Yearly Archives: 2019

CLI Command syntax – FortiOS 6.2

Leave a reply

Command syntax

When entering a command, the CLI console requires that you use valid syntax and conform to expected input constraints. It will reject invalid commands.

Fortinet documentation uses the conventions below to describe valid command syntax.

Terminology

Each command line consists of a command word that is usually followed by configuration data or other specific item that the command uses or affects.

To describe the function of each word in the command line, especially if that nature has changed between firmware versions, Fortinet uses terms with the following definitions:

  • Command — A word that begins the command line and indicates an action that the FortiGate should perform on a part of the configuration or host on the network, such as config or execute. Together with other words, such as fields or values, that end when you press the Enter key, it forms a command line. Exceptions include multiline command lines, which can be entered using an escape sequence. Valid command lines must be unambiguous if abbreviated. Optional words or other command line permutations are indicated by syntax notation.
  • Sub-command — A config sub-command that is available only when nested within the scope of another command. After entering a command, its applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command. Indentation is used to indicate levels of nested commands.Not all top-level commands have sub-commands. Available sub-commands vary by their containing scope.
  • Object — A part of the configuration that contains tables and /or fields. Valid command lines must be specific enough to indicate an individual object.
  • Table — A set of fields that is one of possibly multiple similar sets which each have a name or number, such as an administrator account, policy, or network interface. These named or numbered sets are sometimes referenced by other parts of the configuration that use them.
  • Field — The name of a setting, such as ip or hostname. Fields in some tables must be configured with values. Failure to configure a required field will result in an invalid object configuration error message, and the FortiGate will discard the invalid table.
  • Value — A number, letter, IP address, or other type of input that is usually your configuration setting held by a field. Some commands, however, require multiple input values which may not be named but are simply entered in sequential order in the same command line. Valid input types are indicated by constraint notation. l Option — A kind of value that must be one or more words from of a fixed set of options.

Indentation

Indentation indicates levels of nested commands, which indicate what other sub-commands are available from within the scope. The “next” and “end” lines are used to maintain a hierarchy and flow to CLI commands, especially helping to distinguish those commands with extensive sub-commands.

The “next” line is entered at the same indentation-level as the previous “edit”, to mark where you would like to finish that table entry and move on to the next table entry; doing so will not mean that you have “left” that sub-command.

next

Below is an example command, with a sub-command of entries:

After entering settings for <2> and entering next, the <2> table entry has been saved, and you be set back one level of indentation so you can continue to create more entries (if you wish).

This hierarchy is best indicated in the CLI console, as the example below is what displays in the console after entering

end

Below is the same command and sub-command, except end has been entered instead of next after the subcommand:

Entering end will save the <2> table entry, but bring you out of the sub-command entirely; in this example, you would enter this when you don’t wish to continue creating new entries.

Again, your hierarchy is best indicated by the CLI console. Below is what displays in the console after entering end:

Notation

Brackets, braces, and pipes are used to denote valid permutations of the syntax. Constraint notations, such as <address_ipv4>, indicate which data types or string patterns are acceptable value input.

All syntax uses the following conventions:

Convention                                  Description
Square brackets [ ]         An optional word or series of words. For example:

[verbose {1 | 2 | 3}]

indicates that you may either omit or type both the word verbose and its accompanying option/s, such as verbose 3.

See Optional values and ranges below for more information.
Curly braces { }           A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces. You must enter at least one of the options, unless the set of options is surrounded by square brackets [ ].
Mutually exclusive options –    Both mutually and non-mutually exclusive commands will use curly braces, as delimited by vertical bars |   they provide multiple options, however mutually exclusive commands will divide each option with a pipe. This indicates that you are permitted to enter one option or the other:

{enable | disable}
Convention Description
Non-mutually exclusive options – delimited by spaces Non-mutually exclusive commands do not use pipes to divide their options. In those circumstances, multiple options can be entered at once, as long as they are entered with a space separating each option:

{http https ping snmp ssh telnet}
Angle brackets < > A word constrained by data type. The angled brackets contain a descriptive name followed by an underscore ( _ ) and suffix that indicates the valid data type. For example, <retries_int>, indicates that you should enter a number of retries as an integer.

