[FortiGate] Mastering the config display command of CLI

Firewall (UTM)

Work environment

  • FortiGate 60E
    • version 7.0.5

View config in CLI

When configuring the FortiGate, we often view the config in the CLI.

Its purpose is to:

  • To check the current setting value
  • To save the configuration as a backup or evidence

Here is some useful information for viewing the config in the CLI.

Logs obtained with the CLI show command cannot be used as restore input. If you want to obtain a configuration file for restoration, use the configuration backup function of the GUI to obtain it.

“show” and “show full-configuration”

The command to display the configuration is show, but there are two types: show and show full-configuration.

  • show
    • Display only setting items whose values have been changed from the default values
  • show full-configuration
    • Display all setting items including default value items

Depending on the configuration item, there are a lot of setting items, so basically I think that the setting value is often displayed with show, but if you want to check the setting value in detail, you will use show full-configuration.

The use of show and show full-configuration as commands is exactly the same, so any mention of the show command in this article should also apply to show full-configuration.

Current Hierarchy and Show Command Output

The output contents of the show command vary depending on the level of the CLI where it is used.

The show command only shows the config for the current hierarchy.

Immediately after logging into the CLI (let’s call it the global hierarchy), running the show command will show all the FortiGate configs.

FGT60E # show
#config-version=FGT60E-7.0.5-FW-build0304-220208:opmode=1:vdom=0:user=admin
#conf_file_ver=170643345677100
#buildno=0304
#global_vdom=1
config system global
    set admintimeout 100
    set alias "FortiGate-60E"
    set hostname "FGT60E"
    set language japanese
    set switch-controller enable
    set timezone 60
end
config system accprofile
.
.
.

Due to the amount of output from the show or show full-configuration commands on the global hierarchy, we do not recommend running them over a console connection. It is recommended to run with SSH connection.

On the other hand, for example, if you execute the show command in the config system global hierarchy (the state in which the config system global command has been executed), only the config of config system global will be displayed.

FGT60E # config system global

FGT60E (global) # show
config system global
    set admintimeout 100
    set alias "FortiGate-60E"
    set hostname "FGT60E"
    set language japanese
    set switch-controller enable
    set timezone 60
end

Furthermore, for example, if you are in the edit “wan1” hierarchy in the config system interface hierarchy and you execute the show command, only the configs in the edit “wan1” hierarchy in the config system interface hierarchy will be displayed.

FGT60E # config system interface

FGT60E (interface) # edit wan1

FGT60E (wan1) # show
config system interface
    edit "wan1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping https ssh http
        set type physical
        set role wan
        set snmp-index 1
        config ipv6
            set ip6-send-adv enable
            set ip6-other-flag enable
        end
    next
end

Since the show command only displays the configuration of the current hierarchy, use the show command to change the settings while checking the current setting values while changing settings in a certain configuration hierarchy. can do.

show command with config items

The show command can be executed by specifying configuration items in the following format.

  • show <config item name>
    • For <config item name>, specify the xxxxx part of config xxxxx excluding “config”

If you specify a configuration item and execute it, you can display only the configuration of the specified configuration item.

For example, if system global is specified, the output will be as follows.

FGT60E # show system global
config system global
    set admintimeout 100
    set alias "FortiGate-60E"
    set hostname "FGT60E"
    set language japanese
    set switch-controller enable
    set timezone 60
end

Suppress [–More–] in command output

By default, the FortiGate displays [--More--] and pauses after each page if there are too many lines of command output.

How to display the continuation when [--More--] is displayed is as follows.

  • press enter → show next line
  • Press the space key → display the next page

For example, when executing the show command in the global hierarchy, the number of output lines is so large that you have to press the space key all the time.

Here, you can change the FortiGate settings so that it doesn’t stop displaying command output, but instead displays them all together.

To display command output collectively, set output in config system console to standard.

The setting method is to set the output in the config system console to standard as follows.

config system console
    set output standard
end

By default the output is more.

config system console
    set output more
end

Note that the above setting is a permanent config setting, not a temporary setting for the current session like ter len 0 on Cisco devices.

FortiGate Mastery Web Book
Getting Started with FortiGate How to access the GUI of factory default FortiGate Basic knowledge about configuration co...
network-knowledge.work
2021.11.01
スポンサーリンク

Comments

Copied title and URL