CLI Reference Guide

FortiDeceptor 4.3.0
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE

https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT

https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM

https://www.fortinet.com/training-certification

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://www.fortiguard.com

END USER LICENSE AGREEMENT

https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: [email protected]

August 30, 2022

FortiDeceptor 4.3.0 CLI Reference Guide
50-420-832787-20220830
 TABLE OF CONTENTS

Change Log 4
Introduction 5
What’s New in FortiDeceptor 6
Configuration Commands 7
System Commands 8
data-purge 9
fw-upgrade 10
iptables 10
dcvm-confirm-id 12
set-maintainer 12
remote-auth-timeout 13
vm-firmware-license 13
cm 13
fabric-binding 14
dcvm-license 15
Utility Commands 16
Diagnose Commands 17

FortiDeceptor 4.3.0 CLI Reference Guide 3

Fortinet Inc.
Change Log

Date Change Description

2022-08-30 Initial release.

FortiDeceptor 4.3.0 CLI Reference Guide 4

Fortinet Inc.
Introduction

The FortiDeceptor CLI (Command Line Interface) is available when connecting to the FortiDeceptor via console or by
using an SSH or TELNET client. These services must be enabled on the port1 interface.
Use CLI commands for initial device configuration and troubleshooting. CLI commands are case-sensitive. Some
commands are specific to hardware or VM devices.
Use ? or help to view a description of all of the available commands. Use ? or help with a system command for
information on how to use that command. Use exit to exit the CLI.
An administrator's privilege to execute CLI commands is defined in the admin profile. The specific commands that are
available to them are configured when creating or editing a profile.

FortiDeceptor 4.3.0 CLI Reference Guide 5

Fortinet Inc.
What’s New in FortiDeceptor

This version includes the following changes.

Command Change
data-purge New options to specify the date and time of the purge and show the configuration
for an automatic purge.
dcvm-license New optons list the decemption VM license informaiton and to remove the
license/contract information manually.

FortiDeceptor 4.3.0 CLI Reference Guide 6

Fortinet Inc.
Configuration Commands

Command Description
show Show the bootstrap configuration including the port IP address (IPv4 and IPv6), network
mask, port MAC address, and default gateway.
set Set configuration parameters.
l set portX-ip <ip/netmask> - Set the portX IP address in IP/netmask format.

l set default-gw <ip> - Set the default gateway address.

l set date <date> - Set system date, in the format of YYYY-MM-DD.

l set time <time> - Set system time, in the format of HH:MM:SS.

unset default-gw Unset the default gateway.

FortiDeceptor 4.3.0 CLI Reference Guide 7

Fortinet Inc.
System Commands

Command Description
reboot Reboot the FortiDeceptor. All sessions are terminated, the unit goes offline, and
there is a delay while it restarts.
shutdown Shut down the FortiDeceptor.
config-reset Reset the configuration to factory defaults. Event and incident data, and installed
VM images are kept.
data-purge Purge the detection results from the database, including deployment settings,
events, incidents, and alerts.
factory-reset Reset the FortiDeceptor configuration to factory default settings. All data is
deleted. Installed VM images are kept.
status Display the FortiDeceptor firmware version, serial number, system time, disk
usage, image status, and RAID information.
fw-upgrade Upgrade or re-install the FortiDeceptor firmware or deception VM image via
Secure Copy (SCP) or File Transfer Protocol (FTP) server.
See fw-upgrade on page 10 for details.
reset-widgets Reset the GUI widgets.
iptables Enable/disable IP tables.
See iptables on page 10 for details.
dcvm-confirm-id Set confirm ID for Windows deception VM activation.
See dcvm-confirm-id on page 12 for details.
dcvm-license List the license information for deception VMs using the -l option.
dcvm-status Display the status for deception VMs.
dcvm-reset Activate and initialize VM images. This is useful when you need to rebuild a
broken VM image.
The default resets all VMs or you can specify a VM name with -n <VM name>.
dcimg-status Display the status of deception images.
set-maintainer Enable or disable the maintainer account.
See set-maintainer on page 12 for details.
remote-auth-timeout Set Radius or LDAP authentication timeout.
See remote-auth-timeout on page 13 for details.
log-purge Delete all system logs.
vm-firmware-license Download and install the firmware license file from a server.
See vm-firmware-license on page 13 for details.

