execute ha manage <device-id>

Notes:

  • You can question mark after 'manage' to view available devices and their IDs

Documentation

[ # ]

execute factoryreset
execute formatlogdisk

Notes:

  • 'execute formatlogdisk' formats the optional hard drive

[ # ]

diagnose sys flash list   !! View current partitions
execute set-next-reboot <primary|secondary>

Notes:

  • Fortigate 100 and larger models support multiple partitions

Documentation

[ # ]

!! Set Default Route
conf router static
 edit <some name, like 1>
  set gateway <gateway IP>
  end

!! Set static route
config router static
 edit <some name, usually number>
 set device <interface>
 set dst <ip> <netmask>
 set gateway <ip>
 end

[ # ]

execute date
execute time

config system global
 set timezone 25
 end
configure system global
 set dst disable
 end
execute date <year>-<month>-<day>
execute time <24hour>:<minutes>:<seconds>

config system ntp
 config ntpserver
  edit 1    !! Keep going, edit 2, etc for each additional
   set server <ntp-server-ip>
   end
config system ntp
 set ntpsync enable
 end

Notes:

  • This configuration is for UTC, disabling DST

[ # ]

show system interface <optional:interface name>  !! View interface configuration (mode will be dhcp client or static)
show dhcp system server  !! View DHCP server information (if empty, it's disabled)
show router static  !! View Static Routes ("device" is the interface, if no "set dst" then it is the default route)
execute ping <ip>
execute traceroute <ip>
get system status  !! View version information

!! Packet Capture (additional commands needed if traffic is hardware accelerated)    
diag sniffer packet <interface> 'src host <src-ip> and dst host <ip> and (port <port> or port <port>)' <verbosity_1-6> <count> a   !! count of 0 means continuous, 'a' means show actual timestamp of packet

Example:

diag sniffer packet internal 'src host 192.168.0.130 and dst host 192.168.0.1' 4 0 a

Notes:

  • if you wanna see bidirectional traffic, omit src and dst. just like tcpdump

[ # ]

execute restore image <firmware_filename> <tftp server ip>

[ # ]

diag hardware sysinfo shm

Notes:

The following are possible results for 'conservemode'

  • 0 - Not in Conserve Mode
  • 1 - Conserve Mode
  • 2 - Kernel Conserve Mode

Documentation

[ # ]

config log syslogd setting
 set status enable
 set server <ip>
 end

Notes:

  • For additional syslog servers, replace 'syslogd' with syslogd2 or syslogd3
  • Max of 3 syslog servers

[ # ]

config admin
 edit <username>
  set accprofile "super_admin"
  set password <password>
  set trusthost1 <ip>/<cidr>
  set trusthost2 <ip>/<cidr>  // Add as many as required
  end

[ # ]