Fortigate CLI command alias to create shortcuts and save time

in Fortigate
#Fortigate

Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo! The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a way to save time typing, which, multiplied by the hundreds of devices I have access to, saves a lot of time. Saving time typing is the reason I don't use Putty but instead invested in myself and bought SecureCRT by VanDyke. I once calculated what CLI automation saves me - the whole 4 hours of work monthly!
So let's get back to the Fortigate. It has the command alias capability that allows to configure a shortcut to the full syntax CLI command and save it in the configuration. Fortigate aliases have some limitations and features, here is the list:

  • Aliases are available on Fortigate only, i.e.no Fortiweb/FortiManager/etc. (pity)
  • Configured aliases are saved in the configuration and so survive reboots and upgrades (good)
  • Aliases are available at the top level only. That is, if we are inside configuration subtree no aliases for us. E.g. we can set/use aliases for commands run at # prompt, but once we enter say interface configuration, no aliases are available (bad, but read on)
  • Commands in aliases are not limited in the depth of subconfiguration tree. It means, while they have to start at the top level, they don't have to end there. E.g. we can create alias that combines commands like config system interface edit port1 set status disable in one alias (good)
  • Alias can combine multiple commands run in sequence (good)
  • Alias can NOT accept arguments. If we have an alias shint for show system interface, we cannot add an interface name to it as an argument when running it - alias shint port1 will report error (bad)
  • To use alias you specify word alias before it (see below examples).

To configure alias we use config system alias command, here are some aliases I use:

config system alias
    edit "rt"
        set command "get router info routing all"
    next
    edit "rt6"
        set command "get router info6 routing-table"
    next
    edit "gip"
        set command "get router info protocols"
    next
end

E.g. to get routing table:

# alias rt 

Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

S*      0.0.0.0/0 [10/0] via 192.168.13.1, port1
C       10.10.17.0/24 is directly connected, port3
C       192.168.13.0/24 is directly connected, port1

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.