remote-auth-timeout for details.

log-dropped

Enable/disable the log file drop event.

See log-dropped for details.

vm-internet

Allow Virtual Machines to access external network through outgoing port3 and set gateway for port3.

See vm-internet for details.

cm-status -l

List the status of units joining the Global Threat Information Network.

fsck-storage

Check the file system on the hard disk and repair it if it's not clean. System reboots immediately.

raid-rebuild

Rebuild raid after a new HD replaces a bad one.

See raid-rebuild for details.

reset-sandbox-engine

Reset the tracer/rating engine back to firmware default.

See reset-sandbox-engine for details.

set-maintainer

Enable/disable the maintainer account.

See set-maintainer for details.

set-tlsver

Set the allowed TLS version for HTTPS service.

See set-tlsver for details.

fortimail-expired

Enable/disable expired timeout option for FortiMail files.

See fortimail-expired for details.

oftpd-con-mode

Enable/disable conserve mode of OFTPD.

See oftpd-con-mode for details.

device-lenc

Enable/disable OFTPD supporting FortiGate-LENC devices.

See device-lenc for details.

upload-settings

Configure data upload settings to community cloud.

See upload-settings for details.

ai-mode

Enable/disable using AI logic to do job's behavior analysis.

See ai-mode for details.