Data types include: l <xxx_name>: A name referring to another part of the configuration, such as policy_A.

l  <xxx_index>: An index number referring to another part of the configuration, such as 0 for the first static route.

l  <xxx_pattern>: A regular expression or word with wild cards that matches possible variations, such as *@example.com to match all email addresses ending in @example.com.

l  <xxx_fqdn>: A fully qualified domain name (FQDN), such as mail.example.com.

l  <xxx_email>: An email address, such as admin@example.com. l <xxx_ipv4>: An IPv4 address, such as 192.168.1.99. l <xxx_v4mask>: A dotted decimal IPv4 netmask, such as 255.255.255.0.

l  <xxx_ipv4mask>: A dotted decimal IPv4 address and netmask separated by a space, such as 192.168.1.99 255.255.255.0.

l  <xxx_ipv4/mask>: A dotted decimal IPv4 address and CIDR-notation netmask separated by a slash, such as 192.168.1.1/24

l  <xxx_ipv4range>  : A hyphen ( – )-delimited inclusive range of IPv4 addresses, such as 192.168.1.1-192.168.1.255.

l  <xxx_ipv6>: A colon( : )-delimited hexadecimal IPv6 address, such as 3f2e:6a8b:78a3:0d82:1725:6a2f:0370:6234.

l  <xxx_v6mask>: An IPv6 netmask, such as /96.

l  <xxx_ipv6mask>: A dotted decimal IPv6 address and netmask separated by a space.

l  <xxx_str>: A string of characters that is not another data type, such as P@ssw0rd. Strings containing spaces or special characters must be surrounded in quotes or use escape sequences.

l  <xxx_int>: An integer number that represents a metric, minutes_int for the number of minutes.

Optional values and ranges

Any field that is optional will use square-brackets, such as set comment. This is because it doesn’t matter whether it’s set or not. The overall config command will still successfully be taken.

Another example of where square-brackets would be used is to show that multiple options can be set, even intermixed with ranges. The example below shows a field that can be set to either a specific value or range, or multiple instances:

config firewall service custom

set iprange <range1> [<range2> <range3> …]

end

Sub-commands

Each command line consists of a command word that is usually followed by configuration data or other specific item that the command uses or affects:

get system admin

Sub-commands are available from within the scope of some commands. When you enter a sub-command level, the command prompt changes to indicate the name of the current command scope. For example, after entering:

config system admin

the command prompt becomes:

(admin)#

Applicable sub-commands are available to you until you exit the scope of the command, or until you descend an additional level into another sub-command.

For example, the edit sub-command is available only within a command that affects tables; the next sub-command is available only from within the edit sub-command:

config system interface edit port1 set status up

next

end

Sub-command scope is indicated by indentation.

Available sub-commands vary by command. From a command prompt within config, two types of sub-commands might become available:

l commands affecting fields l commands affecting tables

Commands for tables

clone <table> Clone (or make a copy of) a table from the current object.

For example, in config firewall policy, you could enter the following command to clone security policy 27 to create security policy 30: clone 27 to 30

In config antivirus profile, you could enter the following command to clone an antivirus profile named av_pro_1 to create a new antivirus profile named av_pro_2:

clone av_pro_1 to av_pro_2 clone may not be available for all tables.
delete <table> Remove a table from the current object.
  For example, in config system admin, you could delete an administrator account named newadmin by typing delete newadmin and pressing Enter. This deletes newadmin and all its fields, such as newadmin’s first-name and email-address. delete is only available within objects containing tables.
edit <table> Create or edit a table in the current object.

For example, in config system admin:

l  edit the settings for the default admin administrator account by typing edit admin.

l  add a new administrator account with the name newadmin and edit newadmin‘s settings by typing edit newadmin.

edit is an interactive sub-command: further sub-commands are available from within edit. edit changes the prompt to reflect the table you are currently editing. edit is only available within objects containing tables.

In objects such as security policies, <table> is a sequence number. To create a new entry without the risk of overwriting an existing one, enter edit 0. The CLI initially confirms the creation of entry 0, but assigns the next unused number after you finish editing and enter end.
end Save the changes to the current object and exit the config command. This returns you to the top-level command prompt.
get List the configuration of the current object or table.•   In objects, get lists the table names (if present), or fields and their values.•   In a table, get lists the fields and their values.For more information on get commands, see the CLI Reference.
purge Remove all tables in the current object.

For example, in config user local, you could type get to see the list of user names, then type purge and then y to confirm that you want to delete all users.purge is only available for objects containing tables.

Caution: Back up the FortiGate before performing a purge. purge cannot be undone. To restore purged tables, the configuration must be restored from a backup.

Caution: Do not purge system interface or system admin tables.

purge does not provide default tables. This can result in being unable to connect or log in, requiring the FortiGate to be formatted and restored.
rename <table> to <table> Rename a table.

