Technical Tip: Support execution of global CLI commands from within VDOMs

Description

This article explains how to enter a VDOM to execute commands without exiting the current VDOM.

Scope

FortiGate.

Solution

CLI command '#sudo', allows the running of global commands from within the VDOM context of the CLI.

This means that the user no longer has to:

• Exit from the VDOM.
• Enter global.
• Run the command.
• Return to the previous VDOM.

These commands will only work if the user already has permission to run the command.
Unlike the '#sudo' command in some other operating systems like Linux, this command does not allow the user to run programs with the privileges of another user.

The syntax for the command is:

#sudo {global | vdom-name} {diagnose | execute | show | get}

Example to run CLI from VDOM level to query Global level configuration:

config vdom
(vdom) # edit TP
current vf=TP:1
(TP) # sudo global show system ha
config system ha
    set group-id 10
    set group-name "fgcp"
    set mode a-p
    set hbdev "port31" 50
    set session-pickup enable
    set ha-mgmt-status enable
    set ha-uptime-diff-margin 3
    set override disable
    set priority 200
    set monitor "port1" "port2"
end

Example to run CLI from Global level to query VDOM level configuration:

config global
(global) # sudo TP show system settings
config system settings
    set asymroute enable
end