Fortinet Fortigate CLI Commands

By | February 26, 2021


Show network interface configuration:

config system interface

Show all nics:

diagnose hardware deviceinfo nic

Show all info for specific nic:

diagnose hardware deviceinfo nic dmz

Execute ping:

execute ping

Ping Options:

execute ping-options view
execute ping-options source

Show Session Table:

diagnose sys session list


execute traceroute


execute telnet targethost


Show some statistics:

firewall statistic show

Show session table:

sys session full-stat


Change vdom:

config vdom
edit vdomname


Overall performance:

get system performance status

Top (use Shift+M for memory usage):

get system performance top


Show console log:

execute log filter dump
execute log filter category 0
execute log filter field hostname
execute log display

SSL Inspection

Show possible diag commands:

diagnose test application ssl 0

SSL Proxy Usage

diagnose test application ssl 4

Show info per connection:

diagnose test application ssl 44


Debug FSSO:

diag debug enable
diag debug authd fsso list
diag debug authd fsso server-status
diag debug authd fsso summary
diag debug authd fsso clear-logons
diag debug authd fsso refresh-logons
diag debug authd fsso refresh-groups


Show routing table:

get router info routing-table all


Neighbor status (neighbours have state up/down):

get router info ospf neighbor all

Delete all OSPF entries:

excecute router clear ospf process

Enable debug output:

diagnose ip router ospf all enable
diagnose ipo router ospf level info

Get Router Status:

get router info ospf status

Sniff for OSPF packets:

diagnose sniffer packet any ‘proto 89’ 4

Debug OSPF:

dignose ip router ospf all enable
diagnose ip router ospf level info
diagnose debug enable


Show ipsec tunnels:

get ipsec tunnel list 

Troubleshoot VPN connections:

diag debug application ike -1
diagnose vpn ike log-filter clear
diagnose vpn ike log-filter dst-addr
diagnose debug app ike 255
diagnose debug enable

Debug Flow

Debug traffic flow through the fortigate:

diagnose debug enable
diagnose debug flow show console enable
diagnose debug flow filter add
diagnose debug flow trace start 100

Admin Interface

Set certificate for admin interface:

config system global
set admin-server-cert certname