Technical Tip: Useful multi-option values CLI commands for existing lists

cborgato_FTNT · ‎02-01-2018

Description

This article gives useful CLI sub-commands for multi-option attributes values for existing lists introduced from FortiOS v5.0

Solution

On FortiOS CLI, FortiGate has configurable values that can have more than one option (aka Multi-options values). Before 5.0, administrators had to rewrite every time all the multiple attributes values using command set for adding and unset to delete (or reset to default value). When adding options to a list, such as a user group, using the set command will remove the previous configuration.

The introduction of these key-words makes it easier for the administrator to understand the CLI syntax, configure it properly it and, most importantly, provide specific functionality to add or remove options in an existing list.

For multi-option values, four different keywords can be used:

1)   append: add one or more options to an existing list
2)   select: clear all options except for those specified (override the existing entries values). It is the same as set
3)   unselect: remove one or more options from an existing list
4)   clear: remove all the options from an existing list. It’s same as unset (reset the list to default value)

Example for allowaccess interface configuration

FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping https ssh
...
append
FGT-vm (port4) # append allowaccess telnet
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping https ssh telnet
...
select
FGT-vm (port4) # select allowaccess ssh
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ssh...
set (is same as select)
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping https ssh telnet...
FGT-vm (port4) # set allowaccess ssh
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ssh
...
unselect
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping https ssh telnet
...
FGT-vm (port4) # unselect allowaccess https
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping ssh telnet (removed https only)
...
clear
FGT-vm (port4) # clear allowaccess
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
(removed all options)
...
unset (same as clear)
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set allowaccess ping https ssh telnet
(removed all options/reset to default)
...
FGT-vm (port4) # unset allowaccess
FGT-vm (port4) # show
config system interface
    edit "port4"
        set vdom "root"
        set ip 1.2.3.4 255.255.255.0
        set type physical
        set snmp-index 4
    next
end

Example without block-notification message

For more detailed information refer to the CLI Reference Guide in the Fortinet Document Library.

Technical Tip: Useful multi-option values CLI commands for existing lists

You are leaving our website