FortiVoice 2.0 MR1 CLI Reference Revision 1

FortiVoice 2.0 MR1 CLI Reference Revision 1
FortiVoice™ 200D/200D-T v2.0 MR1
CLI Reference
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
March 18, 2013
1st Edition
Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are
registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks
of Fortinet. All other product or company names may be trademarks of their respective owners.
Performance metrics contained herein were attained in internal lab tests under ideal conditions,
and performance may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment
by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the
extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a
purchaser that expressly warrants that the identified product will perform according to the
performance metrics herein. For absolute clarity, any such warranty will be limited to
performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in
full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise
this publication without notice, and the most current version of the publication shall be
applicable.
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
Customer Service & Support
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Contents
Contents ............................................................................................................ 3
Using the CLI .................................................................................................... 6
Connecting to the CLI.............................................................................................. 6
Connecting to the CLI using a local console ..................................................... 6
Enabling access to the CLI through the network (SSH or Telnet) ..................... 7
Connecting to the CLI using SSH ...................................................................... 9
Connecting to the CLI using Telnet ................................................................. 10
Command syntax...................................................................................................
Terminology .....................................................................................................
Indentation .......................................................................................................
Notation ...........................................................................................................
10
11
12
12
Sub-commands ..................................................................................................... 14
Permissions ........................................................................................................... 17
Tips and tricks .......................................................................................................
Help..................................................................................................................
Shortcuts and key commands .........................................................................
Command abbreviation ...................................................................................
Special characters ...........................................................................................
Language support............................................................................................
Baud rate .........................................................................................................
Editing the configuration file on an external host.............................................
18
18
18
19
19
20
20
20
config............................................................................................................... 22
customized-message.............................................................................................
Syntax ..............................................................................................................
email-template-notify-generic..........................................................................
fv-missed-call-notify ........................................................................................
fv-voicemail-notify............................................................................................
login-disclaimer................................................................................................
23
23
23
24
25
25
dialplan did-mapping ............................................................................................. 27
dialplan inbound .................................................................................................... 29
config dialplan outbound ....................................................................................... 32
extension group ..................................................................................................... 34
extension paging.................................................................................................... 35
extension preference ............................................................................................. 36
extension remote ................................................................................................... 41
extension ring-group.............................................................................................. 42
extension user........................................................................................................ 43
log setting remote .................................................................................................. 45
log setting local...................................................................................................... 47
log alertemail recipient........................................................................................... 49
Fortinet Technologies Inc.
Page 3
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
log alertemail setting.............................................................................................. 50
mailsetting relayserver ........................................................................................... 51
pbx account-code ................................................................................................. 52
pbx call-parking ..................................................................................................... 53
pbx feature-access-code....................................................................................... 54
pbx location ........................................................................................................... 55
pbx number-management ..................................................................................... 57
pbx rating-table ..................................................................................................... 59
pbx schedule ......................................................................................................... 60
pbx storage-capacity............................................................................................. 61
pbx system-speed-dial .......................................................................................... 62
pbx user-privilege .................................................................................................. 63
profile caller-id-translate ........................................................................................ 66
profile sip-setting ................................................................................................... 68
report ..................................................................................................................... 70
service auto-attendant........................................................................................... 73
service conference................................................................................................. 76
service recording ................................................................................................... 77
system accprofile................................................................................................... 78
system admin......................................................................................................... 79
system appearance ............................................................................................... 81
system auto-provisioning ...................................................................................... 82
system certificate ca .............................................................................................. 84
system certificate crl.............................................................................................. 85
system certificate local .......................................................................................... 86
system certificate remote ...................................................................................... 87
system ddns .......................................................................................................... 88
system dhcp server ............................................................................................... 90
system dns............................................................................................................. 93
system global......................................................................................................... 94
system interface..................................................................................................... 95
system mailserver .................................................................................................. 97
system password-policy........................................................................................ 98
system port-forwarding ......................................................................................... 99
system route ........................................................................................................ 100
system sip-setting................................................................................................ 101
system time manual ............................................................................................. 103
system time ntp ................................................................................................... 104
system voicemail ................................................................................................. 105
trunk office-peer .................................................................................................. 106
Fortinet Technologies Inc.
