Some useful Fortinet commands for Troubleshooting | FortiGate - Part 01

Command Structure

The first step is know how to use the CLI structure, so, bellow we have the main commands:

#show - Display changes to the default configuration.
#edit - Create or edit a table in the current object.
#edit 0 - will use the next ID available in a sequence number.
#get - List the configuration of the current object or table.
#next - Save current entry (edit X) and return to table.
#set/unset - Set a field / Reset a field to the default value.
#end - Save the current changes and exit menu.
#delete - Remove a table from the current object.
#abort - Exit commands without saving the fields (ctrl+C).
#tree - Display the command tree for the current config section.

Basic Commands

After understanding the command structure, the sequence of commands below can be useful in some connectivity issue scenarios and may help resolve them.

#get sys status - Show status summary.
#get sys perf stat - Show Fortigate ressources summary.
#execute shutdown/reboot - Shutdown the device/reboot.
#execute ping(-options) - Ping something (can add options).
#execute ssh @ - SSH to another server.
#get sys arp (| grep x.x) Show the arp table (filtered by x.x).
#show | grep -f something - Find where “something” is used (cases-sensitive, can use -i to be case insensitive).

Applying the commands

We will use some commands listed here in potential use cases.

The sequence of commands in the gallery displays the following information:

- How to obtain the equipment's arp table and how to create filters.
- How to execute ping and its options, such as filtering the source and number of hops.

These are basic but important commands that are very common in everyday life.