For example, in config system admin, you could rename admin3 to fwadmin by typing rename admin3 to fwadmin.rename is only available within objects containing tables.
show Display changes to the default configuration. Changes are listed in the form of configuration commands.

Example of table commands

From within the system admin object, you might enter:

edit admin_1

The CLI acknowledges the new table, and changes the command prompt to show that you are now within the admin_1 table:

new entry ‘admin_1’ added

(admin_1)#

Commands for fields

abort   Exit both the edit and/or config commands without saving the fields.
append   Add an option to an existing list.
end   Save the changes made to the current table or object fields, and exit the config command (to exit without saving, use abort instead).
get   List the configuration of the current object or table. l In objects, get lists the table names (if present), or fields and their values. l In a table, get lists the fields and their values.
move   Move an object within a list, when list order is important. For example, rearranging security policies within the policy list.
next   Save the changes you have made in the current table’s fields, and exit the edit command to the object prompt (to save and exit completely to the root prompt, use end instead).

next is useful when you want to create or edit several tables in the same object, without leaving and re-entering the config command each time.

next is only available from a table prompt; it is not available from an object prompt.
select   Clear all options except for those specified.

For example, if a group contains members A, B, C, and D and you remove all users except for B, use the command select member B.
set <field> <value>   Set a field’s value.

For example, in config system admin, after typing edit admin, you could type set password newpass to change the password of the admin administrator to newpass.

Note: When using set to change a field containing a space-delimited list, type the whole new list. For example, set <field> <new-value> will replace the list with the <new-value> rather than appending <new-value> to the list.
show   Display changes to the default configuration. Changes are listed in the form of configuration commands.
unselect   Remove an option from an existing list.
unset <field>   Reset the table or object’s fields to default values.

For example, in config system admin, after typing edit admin, typing unset password resets the password of the admin administrator account to the default (in this case, no password).

Example of field commands

To assign the value my1stExamplePassword to the password field, enter the following command from within the admin_1 table:

set password my1stExamplePassword

Next, to save the changes and edit the next administrator’s table, enter the next command.

CLI-only features – FortiOS 6.2

Leave a reply

CLI-only features

As you can see in the Feature / Platform Matrix, the entry level models have a number of features that are only available using the CLI, rather than appearing in the GUI.

You can open the CLI console so that it automatically opens to the object you wish to configure. For example, to edit a firewall policy, right-click on the policy in the policy list (Policy & Objects > IPv4 Policy) and select Edit in CLI. The CLI console will appear, with the commands to access this part of the configuration added automatically.

Once you have access to the CLI, you can enter instructions for specific tasks that can be found throughout the FortiOS Handbook. Options are also available at the top of the CLI Console to Clear console, Download, and Copy to clipboard.

Refer to the CLI Reference for a list of the available commands.

Connecting to the CLI – FortiOS 6.2

Leave a reply

Connecting to the CLI

You can access the CLI in three ways:

  • Local console — Connect your computer directly to the console port of your FortiGate. Local access is required in some cases:
  • If you are installing your FortiGate for the first time and it is not yet configured to connect to your network, you may only be able to connect to the CLI using a local serial console connection, unless you reconfigure your computer’s network settings for a peer connection.
  • Restoring the firmware utilizes a boot interrupt. Network access to the CLI is not available until after the boot process has completed, making local CLI access the only viable option.
  • SSH or Telnet access — Connect your computer through any network interface attached to one of the network ports on your FortiGate. The network interface must have enabled Telnet or SSH administrative access if you connect using an SSH/Telnet client, or HTTP/HTTPS administrative access if you connect by accessing the CLI Console in the GUI. The CLI console can be accessed from the upper-right hand corner of the screen and appears as a slide-out window. l — Use the FortiExplorer app on your iOS device to configure, manage, and monitor your FortiGate.

Local console

Local console connections to the CLI are formed by directly connecting your management computer or console to the FortiGate unit, using its DB-9 or RJ-45 console port. To connect to the local console you need:

  • A computer with an available serial communications (COM) port.
  • The RJ-45-to-DB-9 or null modem cable included in your FortiGate package.
  • Terminal emulation software such as HyperTerminal for Microsoft Windows.

The following procedure describes the connection using Microsoft HyperTerminal software; steps may vary with other terminal emulators.