Page 4
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
trunk pstn............................................................................................................. 107
trunk sip-peer....................................................................................................... 109
voice music-on-hold ............................................................................................ 112
voice sound-file.................................................................................................... 113
execute .......................................................................................................... 114
backup ................................................................................................................. 115
certificate ............................................................................................................. 116
checklogdisk ........................................................................................................ 118
date ...................................................................................................................... 119
db......................................................................................................................... 120
dhcp lease-clear .................................................................................................. 121
dhcp lease-list...................................................................................................... 122
factoryreset .......................................................................................................... 123
nslookup .............................................................................................................. 124
partitionlogdisk .................................................................................................... 125
phone ................................................................................................................... 126
ping ...................................................................................................................... 127
ping-option .......................................................................................................... 128
ping6 .................................................................................................................... 129
ping6-option ........................................................................................................ 130
reboot................................................................................................................... 131
reload ................................................................................................................... 132
restore config ....................................................................................................... 133
restore image ....................................................................................................... 134
shutdown ............................................................................................................. 135
smtptest ............................................................................................................... 136
storage ................................................................................................................. 137
telnettest .............................................................................................................. 138
traceroute............................................................................................................. 139
user-config........................................................................................................... 140
get .................................................................................................................. 141
system performance ............................................................................................ 143
system status....................................................................................................... 144
show & show full-configuration .................................................................. 145
Index .............................................................................................................. 147
Fortinet Technologies Inc.
Page 5
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Using the CLI
The command line interface (CLI) is an alternative to the web-based manager.
Both can be used to configure the FortiVoice unit. However, to perform the configuration, in the
web-based manager, you would use buttons, icons, and forms, while, in the CLI, you would
either type lines of text that are commands, or upload batches of commands from a text file, like
a configuration script.
If you are new to Fortinet products, or if you are new to the CLI, this section can help you to
become familiar.
This section contains the following topics:
• Connecting to the CLI
• Command syntax
• Sub-commands
• Permissions
• Tips and tricks
Connecting to the CLI
You can access the CLI in two ways:
• Locally — Connect your computer directly to the FortiVoice unit’s console port.
• Through the network — Connect your computer through any network attached to one of
the FortiVoice unit’s network ports. The network interface must have enabled Telnet or SSH
administrative access.
Local access is required in some cases.
• If you are installing your FortiVoice unit for the first time and it is not yet configured to
connect to your network, unless you reconfigure your computer’s network settings for a peer
connection, you may only be able to connect to the CLI using a local serial console
connection. See the FortiVoice Setup and Administration Guide.
• Restoring the firmware utilizes a boot interrupt. Network access to the CLI is not available
until after the boot process has completed, and therefore local CLI access is the only viable
option.
Before you can access the CLI through the network, you usually must enable SSH and/or Telnet
on the network interface through which you will access the CLI.
This section includes:
• Connecting to the CLI using a local console
• Enabling access to the CLI through the network (SSH or Telnet)
• Connecting to the CLI using SSH
• Connecting to the CLI using Telnet
Connecting to the CLI using a local console
Local console connections to the CLI are formed by directly connecting your management
computer or console to the FortiVoice unit, using its DB-9 or RJ-45 console port.
Fortinet Technologies Inc.
Page 6
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Requirements
• a computer with an available serial communications (COM) port
• the RJ-45-to-DB-9 or null modem cable included in your FortiVoice package
• terminal emulation software such as PuTTY
The following procedure describes connection using PuTTY software; steps may vary with
other terminal emulators.
