set
set baremetal ifrename disable
set baremetal ifrename enable
set baremetal mgmt
set baremetal mgmt <MGMT>
set baremetal ports
set baremetal ports <PORT> <IFACE>
set cores isolate
set cores isolate <CORES>
Command to isolate cores from the OS scheduler, can only be used by VMs pinned to them.
set cores system
set cores system <CORES>
Command to define CPUs affinity of init process and user space
processes by defining the comma separated list of cores (not
cpus). It always automatically includes the core 0.
When system cores is defined, VMs and LXCs are automatically only using “free” cores.
Warning
need to reboot.
set cpus affinity
set cpus affinity <CPUS>
Danger
obsolete command, use set cores ... commands
Command to define CPUs affinity of “init” process, cpu 0 and its sibling must be part of the affinity.
Warning
you MUST reboot when you change the affinity.
set cpus isolate
set cpus isolate <CPUS> <RCU>
Danger
obsolete command, use set cores ... commands
Command to define CPUs to isolate from default scheduler list. You can’t isolate cpu 0 and its sibling.
Warning
when you isolate a CPU, you should also isolate its siblings.
Warning
you MUST reboot when you change the isolation list.
Ex: expert cpus isolate 1,4-9
set dhcp address
Configure mgmt interface address by DHCP.
set dhcp all
Configure mgmt interface address, dns and gateway by DHCP.
set dhcp dns
Configure DNS by DHCP.
set dhcp gateway
Configure gateway by DHCP.
set dhcp nodns
Do not use DHCP configured DNS.
set dhcp nogateway
Do not use DHCP default gateway.
set gui background
set gui background <COLOR>
Change the Web UI title bar background color to color (use
#RRGGBB format).
set gui filter
set gui filter <CRITERIA>+
Can filter repositories’ PoCs listed in simple mode. Criterias are:
repo=[REPO1,REPO2,...]: only display PoCs from REPO1, REPO2, ..,repo!=[REPO1,REPO2,...]: exclude PoCs from REPO1, REPO2, …name=[POC1,POC2]: only display PoCs named POC1, POC2, …name!=[POC1,POC2]: exclude PoCs name POC1, POC2, …name~[REGEXP1,REGEXP2]: only display PoCs matching REGEXP1 or REGEXP2 …name~REGEXP: only display PoCs matching REGEXPname!~REGEXP: exclude PoCs matching REGEXPall: show all PoCs
Example: set gui filter repo=[fortinet] name~^FortiCache
set gui foreground
set gui foreground <COLOR>
Change the Web UI title bar foreground color to color (use
#RRGGBB format).
set gui graph
set gui graph <CASE> <STATE>
Define if graph must be loaded (state is “yes”) on “dashboard” or “model” case or not (state is “no”)
set gui image file
set gui image file <IMAGE>
Change the Web UI title bar image, MUST be stored in local repository gui directory.
set gui image height
set gui image height <HEIGHT>
Change the Web UI title bar height and image height to height (CSS units).
set gui simple
set gui simple <STATE>
“enable” or “disable” the WebUI simple mode. In simple mode only PoCs created locally or repositories’ PoCs matching a filter
set gui sync firmware
set gui sync firmware <STATE>
Define if graph must be loaded (state is “yes”) on “dashboard” or “model” case or not (state is “no”)
set http disable
Disable HTTP listen port on FortiPoC.
set http enable
Enable HTTP listen port on FortiPoC.
set kernel kvm intel nec
set kernel kvm intel nec <STATE>
Enable/disable kvm-intel nested_early_check
set kernel mitigation all
set kernel mitigation all <STATE>
Disable (off) or enable (on) all mitigations.
set kernel mitigation itlb
set kernel mitigation itlb <STATE>
Disable (off) or enable (on) itlb mitigations.
set kernel mitigation l1tf
set kernel mitigation l1tf <STATE>
Disable (off) or enable (on) l1tf mitigations.
set kernel mitigation mds
set kernel mitigation mds <STATE>
Disable (off) or enable (on) mds mitigations.
set kernel mitigation meltdown
set kernel mitigation meltdown <STATE>
Disable (off) or enable (on) meltdown mitigations.
set kernel mitigation spectre
set kernel mitigation spectre <STATE>
Disable (off) or enable (on) spectre mitigations.
set kernel mitigation srbds
set kernel mitigation srbds <STATE>
Disable (off) or enable (on) srbds mitigations.
set kernel mitigation taa
set kernel mitigation taa <STATE>
Disable (off) or enable (on) taa mitigations.
set keyboard
Change keyboard and language.
set keyboard console
Change console keyboard.
set keymap vm
set keymap vm <MAP>
set license
set license <SERVER>
Warning
Obsolete command, use set license server <SERVER>
instead.
set license byol disable
Disable local BYOL license and use only license server.
