11/26/2020 FortiNet CLI Cheat Sheet – Dwain Hutten – IT Pro

Command What does it do?

config system arp-table Add static ARP entries
config system interface Show all NIC’s
config router prefix-list Add a prefix-list
Type show, to see current prefix-lists.
config router route-map Add a route-map
Type show, to see current route maps
diag debug crashlog read Get crash log – shows the crashlog in a
readable format.
diag debug rating Show list of FortiGuard Services
diag ip arp delete <interface Remove a single ARP table entry
name> IP address>
diag ip arp list  View ARP cache
diagnose debug enable >
diagnose debug application Debug LDAP or Radius
fnbamd 1 
diag debug reset
diag ip router bgp all enable Debug BGP
diag ip router bgp level info
diag debug enable
diag debug disable Disable Debug output
diagnose firewall ipgeo Show Geo IP countries
country-list
diagnose firewall ipgeo ip- Show Geo IP IPv4 address list
list all
diagnose hardware deviceinfo Show hardware info for NIC
nic
diagnose hardware deviceinfo Show device information for specific
nic <nic> NIC 
diagnose hardware sysinfo Show shared memory information –

https://www.dwainhutten.nl/2020/10/20/fortinet-cli-cheat-sheet/ 2/6
11/26/2020 FortiNet CLI Cheat Sheet – Dwain Hutten – IT Pro

shm Look if conservemode is 1

diagnose sys ha hadiff status Show a HA diff:
diagnose sys ha reset uptime Execute a fail-over
diagnose sys kill process_id 15 Kill
kill. 
processes – uses a unconditional
diagnose sys session list Show session table
diagnose sys tcpsock List open networking ports:
diagnose sys top Show top with processes: 
exec router clear bgp all Clear all BGP sessions
Soft Clear all BGP (this will refresh the
exec router clear bgp all soft BGP routing table, but BGP session
remains)
exec router clear bgp ip soft Soft Clear BGP for specific neighbor
x.x.x.x
exec ha manage 0/1 Manage other cluster member through
HA interface
exec log display Display log 
exec ping <dst> Execute a ping
exec ping-options Set specific ping options
exec ping-options source  Set specific source IP
exec tac report Generate a TAC report
exec telnet ip:port Execute a telnet
exec ssh ip:port Execute a SSH client
exec traceroute Execute a traceroute 
exec clear system arp table Clear ARP cache
exec log filter Set a log filter
exec update-geo-ip Update Geo IP addresses
https://www.dwainhutten.nl/2020/10/20/fortinet-cli-cheat-sheet/ 3/6
11/26/2020 FortiNet CLI Cheat Sheet – Dwain Hutten – IT Pro

exec update-av Update Antivirus Database

exec update-ips Update IPS Database
get router info routing-table all Show routing table
get router info routing-table Show routing database 
database
get router info routing-table Show BGP routes
bgp
get router info routing-table Show OSPF routes
ospf
get router info routing-table Show Direct Connected routes
connected
get router info routing-table Get routing information for specific
details <host> <host> 
get router info bgp summary Show BGP Peer status and received
prefixes
get router route-map Show available route-maps
get router prefix-list Show available prefix-lists
get system arp Show ARP table
get system checksum status Show HA checksum
get system ha status Show HA status
get system performance status Show performance usage
get system performance top Show top – , use SHIFTM to sort on
memory usage. 
get system session list Short list for session table
get system status Show system status 
get vpn ipsec tunnel details Show details for IPSEC VPN tunnel
get vpn ipsec tunnel summary Show summary list of IPSEC VPN

https://www.dwainhutten.nl/2020/10/20/fortinet-cli-cheat-sheet/ 4/6