FortiDeceptor 4.3.0 CLI Reference Guide 8

Fortinet Inc.
System Commands

Command Description
vm-resize-hd After changing the virtual hard disk size on the hypervisor, execute this command
to make the change recognizable to the firmware.
This command is only available for VM models.
dmz-mode Enable or disable DMZ deployment mode.
fdn-pkg Display information about FortiGuard upgradeable engine packages.
test-network Test the network connectivity of firmware.
storage-check Check storage disk with fsck command.
storage-format Format storage disk.
cm Central Manager configuration.
See cm on page 13 for details.
fabric-binding Set the Fabric traffic binding to port1.
See fabric-binding on page 14 for details.

data-purge

Syntax

data-purge <option>

Option Description
-a Purge all the data in the database including deployment settings, events, incidents, and alerts.
-d Purge the detection results from database, including events, incidents, and alerts.
-t Purge campaigns that happened before a specific time (MM/DD/YYYY-HH:MM:SS). For
example, to purge data by time use: data-purge -d -t04/19/2021-12:15:35
You do not need to provide a timezone. FortiDeceptor wil use the timezone configured on your
device.
For example, running data-purge -d -t04/19/2021-12:15:35 in PDT time, will purge
the corresponding data before 04/19/2021-12:15:35 PDT or 04/19/2021-19:15:35
UTC.
-k<N> Automatically purges data older than the specified number of days where N represents 1-365
days.
For example, to purge data older than 10 days : data-purge -k10
This option cannot be used with other options.
-s Show the configuration for automatic purge.

FortiDeceptor 4.3.0 CLI Reference Guide 9

Fortinet Inc.
System Commands

fw-upgrade

Upgrade or re-install the FortiDeceptor firmware or deception VM image via FTP, HTTPS, or SCP (default) server.
Before running this command, download the firmware file onto a server that supports file copy via FTP, HTTPS, or SCP.
The system boots after the firmware is downloaded and installed.

Syntax

fw-upgrade <option> [options]

Option Description
-b Download an image file from this server and upgrade the firmware.
-v Download and install a VM image file from this server.
-t<ftp | https | scp> The protocol type, FTP, HTTPS, or SCP (default).
-s<ftp, https, or scp The IP address of the server to download the image.
server IP address>
-u<user name> The user name for authentication.
-p<password> The password for authentication.
-f<full file path> The full path of the image file.

iptables

Use this command to enable or disable IP tables. The settings are discarded after reboot.

Syntax

iptables -[ACD] chain rule-specification [options]

iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Commands

You can use long or short commands.

FortiDeceptor 4.3.0 CLI Reference Guide 10

Fortinet Inc.
System Commands

--append -A chain Append to chain.

--check -C chain Check for the existence of a rule.
--delete -D chain Delete matching rule from chain.
--delete -D chain rulenum Delete rule rulenum (1 = first) from chain.
--insert -I chain [rulenum] Insert in chain as rulenum (default 1=first).
--replace -R chain rulenum Replace rule rulenum (1 = first) in chain.
--list -L [chain [rulenum]] List the rules in a chain or all chains.
--list-rules -S [chain [rulenum]] Print the rules in a chain or all chains.
--flush -F [chain] Delete all rules in chain or all chains.
--zero -Z [chain [rulenum]] Zero counters in chain or all chains.
--new -N chain Create a new user-defined chain.
--delete-chain -X [chain] Delete a user-defined chain.
--policy -P chain target Change policy on chain to target.
--rename-chain -E old-chain new-chain Change chain name, (moving any references).

Options

You can use long or short commands.

--ipv4 -4 Nothing (line is ignored by ip6tables-restore).

--ipv6 -6 Error (line is ignored by iptables-restore).
[!] --protocol -p proto Protocol: by number or name, for example: tcp.
[!] --source -s address[/mask][...] Source specification.
[!] --destination -d address[/mask] Destination specification.
[...]
[!] --in-interface -i input name[+] Network interface name ([+] for wildcard).
--jump -j target Target for rule (may load target extension).
--goto -g chain Jump to chain with no return.
--match -m match Extended match (may load extension).
--numeric -n numeric Output of addresses and ports.
[!] --out-interface -o output name[+] Network interface name ([+] for wildcard).
--table -t table Table to manipulate (default: `filter').
--verbose -v Verbose mode.
--wait -w Wait for the xtables lock.

FortiDeceptor 4.3.0 CLI Reference Guide 11

Fortinet Inc.
System Commands

--line-numbers Print line numbers when listing.