If no license server is configured, BYOL is always used.
set license byol enable
Enable local BYOL license.
Use local BYOL license before asking license server.
set license server
set license server <SERVER>
Configure license server, local licenses are not used.
Example:
in labsetup:
set license server http://license.fortilab.net/rest/FortiPoC License server:
set license server https://FORTIPOC_SRV_IP/
set license uuid
set license uuid <LIC> <UUID>
Set UUID of a license.
Example: set server license uuid 1
e688f9a8-2293-51e6-010a-786406e87951
set macext
set macext <VALUE>
Set external MAC address OUI to value for VM ports connected to external FortiPoC port’s network.
set memory hugepages
set memory hugepages <NBPAGES>
Command to define reserved HugePages to allocate to VM. At least 2GB of memory is reserved to the system.
See diagnose memory hugepages to get available hugepages
Warning
you MUST reboot when you change the hugepages.
set mss delta
set mss delta <DELTA>
set mss enable
set mss enable <VALUE>
Enable or disable MSS update (value is 0 (disable) or 1 (enable))
set mss max
set mss max <VALUE>
set mss min
set mss min <VALUE>
set mss threshold
set mss threshold <MSS>
set portfwd byip disable
Enable port forwarding rule based on input interface and not destination IP (default).
set portfwd byip enable
Enable port forwarding rule based on destination IP and not input interface.
set refresh
set refresh <CASE> <FREQ>
Set “case” refresh frequency in seconds.
0 as frequency disable the refresh and will require a page reload if enabled again.
case: domstate, hoststate, tasks
set security console access cli any
Change serial console security access level by CLI.
Because the serial console can stay connected to an account even after the connection is closed, it can be usefull to limit access to it. This command let you choose different level of security restriction:
any: allow access to guest user (default)nolxc: allow access except on lxc to guest usernone: deny access to guest user
set security console access cli nolxc
Change serial console security access level by CLI.
Because the serial console can stay connected to an account even after the connection is closed, it can be usefull to limit access to it. This command let you choose different level of security restriction:
any: allow access to guest user (default)nolxc: allow access except on lxc to guest usernone: deny access to guest user
set security console access cli none
Change serial console security access level by CLI.
Because the serial console can stay connected to an account even after the connection is closed, it can be usefull to limit access to it. This command let you choose different level of security restriction:
any: allow access to guest user (default)nolxc: allow access except on lxc to guest usernone: deny access to guest user
set security custom disable
Disable PoC custom port firewall rules.
set security custom enable
Enable PoC custom port firewall rules.
set security http private
HTTP reverse proxy access to VM HTTP through FortiPoC logged in user only.
set security http public
Public HTTP reverse proxy access to VM HTTP. No extra security.
You MUST ensure all passwords are set and secured enough.
set security https private
HTTPS reverse proxy access to VM HTTPS through FortiPoC logged in user only.
set security https public
Public HTTPS reverse proxy access to VM HTTPS. No extra security.
You MUST ensure all passwords are set and secured enough.
set security spice private
SPICE listen only on loopback, requires PoC launch.
set security spice public
SPICE listen on public address, requires a password and PoC launch.
set security ssh private
Disable public port firewall rules for VM SSH access.
set security ssh public
Enable public port firewall rules for VM SSH access.
set security vnc private
VNC listen only on loopback.
set security vnc public
VNC listen on public address, requires a password and PoC launch.
VNC protocol only accepts password up to 8 characters, if the defined password is longer, VNC only listen on loopback address.
set ssh authorized keys
set ssh authorized keys <KEY>
Add key to authorized keys file, you can also use scp KEY
admin@{addr}:authorized_keys to install a key.
set static address
set static address <ADDRESS> <GATEWAY>
Configure mgmt interface static address (and default gateway)
Example:
set static address 10.0.0.1/24
set static address 10.0.0.1/24 10.0.0.254
set static gateway
set static gateway <GATEWAY>
Configure static default route gateway:
Example: set static gateway 10.0.0.254
set static nodns
Do not use static DNS server (may fall back to DHCP one).
set static nogateway
Do not use static default gateway (may fall back to DHCP one).