Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
968 views11 pages

Fortigate Firewall Commandline

The document provides a detailed cheatsheet guide for FortiGate firewall CLI commands organized by privilege mode and including over 50 commands and their descriptions.

Uploaded by

pyayheinhtet.bh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
968 views11 pages

Fortigate Firewall Commandline

The document provides a detailed cheatsheet guide for FortiGate firewall CLI commands organized by privilege mode and including over 50 commands and their descriptions.

Uploaded by

pyayheinhtet.bh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

CLI For FortiGate Firewall|info@networkjourney.

com | +91 9739521088

Cheatsheet Guide

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 1 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

Enable-Based (Privileged Exec Mode)


Privilege
sr.no CLI Command Mode Description
1 enable Enter privileged exec mode

2 configure terminal Enter global configuration mode

Display the currently running


3 show running-config
configuration

Save the running configuration to the


4 write memory
startup config

5 reload Reload the system

6 show interfaces Display information about interfaces

Return to user exec mode from


7 disable
privileged exec mode
8 clear counters Clear interface counters

9 show access-lists Display configured access control lists

show crypto isakmp Display IKE (Internet Key Exchange)


10
sa security associations
Enable Display IPSec (IP Security) security
11 show crypto ipsec sa
associations

12 show log Display system log messages

13 show firewall Display firewall configuration and status

copy running-config Save the running configuration to the


14
startup-config startup configuration

show interfaces
15 Display descriptions of all interfaces
description

show ip nat Display active Network Address


16
translations Translation (NAT) translations

17 debug ip packet Enable debugging of IP packets

show crypto key


18 Display the RSA public key information
mypubkey rsa

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 2 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

19 show cpu Display CPU utilization and statistics

clear crypto isakmp Clear existing IKE (Internet Key


20
sa Exchange) security associations

Clear existing IPSec (IP Security) security


21 clear crypto ipsec sa
associations

Display hardware and software version


22 show version
information

clear interface
23 Reset statistics for a specific interface
<interface>

24 show failover Display failover configuration and status

show threat-
25 Display statistics for threat detection
detection statistics

clear threat-detection
26 Clear threat detection statistics
statistics

27 `show running-config Enable

28 clear xlate Clear dynamic translation slots

Display information about active


29 show conn
connections

30 write erase Erase the startup configuration

31 show route Display the routing table


clear route Remove a specific route from the
32
<ip_address> routing table

show crypto engine Display active crypto engine


33
connections active connections

clear crypto engine


34 connections Clear specific crypto engine connections
<engine_id>

35 show failover history Display the failover event history

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 3 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

show firewall policy-


36 Display configured firewall policy maps
map

37 show ip dhcp pool Display DHCP pool information

Display the contents of the logging


38 show logging buffer
buffer

39 clear logging Clear the contents of the logging buffer

show access-list
40 Display a specific access control list
<name>

41 show platform Display platform information

42 clear platform Clear platform-specific information

show firewall Display detailed information about


43
sessiondb firewall sessions
clear firewall
44 Clear the firewall session database
sessiondb

45 show crypto map Display configured crypto maps

clear crypto map


46 Remove a specific crypto map
<name>

47 show failover state Display the state of failover

clear counters Clear interface counters for a specific


48
<interface> interface

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 4 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

User Exec (Privilege Level 1)

sr.no CLI Command Privilege Mode Description


Send ICMP Echo requests to a specified IP
1 ping <ip_address>
address

show interfaces
2 Display brief information about interfaces
brief

traceroute Trace the route to a destination IP


3
<destination> address
4 show ip route Display the IP routing table
Display system information and firmware
5 show version
version
Display detailed information about IP
6 show ip interface
interfaces
telnet
7 Initiate a Telnet session to a remote host
<hostname>
Display information about users currently
8 show users
logged in

clear line
9 Clear a specific terminal line
<line_number>

Display the Address Resolution Protocol


10 show arp
(ARP) table

Send ICMP Echo requests to a specified


11 ping <hostname>
hostname
12 show vlan Display VLAN information
traceroute
13 Trace the route to a specified hostname
<hostname>

14 show clock Display the current system time

show running-
Display the configuration of a specific
15 config interface
interface
<interface>

show tech- Generate a technical support information


16
support file

17 show logging Display the contents of the logging buffer

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 5 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

telnet Initiate a Telnet session to a specified IP


18
<ip_address> address
show ip interface Display brief information about IP
19
brief interfaces
show firewall
20 Display active firewall sessions
sessions

