When working with Fortinet devices, the Command Line Interface (CLI) is a skill you can’t ignore. While the web interface (GUI) is great for quick changes, the CLI gives you more control, faster execution, and deeper troubleshooting options.
If you’re preparing for Fortinet NSE 8 training, knowing the right CLI commands can save you hours of work and help you solve complex network issues with confidence. In this guide, we’ll cover the top 10 Fortinet CLI commands every engineer should know in 2025—based on real-world use and current FortiOS features.
1. get system status
This command shows your device’s health and version details.
Why it matters: Quickly confirm firmware version, uptime, and basic system info.
Example:
sql
CopyEdit
get system status
You’ll see firmware version, serial number, and uptime.
2. show full-configuration
Displays the complete device configuration, including default and hidden settings.
Why it matters: Ideal for audits, troubleshooting, and backups.
Example:
pgsql
CopyEdit
show full-configuration
Copy the output to a text file for safekeeping.
3. grep for Filtering Output
Helps you search within long command outputs.
Why it matters: Saves time when looking for specific configurations.
Example:
pgsql
CopyEdit
show full-configuration | grep vpn
You can also use -A, -B, or -C to see context lines around your matches.
4. diagnose debug enable and diagnose debug application
Turns on debugging for a specific process.
Why it matters: See exactly what’s happening behind the scenes during a problem.
Example:
nginx
CopyEdit
diagnose debug enable
diagnose debug application ike -1
Remember to turn debugging off after use:
nginx
CopyEdit
diagnose debug disable
5. execute ping
Tests connectivity between your Fortinet device and another host.
Why it matters: Basic but essential for troubleshooting network reachability.
Example:
nginx
CopyEdit
execute ping 8.8.8.8
You’ll see packet loss and latency details.
6. diagnose sniffer packet
Captures and displays live traffic from an interface.
Why it matters: Excellent for packet-level troubleshooting and verifying traffic flow.
Example:
python
CopyEdit
diagnose sniffer packet any 'host 192.168.1.100' 4
The last number sets verbosity (1–6). Higher numbers give more detail.
7. diagnose debug flow
Shows real-time traffic flow decisions through the firewall.
Why it matters: Helps find why traffic is allowed or blocked.
Example:
pgsql
CopyEdit
diagnose debug enable
diagnose debug flow filter addr 192.168.1.50
diagnose debug flow trace start 100
Disable debugging afterward with diagnose debug disable.
8. config system interface
Configures an interface’s IP, VLAN, and admin access.
Why it matters: Critical for fixing connectivity if GUI access is lost.
Example:
arduino
CopyEdit
config system interface
edit port1
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh
end
9. execute config-transaction
Lets you make multiple changes in a safe, transactional way.
Why it matters: You can review and commit changes together—avoiding mistakes.
Example:
pgsql
CopyEdit
execute config-transaction start
(config changes)
execute config-transaction commit
10. Tab and ? Help
Not a single command but an essential habit.
Why it matters: Tab completes command names; ? shows possible options.
Example:
arduino
CopyEdit
config system ?
This makes exploring the CLI easier and faster.
Final Thoughts
Whether you’re troubleshooting, configuring, or learning for your NSE 8 training, these commands are the most relevant for 2025. The basics like get system status and execute ping still matter, but newer practices like using grep, packet sniffing, and configuration transactions can greatly improve your speed and accuracy.
By regularly practicing these commands in a lab environment, you’ll not only prepare for exams but also handle real-world challenges confidently. In networking, CLI mastery is the difference between guessing and knowing.
So, start using these top 10 commands today—your future self (and your network) will thank you. And when you finally reach your Fortinet NSE 8 goal, these will be second nature.
