-
Notifications
You must be signed in to change notification settings - Fork 5
Usage
Basically all the programs you may want to use are located in utilities directory. All of them accept -h parameter to display the options that can be used. Following options are shared by most of the programs:
--host HOST FortiGate hostname or IP address
--user USER User name to log in as, default "admin"
--password PASSWORD Password to log in with, default empty
--credfile CREDFILE File to read the credentials from
--port PORT SSH port, default 22
--time-format {human-with-offset,human,timestamp,iso} Format of the date and time
--time-source {device,local} How to retrieve data and time
--debug Enable debug outputs
--manual Show manual
--ignore-ssh-key Ignore SSH server key problems
--max-cycles MAX_CYCLES Maximum cycles to run
You can either provide the username and password on command line with parameters --user and --password or you can save them in a file and use --credfile option. The file should consist of two lines, the first one being the username and the second the password.
Most of the programs automatically prepend every output line with a timestamp to make it easy to save the output into a text file and analyse it later.
By default, the timestamp is printed in human readable format with the timezone offset (e.g. 2018-09-04 11:33:27+02:00) but it can be changed using --time-format parameter to the "human readable without offset" or a "unix timestamp" which is better usable in subsequent scripts.
The time on the FortiGate device is used by default and the timezone is calculated based on the different from the local time on your computer (that means the local computer time must be correct). Alternatively you can choose to use local time directly with the --time-source option.
The programs expect that the public SSH key of the FortiGate is already present in the "known hosts" file (that happens when you connect to the FortiGate for first time using the standard SSH client on Linux. If you don't care about the remote key validity (or you are running this on Windows) the --ignore-ssh-key parameter can be used.
Be aware that with the remote key verification disabled, there is no way to recognise the "Man-in-the-middle" attack happening on the connection. Please disable the key verification only if you trust the network between you and the FortiGate management interface.
Most of the utilities accept --max-cycles option which limits the number of cycles to go through.
By default this is unlimited, so the program will run forever.
There are another parameters that vary depending on what program you are running. All utilities accept -h option that show both the shared (what is described above) and the local (utility-specific) options.
Some utilities also accept --manual parameter which prints a more detailed information about the utility.