FortiGate Initial Config via CLI

Configure Network Interfaces


  • Set wan1 interface to static IP address
  • Configured default route of
  • Allow ping and HTTPS on wan1 interface
  • Set LAN interface to
  • Set LAN interface’s DHCP scope address range as
  • Change lease time from default of 7 days to 2 hours
config system interface
 edit wan1
  set mode static
  set ip
  set allowaccess ping https fgfm
 edit lan
  set ip
config router static
 edit 0 
  set gateway
  set distance 1
  set device wan1
config sys dhcp server
 edit 1
  set default-gateway
  set netmask
  set lease-time 7200
  config ip-range
   edit 1
    set start-ip
    set end-ip

Other useful commands

Change the admin user password:

config system admin
 edit admin
 set password MyNewPassword end

Create a secondary admin user

config system admin
    edit secondadminusername
      set accprofile super_admin
      set password MyPasswordGoesHere

Get L1 and L3 status of all interfaces

get system interface physical

Disabled/Enable an interface

config system interface
 edit lan
  set status down
 edit lan
  set status up

Enable sending of LLDP information

config system global
    set lldp-transmission enable

Check the route table

get router info routing-table all

Check the ARP Table

get system arp

Get the software version and serial number

get system status

Ping something

execute ping

Reboot the firewall

execute reboot




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s