tcpdump -nni [interface] host [ip]
tcpdump -nni [interface] net [ip]/[cidr]
tcpdump -nni [interface] host [ip] and port [port]
tcpdump -nni [interface] vlan [vlan #] and host [ip]
tcpdump -w [file].cap -s 1514 -nni [interface] host [src] and host [dst]        !! captures entire packet into file
tcpdump -r [file].cap                    !! Replay the capture from the file
tcpdump -nni [interface] host [ip] &      !! & symbol puts capture in the background
tcpdump -nni [interface] \(host [ip] or host [ip]\) and \(host [ip] or host [ip]\)
tcpdump -nni [interface] ip proto 112

fw monitor -e 'accept src=[ip] or dst=[ip] ;'    !! net ip/CIDR ??
fw monitor -e "accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);"

[ # ]

exec licese-key <key>
get license

Notes:

  • Refers to what follows "advanced=", no spaces or line breaks

[ # ]

!! Node A - Master
set nsrp rto-mirror sync
set nsrp monitor interface eth1
set nsrp monitor interface eth3
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 100

!! Node B - Backup
set nsrp rto-mirror sync
set nsrp monitor interface eth1
set nsrp monitor interface eth3
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 90
save
exec nsrp sync global-config save  !! Performed on the backup device

Notes:

  • Configure the interfaces PRIOR to performing NSRP configuration
  • After syncing config, reboot the secondary firewall

[ # ]

get log traffic src-ip <ip> dst-ip <ip>
get session src-ip <src IP> dst-ip <dst IP>

[ # ]

execute restore image <firmware_filename> <tftp server ip>

[ # ]

show system interface <optional:interface name>  !! View interface configuration (mode will be dhcp client or static)
show dhcp system server  !! View DHCP server information (if empty, it's disabled)
show router static  !! View Static Routes ("device" is the interface, if no "set dst" then it is the default route)
execute ping <ip>
execute traceroute <ip>
get system status  !! View version information

!! Packet Capture (additional commands needed if traffic is hardware accelerated)    
diag sniffer packet <interface> 'src host <src-ip> and dst host <ip> and (port <port> or port <port>)' <verbosity_1-6> <count> a   !! count of 0 means continuous, 'a' means show actual timestamp of packet

Example:

diag sniffer packet internal 'src host 192.168.0.130 and dst host 192.168.0.1' 4 0 a

Notes:

  • if you wanna see bidirectional traffic, omit src and dst. just like tcpdump

[ # ]

execute date
execute time

config system global
 set timezone 25
 end
configure system global
 set dst disable
 end
execute date <year>-<month>-<day>
execute time <24hour>:<minutes>:<seconds>

config system ntp
 config ntpserver
  edit 1    !! Keep going, edit 2, etc for each additional
   set server <ntp-server-ip>
   end
config system ntp
 set ntpsync enable
 end

Notes:

  • This configuration is for UTC, disabling DST

[ # ]

!! Set Default Route
conf router static
 edit <some name, like 1>
  set gateway <gateway IP>
  end

!! Set static route
config router static
 edit <some name, usually number>
 set device <interface>
 set dst <ip> <netmask>
 set gateway <ip>
 end

[ # ]

diagnose sys flash list   !! View current partitions
execute set-next-reboot <primary|secondary>

Notes:

  • Fortigate 100 and larger models support multiple partitions

Documentation

[ # ]

execute factoryreset
execute formatlogdisk

Notes:

  • 'execute formatlogdisk' formats the optional hard drive

[ # ]