To connect to the CLI using a local serial console connection

  1. Using the null modem or RJ-45-to-DB-9 cable, connect the FortiGate unit’s console port to the serial communications (COM) port on your management computer.
  2. On your management computer, start HyperTerminal.
  3. For the Connection Description, enter a Name for the connection, and select OK.
  4. On the Connect using drop-down, select the communications (COM) port on your management computer you are using to connect to the FortiGate unit.
  5. Select OK.
  6. Select the following Port settings and select OK.
Bits per second 9600
Data bits 8
Parity None
Stop bits 1
Flow control None
  1. Press Enter or Return on your keyboard to connect to the CLI.
  2. Type a valid administrator account name (such as admin) and press Enter.
  3. Type the password for that administrator account and press Enter. (In its default state, there is no password for the admin )

The CLI displays the following text:

Welcome!

Type ? to list available commands.

You can now enter CLI commands, including configuring access to the CLI through SSH or Telnet.

SSH or Telnet access

SSH or Telnet access to the CLI is accomplished by connecting your computer to the FortiGate unit using one of its RJ-45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.

You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is not connected directly or through a switch, you must also configure the FortiGate unit with a static route to a router that can forward packets from the FortiGate unit to your computer. You can do this using either a local console connection or the GUI.

Requirements

l A computer with an available serial communications (COM) port and RJ-45 port l Terminal emulation software such as HyperTerminal for Microsoft Windows l The RJ-45-to-DB-9 or null modem cable included in your FortiGate package l A network cable l Prior configuration of the operating mode, network interface, and static route.

To enable SSH or Telnet access to the CLI using a local console connection

  1. Using the network cable, connect the FortiGate unit’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiGate unit.
  2. Note the number of the physical network port.
  3. Using a local console connection, connect and log into the CLI.
  4. Enter the following command:

config system interface edit <interface_str> set allowaccess <protocols_list>

end

where:

  • <interface_str> is the name of the network interface associated with the physical network port and containing its number, such as port1.
  • <protocols_list> is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet.
  1. To confirm the configuration, enter the command to display the network interface’s settings:

show system interface <interface_str>

  1. The CLI displays the settings, including the allowed administrative access protocols, for the network interfaces.

Connecting using SSH

Once the FortiGate unit is configured to accept SSH connections, you can use an SSH client on your management computer to connect to the CLI.

Secure Shell (SSH) provides both secure authentication and secure communications to the CLI. FortiGate units support 3DES and Blowfish encryption algorithms for SSH.

Before you can connect to the CLI using SSH, you must first configure a network interface to accept SSH connections. The following procedure uses PuTTY. Steps may vary with other SSH clients.

To connect to the CLI using SSH

  1. On your management computer, start an SSH client.
  2. In Host Name (or IP address), enter the IP address of a network interface on which you have enabled SSH administrative access.
  3. Set Port to 22.
  4. For the Connection type, select SSH.
  5. Select Open. The SSH client connects to the FortiGate unit.

The SSH client may display a warning if this is the first time you are connecting to the FortiGate unit and its SSH key is not yet recognized by your SSH client, or if you have previously connected to the FortiGate unit but used a different IP address or SSH key. This is normal if your management computer is directly connected to the FortiGate unit with no network hosts between them.

  1. Click Yes to verify the fingerprint and accept the FortiGate unit’s SSH key. You will not be able to log in until you have accepted the key.
  2. The CLI displays a login prompt.
  3. Type a valid administrator account name (such as admin) and press Enter.
  4. Type the password for this administrator account and press Enter.

The FortiGate unit displays a command prompt (its hostname followed by a #). You can now enter CLI commands.

Connecting using Telnet

Once the FortiGate unit is configured to accept Telnet connections, you can use a Telnet client on your management computer to connect to the CLI.

Before you can connect to the CLI using Telnet, you must first configure a network interface to accept Telnet connections.

To connect to the CLI using Telnet

  1. On your management computer, start a Telnet client.
  2. Connect to a FortiGate network interface on which you have enabled Telnet.
  3. Type a valid administrator account name (such as admin) and press Enter.
  4. Type the password for this administrator account and press Enter. The FortiGate unit displays a command prompt (its hostname followed by a #). You can now enter CLI commands.

Text strings – FortiOS 6.2

Leave a reply

Text strings

The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them. Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.

Entering text strings (names)

Text strings are used to name entities in the configuration. For example, the name of a firewall address, the name of an administrative user, and so on. You can enter any character in a FortiGate configuration text string, except the following characters that present cross-site scripting (XSS) vulnerabilities: l (double quote) l & (ampersand) l (single quote) l < (less than) l > (greater than)

Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.

