For the CLI use SSH or the console port whenever possible. The CLI widget in the browser got some limitations with scrolling, cut and paste as with special characters.
Default User, IP, Console Settings
| admin / no password | Default user |
| 192.168.1.99/24 | Default IP on port1, internal, lan or mgmt Port |
| 9600/8-N-1, hardware flow control disabled | Default serial console settings |
Keyboard Shortcuts
Fortinet offers some shortcuts to position the cursor on the CLI
| up arrow, CTRL-P | Previous command |
| down arrow, CTRL+N | Next command |
| CTRL-A | Beginning of line |
| CTRL-E | End of line |
| CTRL-B | Back one word |
| CTRL-F | Forward one word |
| CTRL-D | Delete current Character |
| CTRL-C | Abort Command and exit Branch(be careful: CTRL-C is context sensitive. It moves you up to the previous command branch level. If you are already at the top, it logs you out |
| CTRL-L | Clear screen |
| TAB key | Completes the current word or iterates through the folioing words |
| ? | Possible commands |
Official documentation and information in the Internet
| docs.fortinet.com | Dokumentation |
| kb.fortinet.com | Knowledge base |
| cookbook.fortinet.com | Cookbooks |
| support.fortinet.com | Support site (Login required) |
| forum.fortinet.com | User forum |
| wiki.diagnose.fortinet.com | Diagnose wiki (outdated) |
Show the configuration
show displays what is different from default. show full shows all parameters, defaults included.
show show full-configuration
show displays “-More-“. To suppress it:
config system console set output standard end
Revert the setting back to “more” if you don’t require it anymore.
Config save manually (revert) or automatically
If the configuration is not saved within 10 minutes, it will be reverted.
config system global set cfg-save revert set cfg-revert-timeout 600 end exec cfg save
Save the configuration automatically
config system global set cfg-save automatic end
Find a specific expression with grep
grep finds all the lines containing the expression you are re looking for. grep -f only works with show. It displays the whole config block, where the expression is found.
diag sys session list | grep 10.1.2.3 show full | grep -f ip
Config save with SCP
It is possible to save your configuration from a remote device using scp.
config system global set admin-scp enable end
scp admin@<firewall-ip-address>:sys_config fortigate-config-<datum>.txt
Using VDOMs
Enable VDOMs
config system global set vdom-admin enable end
Enter the global part or a VDOM
config global config vdom edit <vdom>
Execute commands in a different VDOM
sudo {global|vdom-name} {diag|exec|show|get}Factory Reset
A complete reset
exec factoryreset
Admin user, interface settings and static routing remain unchanged
exec factoryreset2
Show Config Errors after a firmware upgrade
Config errors after a firmware upgrade
diag debug config-error-log read
System Status
General system information
get system status
Complete report required by Fortinet support
exec tac report