--exact -x Expand numbers (display exact values).
[!] --fragment -f Match second or further fragments only.
--modprobe=<command> Try to insert modules using this command.
--set-counters PKTS BYTES Set the counter during insert/append.
[!] --version -V Print package version.

dcvm-confirm-id

Validate a Microsoft Windows key after contacting Microsoft customer support.

Syntax

dcvm-confirm-id <option> [options]

Option Description
-a Add a confirmation ID.
-k License key.
-c Conformation ID.
-d Delete a confirmation ID.
-k License key.
-l List all confirmation IDs.

set-maintainer

Use the maintainer account to reset user passwords.

Syntax

set-maintainer <option>

Option Description
-l Show current setting.
-d Disable maintainer account.
-e Enable maintainer account.

FortiDeceptor 4.3.0 CLI Reference Guide 12

Fortinet Inc.
System Commands

remote-auth-timeout

Set RADIUS or LDAP authentication timeout value.

Syntax

remote-auth-timeout <option>

Option Description
-s Set the timeout value in seconds (10 - 180, default = 10).
-u Unset the timeout.
-l Display the timeout value.

vm-firmware-license

Download and install the firmware license file from a remote server.
This command is only available for VM models.

Syntax

upload_license <options>

Option Description
-s<server ip> Download a license file from this server IP address.
-t<ftp | scp> The protocol type, FTP or SCP (default).
-u<username> The user name for server authentication.
-p<password> The password for server authentication.
-f<license filename> The full path for the license file.

cm

Central Manager configuration. This command is available for hardware and VM models.
The FortiDeceptor appliance can be configured in the following modes:
l Central Manager. Central Manager also has deception capability.
l Remote appliance (client).

FortiDeceptor 4.3.0 CLI Reference Guide 13

Fortinet Inc.
System Commands

Syntax

cm <options>

Option Description
-lc List the configuration of Central Manager mode unit.
-ls List the status of Central Manager mode unit.
-lj Optional. Output in JSON format.
-sc -mC Set this unit to be a client mode (remote appliance).
-sc -mM Set this unit to be a manager mode (Central Manager).
-sc -n Set alias name for this unit (manager or client).
-sc -a Set the authentication code for Central Manager communication.
-sc -i Set the IP address of Central Manager server unit for client unit to connect.

Example

For example, in the following topology scenario:

l 1 Central Manager with IP address of 192.168.1.100
l 1 remote appliance (client) with IP address of IP:172.16.1.100
Use this configuration command on the manager side:
cm -sc -mM -nManager -a1234567890

Use this configuration command on the client side:

cm –sc –mC –nAppliance1 –a1234567890 -i192.168.1.100

fabric-binding

Set the Fabric traffic binding to port1. This command is available for hardware and VM models.

Syntax

fabric-binding <options>

Option Description
-e Enable Fabric binding to port1.
-d Disable Fabric binding to port1.
-l Display the status of Fabric binding.

FortiDeceptor 4.3.0 CLI Reference Guide 14

Fortinet Inc.
System Commands

dcvm-license

Syntax

dcvm-license <option>

Option Description
-h Help information.
-l List the deception VM license information.
-r[u|f] Remove the license/contract information manually.
-ru: Remove the uploaded license information manually.
-rf: Remove the FDN contract information manually.

FortiDeceptor 4.3.0 CLI Reference Guide 15

Fortinet Inc.
Utility Commands

Command Description
ping Test network connectivity to another network host:
ping <IP address>
tcpdump Examine local network traffic:
tcpdump [ -c count ] [ -i interface ] [ expression ]
traceroute Examine the route taken to another network host:
traceroute <host>

FortiDeceptor 4.3.0 CLI Reference Guide 16

Fortinet Inc.
Diagnose Commands

Command Description
hardware-info Display general hardware status information. Use this option to view CPU, memory,
disk, and RAID information, as well as system time settings.
disk-attributes Display system disk attributes. This option is only available on hardware models.
disk-errors Display any system disk errors. This option is only available on hardware models.
disk-health Display disk health information. This option is only available on hardware models.
disk-info Display disk hardware status information. This option is only available on hardware
models.
raid-hwinfo Display RAID hardware status information. This option is only available on hardware
models.

FortiDeceptor 4.3.0 CLI Reference Guide 17

Fortinet Inc.
 www.fortinet.com

Copyright© 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.