Username: admin
Password: <empty>

[ # ]

get system status
get system performance status
diag hardware sysinfo memory
diagnose sys session stat
get system performance top 3 99    !! Let it run for 20-30 secs, then hit ctr + c to stop the command
diag debug crashlog read

[ # ]

diag debug report

[ # ]

execute date
execute time

config system global
 set timezone 25
 end
configure system global
 set dst disable
 end
execute date <year>-<month>-<day>
execute time <24hour>:<minutes>:<seconds>

config system ntp
 config ntpserver
  edit 1    !! Keep going, edit 2, etc for each additional
   set server <ntp-server-ip>
   end
config system ntp
 set ntpsync enable
 end

Notes:

  • This configuration is for UTC, disabling DST

[ # ]

config vpn ipsec phase2
  edit "<Phase2-Name>"
    set use-natip <enable|disable>

Notes:

  • If NATing, enabled (default) will use the public IP of FortiGate as the source selector (encryption domain), disable will use what's configured in the phase 2 settings (src-start-ip/src-end-ip or src-subnet)

Documentation

[ # ]

config system ha
    set group-name <cluster_name>
    set mode <a-a|a-p|standalone>        !! Active-Active, Active-Passive, or Standalone
    set password <HA_Password>
    set hbdev <heartbeat-port>            !! This port cannot be an interface with an IP and in use
    set session-pickup <enable|disable>    !! Sync of sessions (not failover multicast or SSLVPN sessions)
    set override <enable|disable>        !! Preempt
    set monitor <int1> <int2> <etc>        
    set priority <#>                    !! Default is 128
end

Notes:

  • To bring a new device into the cluster, ensure the new device has a lower priority than the active device. After connecting to the network and configuring the above settings, the configuration should by pulled from the active unit

Documentation

[ # ]

config system global
 set admin-sport 8443
 set sslvpn-sport 443
 end

[ # ]

!! Ensure ssh is allowed on the interface you are attempting to access
config system interface
edit <interface>
set allowaccess ping https ssh  !! SSH added to the other allowed admin options
end

!! Enable SCP
config system global
set admin-scp enable
end

!! To backup the system
scp admin@<ip>:sysconfig <local-file>

Notes:

  • SCP is disabled by default and may become disabled after an upgrade

[ # ]

config admin
 edit <username>
  set accprofile "super_admin"
  set password <password>
  set trusthost1 <ip>/<cidr>
  set trusthost2 <ip>/<cidr>  // Add as many as required
  end

[ # ]

sync-prefs

[ # ]