Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo!
The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a way to save time typing, which, multiplied by the hundreds of devices I have access to, saves a lot of time. Saving time typing is the reason I don't use Putty but instead invested in myself and bought SecureCRT by VanDyke. I once calculated what CLI automation saves me - the whole 4 hours of work monthly!
So let's get back to the Fortigate. It has the command alias capability that allows to configure a shortcut to the full syntax CLI command and save it in the configuration. Fortigate aliases have some limitations and features, here is the list:
- Aliases are available on Fortigate only, i.e.no Fortiweb/FortiManager/etc. (pity)
- Configured aliases are saved in the configuration and so survive reboots and upgrades (good)
- Aliases are available at the top level only. That is, if we are inside configuration subtree no aliases for us. E.g. we can set/use aliases for commands run at # prompt, but once we enter say interface configuration, no aliases are available (bad, but read on)
- Commands in aliases are not limited in the depth of subconfiguration tree. It means, while they have to start at the top level, they don't have to end there. E.g. we can create alias that combines commands like
config system interface
set status disablein one alias (good)
- Alias can combine multiple commands run in sequence (good)
- Alias can NOT accept arguments. If we have an alias
show system interface, we cannot add an interface name to it as an argument when running it -
alias shint port1will report error (bad)
- To use alias you specify word
aliasbefore it (see below examples).
To configure alias we use
config system alias command, here are some aliases I use:
config system alias edit "rt" set command "get router info routing all" next edit "rt6" set command "get router info6 routing-table" next edit "gip" set command "get router info protocols" next end
E.g. to get routing table:
# alias rt
Routing table for VRF=0 Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 192.168.13.1, port1 C 10.10.17.0/24 is directly connected, port3 C 192.168.13.0/24 is directly connected, port1