Its super basic lab brother 🙂

Hey,

Just asked for regular fw, not embedded. In Fortinet, yes, if you press option I pointed out, it will show you cli config in embedded cli (terminal) and you can even change it right there.

I was thinking maybe "configuration" option in CP web UI may do something, but nothing comes up no matter how many times I press it.

Andy

Example of what I gave initially.

Andy

Cool I get it, handy if you want to learn the CLI also

I think so, ya.

Correct, BUT, that opens generic clish, NOT for specific/given settings, like Fortinet screenshot I posted.

Andy

To be honest, the config structure of the Fortigate is totally different. Start with #edit

akos

Yep, totally different. I would say its somewhat similar to Cisco OS, see below examples from my lab.

Andy

Literally any command can be shortened.

Using username "admin".
admin@172.16.10.147's password:
Send automatic password
Access denied
admin@172.16.10.147's password:
Fortigate-VM #
Fortigate-VM # diag debug disable

Fortigate-VM # di de di

Fortigate-VM # get sys status
Version: FortiGate-VM64-KVM v7.6.1,build3457,241127 (GA.F)
First GA patch build date: 240724
Security Level: High
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.01026(2024-11-14 23:09)
Serial-Number: FGVM2V0000159742
License Status: Valid
VM Resources: 2 CPU/2 allowed, 1993 MB RAM
Log hard disk: Not available
Hostname: Fortigate-VM
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 3457
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Dec 30 14:14:19 2024
Last reboot reason: power cycle

Fortigate-VM # get sy st

ambiguous command before 'st'
Command fail. Return code -7

Fortigate-VM # get sy sta

ambiguous command before 'sta'
Command fail. Return code -7

Fortigate-VM # get sy stat
Version: FortiGate-VM64-KVM v7.6.1,build3457,241127 (GA.F)
First GA patch build date: 240724
Security Level: High
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.01026(2024-11-14 23:09)
Serial-Number: FGVM2V0000159742
License Status: Valid
VM Resources: 2 CPU/2 allowed, 1993 MB RAM
Log hard disk: Not available
Hostname: Fortigate-VM
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 3457
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Dec 30 14:14:36 2024
Last reboot reason: power cycle

Fortigate-VM #

To answer your question, yes, thats what customer was asking me about 🙂

i see, seems like a big clish revamping to have contexts like that, but that could be cool

Lets see, it would be cool indeed 🙂

Andy

If I am user configured to access only Web-UI, should I be allowed to see clish commands ?

There are 3 types of access-mechanisms to be available for specific user: Web-UI, CLI, Gaia-API.

All OS config data are saved in plain-text file (/config/db/initial) and as SQLite database (/config/db/initial_db). I am pretty sure Web-UI is getting these data from CLI anyway (show/dbget). The same should apply to modify something over Web-UI/Clish/Gaia-API (here set,add,delete or dbset should be used).

To have this topic complete, may we get the RFE number so someone can ask for the progress in the future?

Not sure if Im allowed to share RFE reference...

Thoughs @PhoneBoy ?

Here is the RFE number.

Andy

Feedback reference number: 49259r614

Of course, thats been there forever. BUT, thats NOT what customer was talking about 🙂

He wanted to know if say you clicked on "dhcp server" tab, if there would ever be an option to edit that config in cli, or any other tab for that matter. Same like the Fortigate screenshot I posted.

Andy

That is the first time I’ve ever heard of such a feature.
Whether we will ever develop it or not isn’t known.
You can share the RFE number you have, I suppose, but I’m not sure how useful it will be in practice as I’ve never seen references to them made anywhere.

Thats totally fair 🙂

To be perfectly honest with you (or as my mom would say "No son, I want you to be dishonest with me" LOL), I am almost positive customer mentioned just as would be nice to have, but thats about it. You know how it goes, when people work on one vendor forever, its not always easy after you switch to different one, as of course, things WILL be different.

Anywho, here is RFE reference number:

Feedback reference number: 49259r614

Andy

What the customer is asking has no sense

FTNT and CKP clish working in a totally different way, it's basically a Tree Structure VS a Plain Structure

They are not really asking for it, they just said would be nice to have 🙂