Hi!
I have FortiOS 6.4.5 installed.
How to know the default value of some variable (ie set snat-hairpin-traffic) while there is not this row in configuration?
The default value is indicated in the documentation you referenced (in your original post), but as a rule you can always do a "get" at a given config branch to see all the various values set. For example, just like you can do "show system settings" or "config system settings" and then run "show", you can also run "get system settings" or "config system settings" and then "get". I love the FortiGate CLI syntax once I got the hang of it.
Yes, there are subcommands (set,unset,show,get etc).
My misunderstanding is that as far as I have not set the variable (ie snat-hairpin-traffic) it is neither enabled nor disabled. get and show do not inform me about that. But what is the value that Fortigate uses?
I'm not sure what you mean about "get" not informing you about that. "Show" doesn't display anything if it is currently set to the default value, but "get" absolutely does. I just verified this on my FW running the same code as you. For me it's about the 10th value down (if you're not already using grep to filter your output).
Thanks! Get works, probably I ran it in wrong place. show full also great!
For other newbies: use grep for simplification. For example: show full | grep gui
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.