Introduction

This article will gather some useful CLI commands for Fortigate firewalls configuration and diagnostic.

Toolbox

Filter

Any command result can be filtered like in a linux shell, using pipe and grep:

# <command> | grep <pattern>

Show a configuration when configuring

# config <menu> <submenu>
<submenu># show

List device interfaces

# show system interface

IPsec tunnel establishment diagnostic

# diag debug application ike -1
# diag debug enable
# diag vpn ike log-filter name <name_of_a_IPSec_tunnel>

Indentify tunnel and filter list

# diag vpn ike log-filter list

Debug disable

# diag debug disable

Routing

See all routes (whatever the protocol being used)

# get router info routing-table all

NB: you can replace "all" with "bgp" or "static" or "ospf" to list only those routes.

See all BGP neighbors

# get router info bgp neighbors

or

# get router info bgp summary

See advertised routes from a neighbor

# get router info bgp neighbors <neighbor_IP> advertised-routes

See received routes from a neighbor

# get router info bgp neighbors <neighbor_IP> received-routes

Enable soft reconfiguration

# config router bgp
# edit "<neighbor_IP>"
# set soft-reconfiguration enable
# next
# end