You can also use the tree command in the CLI to view the number of characters allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.

config firewall address tree

— [address] –*name (64)

|- uuid

|- subnet

|- type

|- start-ip

|- end-ip

|- fqdn (256)

|- country (3)

|- cache-ttl (0,86400)

|- wildcard

|- comment

|- visibility

|- associated-interface (36)

|- color (0,32)

|- [tags] –*name (65)

+- allow-routing

The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully qualified domain name (fqdn) field can contain up to 256 characters.

Entering numeric values

Numeric values set various sizes, rates, addresses, and other numeric values (e.g. a static routing priority of 10, a port number of 8080, an IP address of 10.10.10.1). Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (e.g. the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base 10 numbers, but some fields, such as MAC addresses, require hexadecimal numbers.

Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help text includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.

Tables – FortiOS 6.2

Leave a reply

Tables

Many of the GUI pages contain tables of information that you can filter to display specific information. Administrators with read and write access can define the filters.

Navigation

Some tables contain information and lists that span multiple pages. Navigation controls appear at the bottom of the page.

Filters

Filters are used to locate a specific set of information or content within multiple pages. These are especially useful in locating specific log entries. The specific filtering options vary, depending on the type of information in the log.

To create a filter, select Add Filter at the top of the page. A list of the available fields for filtering will be shown.

Column settings

Column settings are used to select the types of information displayed on a certain page. Some pages have large amounts of information available and not all content can be displayed on a single screen. Some pages may even contain content that is irrelevant to you. Using column settings, you can choose to display only relevant content.

To view configure column settings, right-click the header of a column and select the columns you wish to view and deselect any you wish to hide. After you have finished making your selections, click Apply (you may need to scroll down the list to do so).

Any changes that you make to the column settings are stored in the unit’s configuration. To return columns to the default state for any given page, right-click any header and select Reset Table.

Copying objects

In tables containing configuration objects, such as the policy table found at Policy & Objects > IPv4 Policy, you have the option to copy an object. This allows you to create a copy of that object, which you can then configure as needed.

You can also reverse copy a policy to change the direction of the traffic impacted by that policy.

To copy an object:

  1. Select that object, then right-click to make a menu appear and select the Copy
  2. Right-click the row in the table that is either above or below where you want the copied object to be placed, select the Paste option and indicate Above or Below.

Reverse cloning works much the same way. Instead of selecting Copy, select Clone Reverse.

Once the policy is copied, you must give it a name, configure as needed, and enable it.

Editing objects

Some tables allow you to edit parts of the configuration directly on the table itself. For example, security features can be added to an existing firewall policy from the policy list by clicking on the plus sign in the Security Profiles column and selecting the desired profiles.

If this option is not immediately available, check to see that the column is not hidden (see Column settings). Otherwise, you must select the object and open the policy by selecting the Edit option found at the top of the page.

Feature Visibility – FortiOS 6.2

Leave a reply

Feature Visibility

Feature Visibility is used to control which features are visible in the GUI. This allows you to hide features that are not being used. Some features are also disabled by default and must be enabled in order to configure them through the GUI.

Feature Visibility only alters the visibility of these features, rather than their functionality. For example, disabling web filtering on the Feature Visibility page does not remove web filtering from the FortiGate, but removes the option of configuring web filtering from the GUI. Configuration options will still be available using the CLI.

Enabling/disabling features

Feature Visibility can be found at System > Feature Visibility. Ensure that all features you wish to configure in the GUI are turned on, and that features you wish to hide are turned off. When you have finished, select Apply. Security feature presets

The main security features can be toggled individually, however six system presets (or Feature Sets) are available:

  • NGFW should be chosen for networks that require application control and protection from external attacks. l ATP should be chosen for networks that require protection from viruses and other external threats. l WF should be chosen for networks that require web filtering. l NGFW + ATP should be chosen for networks that require protection from external threats and attacks.
  • UTM should be chosen for networks that require protection from external threats and wish to use security features that control network usage. This is the default setting.
  • Custom should be chosen for networks that require customization of available features (including the ability to select all features).

Dashboard – FortiOS 6.2

Leave a reply

Dashboard

The FortiOS Dashboard consists of a Network Operations Center (NOC) view with a focus on alerts. Widgets are interactive. By clicking or hovering over most widgets, the user can see additional information or follow links to other pages.

