Saturday, June 20, 2026

FortiGate show full-configuration (terminal length 0)

You'll need to configure set output standard in order to view the FortiGate's full configuration without pause. This is similar to the terminal length 0 (in a Cisco IOS-XE device) or terminal page 0 (in Cisco ASA firewall). This is helpful when you want to save the full config into a text file using SecureCrt or PuTTY. The default uses the more option wherein you hit Enter to continue viewing the configuration pages.

Note this is a persistent config, so you'll need to configure either the more or standard output when you login again to the FortiGate.

 

FGT # config 
global    config global
vdom      config vdom

FGT # config global

FGT (global) # show full-configuration
config system global
    set admin-ble-button enable
    set admin-concurrent enable
    set admin-console-timeout 0
    set admin-forticloud-sso-login disable
    set admin-host ''
    set admin-hsts-max-age 15552000
    set admin-https-pki-required disable
    set admin-https-redirect enable
    unset admin-https-ssl-banned-ciphers
    set admin-https-ssl-ciphersuites TLS-AES-xx
    set admin-https-ssl-versions tlsv1-3
    set admin-lockout-duration 300
    set admin-lockout-threshold 5
    set admin-login-max 100
    set admin-port 80
    set admin-reset-button enable
    set admin-restrict-local enable
    set admin-scp disable
    set admin-server-cert "Fortinet_GUI_Server"
    set admin-sport 443
    set admin-ssh-grace-time 120
    set admin-ssh-password enable
    set admin-ssh-port 22
    set admin-ssh-v1 disable
    set admin-telnet disable
    set admintimeout 15
    set alias "FortiGate-xx"
    set allow-traffic-redirect enable
    set anti-replay strict
    set arp-max-entry 131072
    set auth-cert "Fortinet_Factory"
    set auth-http-port 1000
    set auth-https-port 1003
    set auth-ike-saml-port 1001
    set auth-keepalive disable
    set auth-session-limit block-new
    set auto-auth-extension-device enable
    set autorun-log-fsck disable
    set av-affinity "0"
    set av-failopen pass
    set av-failopen-session disable
    set batch-cmdb enable
--More-- 


FGT (global) # config system console

FGT (console) # set output 
standard    Standard output.
more        More page output.
 
FGT (console) # set output standard   
 
FGT (console) # end
 
FGT (global) # show full-configuration

<OUTPUT TRUNCATED>

config system ipam
    set status disable
    set server-type fabric-root
    config pools
        edit "default-pool"
            set description ''
            set subnet 172.31.0.0 255.255.0.0
        next
        edit "lan-pool"
            set description ''
            set subnet 192.168.0.0 255.255.0.0
        next
    end
    config rules
        edit "role-lan"
            set description ''
            set device "*"
            set interface "*"
            set role lan
            set pool "lan-pool"
            set dhcp enable
        next
    end
end
config system fabric-vpn
    set status disable
end
 
FGT (global) # 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)