Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbabic
Staff
Staff

Created on ‎08-14-2019 06:43 AM Edited on ‎03-24-2025 06:44 AM By Moderator

Article Id 189883

Technical Tip: How to configure the 'system alias' feature on a FortiGate firewall

Description

 

This article describes how to configure the 'system alias' feature on a FortiGate firewall.

 

Scope

 

FortiGate.

Solution

 

Configuration of the 'system alias' feature makes it possible to save collections of executable commands that can be run on demand. This feature can be used for a single command, or a batch of multiple commands using the below CLI commands:

 

config system alias

    edit "router"
        set command "get router info routing-table all"
    next
end

 

To run the command, use the following CLI syntax which includes the name of the command list that was configured in the previous step:

 

alias router   --> Where 'router' is the name of the command or list of commands to be run.


Routing table for VRF=0
Codes:
K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S*      0.0.0.0/0 [10/0] via 10.109.31.254, port1
C       10.109.16.0/20 is directly connected, port1
C       10.109.48.0/20 is directly connected, port2
C       172.16.190.0/24 is directly connected, port3
C       172.16.251.0/24 is directly connected, port5
C       172.16.252.0/24 is directly connected, port6

To run multiple commands in batch format, the following syntax is used:

 

Note: Use the open quote at the beginning of the first command.
Separate the commands using the Enter key.
Close the quote only at the end of the last command.

 

FGT_3 (global) # config system alias

FGT_3 (alias) # edit dns
new entry 'dns' added

FGT_3 (dns) # set command "show system dns
> show system ddns"

FGT_3 (dns) # end

 

Once the above CLI syntax has been set,  use the following command to automatically run the command or batch of commands specified when configuring the alias settings:

 

FGT_3 (global) # alias dns
config system dns
    set primary 96.45.45.45
    set secondary 96.45.46.46
    set protocol dot
    set server-hostname "globalsdns.fortinet.net"
end


config system ddns
    edit 1
        set ddns-server FortiGuardDDNS
        set ddns-domain "fgt3.fortiddns.com"
        set monitor-interface "wan1"
    next
end

 

For system aliases, it is possible to use different commands in combination with 'grep' to filter only certain output.

 

Example:

 

config system alias
    edit "performance"
        set command "get sys status | grep time

            diagnose sys session stat | grep session_count

            diagnose sys session list | grep proto=6 -c" <--- This command grep only TCP sessions and count the total amount of them.
    next
end

 

Output from the 'alias performance':

 

alias performance
System time: Fri Dec 13 05:41:51 2024
misc info: session_count=26 setup_rate=0 exp_count=0 reflect_count=0 clash=0
npu_session_count=0
11  <--- 11 TCP sessions

 

The alias command can also be used to perform an 'iPerf3 test'.

 

config system alias

    edit "iperf_test"

        set command "diagnose sys waninfo ipify port1 | grep Public/WAN

            diagnose traffictest server-intf port1

            diagnose traffictest client-intf port1

            diagnose traffictest port 5200

            diagnose traffictest run -c 45.147.210.189 "

        next

end

 

alias iperf_test
Try to get my public IP through https://api.ipify.org with src_ip=0.0.0.0 device=port1 vfid=0(root) ...

Public/WAN IP: 213.157.28.115
server-intf: port1
client-intf: port1
port: 5200
Connecting to host 45.147.210.189, port 5200
[ 7] local 10.191.19.160 port 9236 connected to 45.147.210.189 port 5200
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 7] 0.00-1.00 sec 78.2 MBytes 656 Mbits/sec 176 1.40 MBytes
[ 7] 1.00-2.00 sec 81.2 MBytes 682 Mbits/sec 0 1.48 MBytes
[ 7] 2.00-3.00 sec 86.2 MBytes 724 Mbits/sec 0 1.55 MBytes
[ 7] 3.00-4.00 sec 88.8 MBytes 744 Mbits/sec 0 1.59 MBytes
[ 7] 4.00-5.00 sec 91.2 MBytes 765 Mbits/sec 0 1.62 MBytes
[ 7] 5.00-6.00 sec 92.5 MBytes 776 Mbits/sec 0 1.63 MBytes
[ 7] 6.00-7.00 sec 92.5 MBytes 776 Mbits/sec 0 1.64 MBytes
[ 7] 7.00-8.00 sec 93.8 MBytes 786 Mbits/sec 0 1.66 MBytes
[ 7] 8.00-9.00 sec 95.0 MBytes 797 Mbits/sec 0 1.70 MBytes
[ 7] 9.00-10.00 sec 86.2 MBytes 723 Mbits/sec 38 1.27 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 7] 0.00-10.00 sec 886 MBytes 743 Mbits/sec 214 sender
[ 7] 0.00-10.02 sec 883 MBytes 740 Mbits/sec receiver

iperf Done.

9871
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.