21 show vlan brief Display brief information about VLANs

22 `show version User Exec


show crypto Display ISAKMP (Internet Key Exchange)
23
isakmp policy policies

show crypto ipsec


24 Display configured IPSec transform sets
transform-set

Display detailed information about the


25 show clock detail
system clock
show access-list
26 Display a specific access control list
<number>
show ip nat
27 Display NAT statistics
statistics

Display technical information about the


28 show tech
system

29 show memory Display memory usage information

30 `show version User Exec

show interfaces
31 Display interface counters
counters

show ip dhcp Display DHCP (Dynamic Host


32
binding Configuration Protocol) bindings

show clock
33 Display the configured time zone
timezone
show ip route
34 Display the route to a specific network
<network>

show ip interface Display detailed information about an


35
<interface> interface

show running-
Display the configuration of a specific
36 config interface
interface
<interface>

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 6 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

show startup- Display the contents of the startup


37
config configuration
traceroute
38 Trace the route to a specified IP address
<ip_address>

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 7 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

Global Configuration Mode

Privilege
sr.no CLI Command Mode Description
1 interface <interface> Enter interface configuration mode

ip address
2 Assign an IP address to an interface
<ip_address>

3 access-list <number> Create or modify an IP access list

4 route-map <name> Create or modify a route map

5 crypto map <name> Create or modify a crypto map for VPN

6 hostname <hostname> Set the system's network name

banner motd Set a message-of-the-day (MOTD)


7
<message> banner
ntp server Configure Network Time Protocol (NTP)
8
<ip_address> server

snmp-server
9 community Set SNMP community string
<community_string> Global Config

Configure remote syslog server for


10 logging <ip_address>
logging

interface Vlan Enter VLAN interface configuration


11
<vlan_number> mode

ip route
12 <destination_network> Add a static IP route
<mask> <next-hop>

access-list <number>
13 permit/deny Add or modify an access control list rule
<protocol>

banner login Set a banner for login authentication


14
<message> messages
ntp server Configure NTP server for time
15
<ip_address> synchronization

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 8 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

crypto isakmp key


16 Configure a pre-shared key for IKE
<key> address <peer>

crypto ipsec transform-


17 set <name> esp- Configure IPSec transform set
<encryption_algo>

crypto map <name>


18 <seq_num> ipsec- Create a crypto map for IPSec
isakmp

interface Loopback
19 Create a loopback interface
<number>

ip access-group Apply an access list to an interface


20
<access_list> in/out inbound or outbound

ip nat inside source


21 static <local_ip> Configure static NAT translation
<global_ip>

ip nat pool <name>


22 <start_ip> <end_ip> Create a NAT pool
netmask <mask>

interface Vlan Enter VLAN interface configuration


23
<vlan_number> mode

ip access-list
Create an extended or standard access
24 <extended/standard>
control list
<name>

25 no shutdown Enable a previously disabled interface

ip route 0.0.0.0 0.0.0.0


26 Configure a default route
<next-hop>

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 9 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

ip nat outside source


27 list <acl_number> Configure dynamic NAT using an ACL
interface <interface>

Create a policy map for use in QoS


28 policy-map <name>
configuration
Create a traffic class for use in QoS
29 class <name>
configuration

service-policy <type> Apply a policy map to an interface or


30
<name> VLAN

interface range <type> Enter interface configuration mode for


31
<range> a range of interfaces

32 hostname <hostname> Set the device hostname

Configure parameters for virtual


33 line vty 0 15
terminal lines

ip dhcp excluded-
Exclude a range of IP addresses from
34 address <start_ip>
DHCP pool
<end_ip>

35 ip dhcp pool <name> Enter DHCP pool configuration mode

service password-
36 Enable password encryption
encryption

logging host Configure a remote syslog server for


37
<ip_address> logging

ip nat inside source list


38 <acl_number> Configure dynamic NAT using an ACL
interface <interface>

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 10 | 11


CLI For FortiGate Firewall|[email protected] | +91 9739521088

ip nat inside source


static tcp <local_ip>
39 <local_port> interface Configure static NAT for TCP
<interface>
<external_port>

interface <interface>
40 Enter subinterface configuration mode
<subinterface>

ip dhcp relay
41 Enable DHCP relay information option
information option

ip dhcp pool
42 Enter DHCP pool configuration mode
<pool_name>

no service password-
43 Disable password recovery mechanism
recovery

CLI For Fortigate Firewall| [email protected] | +91 9739521088 || P a g e 11 | 11

You might also like