Fortigate CLI Cheat Sheet - Release date 20151105 v 0.5.2.
1
By Frederic Kasmirczak (http://www.frederick.lu)
getrouterinforouting
tabledatabase
Display the current routing table
Main command structure
diagiproutelist
Display the kernel routing table
show
Display changes to the default configuration
Backup / Restore
get
List the configuration of the current object or table
exerestoreconf
Backup Fortigate configuration
diagvpnikegatewaylist
Show phase 1
edit
Create or edit a table in the current object.
edit0 will use the next ID available in a sequence number
exebackupconfig
Restore Fortigate configuration
diagvpntunnellist
Show phase 2
set/unset
Set a filed / Reset a field to the default value
High availability
diagvpnikegatewayflushname
<phase1>
Flush a phase 1
end
Save the current changes
diagvpntunnelup<phase2>
Bring up a phase 2
abort
Exit commands without saving the fields
getsyshastatus
diagsyshastatus
delete
Remove a table from the current object
diagdebugappike1
diagdebugenable
Troubleshoot VPN issue
Basic
Show HA conf summary
diagdeben
diagdebconsoletimestamp
en
diagdebapphatalk1
diagdebapphasync1
Troubleshoot HA synchronization issue
Show status summary
getsysperfstat
Show Fortigate ressources summary
diagsyshashowcsum<int>
Show the config file checksum (can be execute
on both members to compare)
executeping
Ping something
exechasynchronizeall
Synchronize all parts of the configuration
executeshutdown
Shutdown the device/reboot with reboot
diagsysharesetuptime
Reset ha uptime criteria
getsysarp
Show the current arp table
executedate/time
Show the current date / time
diagsnifferpackethaint
'ether[12:2]=0x8890'6
Sniffer on heartbeat ports (here haint)
delete
Remove a table from the current object
exechamanage<id>
Connect on a subordonate device
showsysint
Debug
Show interfaces status
Sh sys int ? will show a summary
configsysinterface
editport1
setipx.x.x.x/y.y
setallowaccesssshping
end
Basic interface ip configuration
diagnetlinkdevicelist
Show interfaces statistics (errors)
gethardwarenicport1
Show interfaces statistics
Disk
diagdebugenable
diagdebugflowshowconsoleenable
diagdebugflowshowfunctionnameen
diagdebugflowfiltersaddrx.x.x.x
diagdebugflowfilterdaddry.y.y.y
diagdebugflowfilterdportz
diagdebugflowtracestart100
Debug flow
diagsnifferpacket<interface>
<filter><verbose><count><a>
<interface>physical,virtual,any
<filter>functionalityusingfilter
<verbose>therearesixverboselevels:
diagharddeviceinfodisk
Show disks and partitions usage
diagsysflashlist
Show partitions status
executesetnextreboot
Select partition for the next reboot
executefactoryreset
Reset to factory default (2 to keep network)
executeformatlogdisk
Format log disk
1printheaderofpackets
2printheaderanddatafromtheIPheaderof
thepackets
3printheaderanddatafromtheEthernet
headerofthepackets
4printheaderofpacketswithinterfacename
5printheaderanddatafromipofpackets
withinterfacename
6printheaderanddatafromEthernetof
packetswithinterfacename
configrouterstatic
edit0
setdeviceinternal
Setdstx.x.x.x/y.y
setgatewayz.z.z.z
end
Show session table
Add a static route
diagsyssessionfilterdstx.x.x.x
diagsyssessionfiltersrcy.y.y.y
diagsyssessionfilterprotoZ
diagsyssessionlist
getrouterinforouting
tabledetailsx.x.x.x
Display the route used to reach the IP x.x.x.x
Default gw will show Network not in table
diagsyssessionfiltersrcx.x.x.x
diagsyssessionfilterprotoz
diagsyssessionfilterdporty
diagsyssessionclear
Clear session table
Static routing
Show crashlog
diagdebugreport
Collect lots of information
(show tech Cisco like)
VPN
getsysstatus
Interface
diagdebugcrashlogread
Packet capture
<count>thenumberofpackets
<a>toenableabsolutetimestamp
�This document is distributed under the free license:
Attribution-ShareAlike 4.0 International
Creative Commons BY-SA 4.0
https://creativecommons.org/licenses/by-sa/4.0/
You are free to:
Share copy and redistribute the material in any medium or format.
Adapt remix, transform, and build upon the material for any purpose, even commercially.
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
Attribution You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any
reasonable manner, but not in any way that suggests the licensor endorses you or your use.
ShareAlike If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
No additional restrictions You may not apply legal terms or technological measures that legally restrict others from doing anything the
license permits.