The dashboard and its widgets include:

  • Multiple dashboard support l VDOM and global dashboards l Widget resize control l Notifications on the top header bar

The following widgets are displayed by default:

Widget Description
System Information The System Information widget lists information relevant to the FortiGate system, including hostname, serial number, and firmware.
Security Fabric The Security Fabric widget displays a visual summary of many of the devices in the Fortinet Security Fabric.
CPU The real-time CPU usage is displayed for different time frames.
Widget Description
Licenses Hovering over the Licenses widget results in the display of status information (and, where applicable, database information) on the licenses for FortiCare Support, Firmware & General Updates, AntiVirus, Web Filtering, Security Rating,

FortiClient, and FortiToken. Note that Mobile Malware is not a separate service in FortiOS 6.0.0. The Mobile Malware subscription is included with the AntiVirus subscription. Clicking in the Licenses widget provides you with links to other pages, such as System > FortiGuard or contract renewal pages.
FortiCloud This widget displays FortiCloud status and provides a link to activate FortiCloud.
Administrators This widget allows you to view: l which administrators are logged in and how many sessions are active (a link directs you to a page displaying active administrator sessions) l all connected administrators and the protocols used by each
Memory Real-time memory usage is displayed for different time frames. Hovering over any point on the graph displays percentage of memory used along with a timestamp.
Sessions Hovering over the Sessions widget allows you to view memory usage data over time. Click on the down arrow to change the timeframe displayed.

Security processing unit, or SPU, percentage is displayed if your FortiGate includes an SPU. Likewise, nTurbo percentage is displayed if supported by your FortiGate.
Bandwidth Hover over the Bandwidth widget to display bandwidth usage data over time. Click on the down arrow to change the timeframe displayed. Bandwidth is displayed for both incoming and outgoing traffic.
Virtual Machine The VM widget (shown by default in the dashboard of a FortiOS VM device) includes:

l License status and type l CPU allocation usage l License RAM usage l VMX license information (if the VM supports VMX)

If the VM license specifies ‘unlimited’ the progress bar is blank. If the VM is in evaluation mode, it is yellow (warning style) and the dashboard shows the number of evaluation days used.

The following optional widgets are also available:

  • FortiView l Host Scan Summary
  • Vulnerabilities Summary l Botnet Activity l HA Status l Log Rate l Session Rate l Security Fabric Score l Advanced Threat Protection Statistics l Interface Bandwidth

Modifying dashboard widget titles

Dashboard widget titles can be modified so that widgets with different filters applied can be easily differentiated. The widget has a default title unless you set a new title.

Syntax

config system admin edit <name> config gui-dashboard config widget edit 9 set type fortiview …

set title “test source by bytes”

end

end

end

Menus – FortiOS 6.2

Leave a reply

Menus

If you believe your FortiGate model supports a menu that does not appear in the GUI as expected, go to System > Feature Visibility and ensure the feature is enabled. For more information, see Feature Visibility on page 18.

The GUI contains the following main menus, which provide access to configuration options for most FortiOS features:

Dashboard The dashboard displays various widgets that display important system information and allow you to configure some system options.

For more information, see Dashboard on page 16.
Security Fabric Access the physical topology, logical topology, audit, and settings features of the Fortinet Security Fabric.

For more information, see Security Fabric on page 72.
FortiView A collection of dashboards and logs that give insight into network traffic, showing which users are creating the most traffic, what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.
Network Options for networking, including configuring system interfaces and routing options.

For more information, see Network Configurations on page 95.
System Configure system settings, such as administrators, FortiGuard, and certificates. For more information, see System Configurations on page 150.
Policy & Objects Configure firewall policies, protocol options, and supporting content for policies, including schedules, firewall addresses, and traffic shapers.

For more information, see Policies and Objects on page 224.
Security Profiles Configure your FortiGate’s security features, including AntiVirus, Web Filtering, and Application Control.

For more information, see Security Profiles on page 280.
VPN Configure options for IPsec and SSL virtual private networks (VPNs).

For more information, see IPsec VPNs on page 412 and SSL VPN on page 571.
User & Device Configure user accounts, groups, and authentication methods, including external authentication and single sign-on (SSO).
WiFi & Switch Controller Configure the unit to act as a wireless network controller, managing the wireless Access Point (AP) functionality of FortiWiFi and FortiAP units.

On certain FortiGate models, this menu has additional features allowing for FortiSwitch units to be managed by the FortiGate.

For more information, see WiFi on page 639.
Log & Report Configure logging and alert email as well as reports.

For more information, see Log and Report on page 718.
Monitor View a variety of monitors, including the Routing Monitor, VPN monitors for both IPsec and SSL, monitors relating to wireless networking, and more.