Scribd Logo
Upload

Welcome to Scribd!

  • Fortigate Cheatsheets

    Uploaded by

    Raneesh Ramesan
    55 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views2 pages

    Fortigate Cheatsheets

    Uploaded by

    Raneesh Ramesan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    FORTINET FORTIGATE – CLI CHEATSHEET

    COMMAND DESCRIPTION COMMAND DESCRIPTION

    MAIN COMMAND STRUCTURE BASIC COMMANDS


    show Display changes to the default configuration get sys status Show status summary
    Create or edit a table in the current object. get sys perf stat Show Fortigate ressources summary
    edit exec shutdown/reboot Shutdown the device/reboot
    edit 0 will use the next ID available in a sequence number
    get List the configuration of the current object or table execute ping(-options) Ping something (can add options)
    next Save current entry (edit X) and return to table execute ssh <user>@<ip> SSH to another server
    set/unset Set a field / Reset a field to the default value get sys arp (| grep x.x) Show the arp table (filtered by x.x)
    end Save the current changes and exit menu Find where “something” is used (cases-sensitive, can use -i
    show | grep -f something
    delete Remove a table from the current object to be case insensitive)
    abort Exit commands without saving the fields (ctrl+C) CONFIG MANAGEMENT COMMANDS
    tree Display the command tree for the current config section diag hard deviceinfo disk Show disks and partitions usage
    INTERFACE COMMANDS exec setnextreboot ? Select partition for the next reboot
    Show interfaces status. Use get to retrieve dynamic information diag sys flash list Show partitions status
    show/get system interface Reset to factory default (2 to keep network) (if VM, use
    (such as PPPoE IP) exec factoryreset [keepvmlicense]
    config sys interface keepvmlicense)
    edit <port> exec restore config Restore configuration (reboots)
    set ip x.x.x.x/y Basic interface ip configuration exec backup conf Backup configuration
    set allow ssh ping https exec formatlogdisk Format log disk
    end Show config parsing errors (after upgrade) > should be
    diag hard dev nic <port> Show interfaces statistics diag debug config-error-log read
    empty
    diag netlink device list Show interfaces statistics (errors) FORTIGUARD COMMANDS
    Forces a download of the whole AV/IPS database, with
    VPN COMMANDS execute update-now
    license check
    diag vpn ike gateway list Show phase 1 diag autoupd status/version Show FGD engine and database
    Show phase 2
    diag vpn tunnel list diag debug rating Show current connectivity with URL rating servers
    (shows npu flag)
    diag vpn ike gateway flush name diag deb en
    Flush a phase 1 Troubleshoot AV/IPS download
    <phase1> diag deb app update -1
    diag vpn tunnel up <phase2>
    Bring up a phase 2
    diag debug en networkinterview.com
    diag vpn ike log-filter daddr x.x.x.x Troubleshoot VPN issue
    (An Initiative By ipwithease.com)
    diag debug app ike 1
    FORTINET FORTIGATE – CLI CHEATSHEET (contd.)
    COMMAND DESCRIPTION COMMAND DESCRIPTION

    DEBUG COMMANDS HIGH AVAILABILITY COMMANDS


    diag debug enable Debug flow get sys ha status
    Display HA conf summary
    diag debug flow sh c en diag sys ha status
    diag debug flow sh f en diag sys ha history read Display HA history events
    diag debug flow filter saddr x.x.x.x Dispaly the config checksum for any members of the
    diag sys ha check cluster
    diag debug flow filter daddr y.y.y.y cluster and show details of the config for a vdom (here
    diag sys ha check sh root
    diag debug flow trace start 10 root)
    diag debug reset exec ha synchronize all Synchronize all parts of the config
    diag deb en diag deb cons
    diag debug crashlog read Show crashlog timestamp en
    Troubleshoot HA synchronization issue
    diag sys session filter src x.x.x.x Filter session table List session Clear these sessions diag deb app hatalk 1
    diag sys session filter dst x.x.x.x diag deb app hasync 1
    diag sys session list diag sys Reset ha uptime criteria (to trigger failover unless override
    diag sys ha resetuptime
    session clear is enabled => default is disabled)
    diag deb en diag sniffer packet haint
    Debug authentication Sniffer on heartbeat ports (here haint)
    diag deb app fnbamd -1 ‘ether[12:2]=0x8890’ 6
    diag debug report Collect lots of info exec ha manage <id> <admin> Connect on a subordinate device
    diag sys top <seconds> <nb_lines> STATIC ROUTING COMMANDS
    shift+P for CPU ordering, shift+M for Processes usage (CPU usage) config router static Add a static route
    Mem ordering edit 0
    diag sys top-summary ‘-s mem’ set device internal
    Processes usage (Mem usage)
    ‘-h’ to show options set dst x.x.x.x/y
    abort Exit commands without saving the fields (ctrl+C) set gateway z.z.z.z
    tree Display the command tree for the current config section end
    get ro info ro details x.x.x.x Display the route used to reach the IP x.x.x.x
    networkinterview.com diag firewall proute list Display the Policy Routes
    get router info routingtable all get
    (An Initiative By ipwithease.com) router info routingtable database
    Display the current routing table active/configured
    diag ip route list Display the kernel routing table

    Powered by TCPDF (www.tcpdf.org)

    You might also like