To connect to the CLI using a local serial console connection
1. Using the null modem or RJ-45-to-DB-9 cable, connect the FortiVoice unit’s console port to
the serial communications (COM) port on your management computer.
2. On your management computer, start PuTTY.
3. In the Category tree on the left, go to Connection > Serial and configure the following:
Serial line to connect
to
COM1 (or, if your computer has multiple serial ports, the
name of the connected serial port)
Speed (baud)
9600
Data bits
8
Stop bits
1
Parity
None
Flow control
None
4. In the Category tree on the left, go to Session (not the sub-node, Logging) and from
Connection type, select Serial.
5. Click Open.
6. Press the Enter key to initiate a connection.
The login prompt appears.
7. Type a valid administrator account name (such as admin) and press Enter.
8. Type the password for that administrator account then press Enter. (In its default state, there
is no password for the admin account.)
The CLI displays the following text, followed by a command line prompt:
Welcome!
You can now enter CLI commands, including configuring access to the CLI through SSH or
Telnet. For details, see “Enabling access to the CLI through the network (SSH or Telnet)” on
page 7.
Enabling access to the CLI through the network (SSH or Telnet)
SSH or Telnet access to the CLI requires connecting your computer to the FortiVoice unit using
one of its RJ-45 network ports. You can either connect directly, using a peer connection
between the two, or through any intermediary network.
You must enable SSH and/or Telnet on the network interface associated with that physical
network port. If your computer is not connected directly or through a switch, you must also
configure the FortiVoice unit with a static route to a router that can forward packets from the
FortiVoice unit to your computer.
Fortinet Technologies Inc.
Page 7
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
You can do this using either:
• a local console connection (see the following procedure)
• the web-based manager (see the FortiVoice Setup and Administration Guide)
Requirements
• a computer with an available serial communications (COM) port and RJ-45 port
• terminal emulation software such as PuTTY
• the RJ-45-to-DB-9 or null modem cable included in your FortiVoice package
• a network cable
• prior configuration of the network interface and static route (for details, see the FortiVoice
Setup and Administration Guide)
To enable SSH or Telnet access to the CLI using a local console connection
1. Using the network cable, connect the FortiVoice unit’s network port either directly to your
computer’s network port, or to a network through which your computer can reach the
FortiVoice unit.
2. Note the number of the physical network port.
3. Using a local console connection, connect and log into the CLI. For details, see “Connecting
to the CLI using a local console” on page 6.
4. Enter the following commands:
config system interface
edit <interface_name>
set allowaccess {http https ping snmp ssh telnet}
end
where:
• <interface_str> is the name of the network interface associated with the physical
network port, such as port1
• {aggregator http https ping ssh telnet webservice} is the complete,
space-delimited list of permitted administrative access protocols, such as https ssh
telnet; omit protocols that you do not want to permit
For example, to exclude HTTP, SNMP, and Telnet, and allow only HTTPS, ICMP ECHO (ping),
and SSH administrative access on port1:
config system interface
edit "port1"
set allowaccess ping https ssh
next
end
Telnet is not a secure access method. SSH should be used to access the CLI from the Internet
or any other untrusted network.
Fortinet Technologies Inc.
Page 8
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
5. To confirm the configuration, enter the command to view the access settings for the
interface.
show system interface <interface_name>
The CLI displays the settings, including the management access settings, for the interface.
To connect to the CLI through the network interface, see “Connecting to the CLI using SSH”
on page 9 or “Connecting to the CLI using Telnet” on page 10.
Connecting to the CLI using SSH
Once the FortiVoice unit is configured to accept SSH connections, you can use an SSH client
on your management computer to connect to the CLI.
Secure Shell (SSH) provides both secure authentication and secure communications to the CLI.
Supported SSH protocol versions, ciphers, and bit strengths vary by whether or not you have
enabled FIPS-CC mode, but generally include SSH version 2 with AES-128, 3DES, Blowfish,
and SHA-1.
Requirements
• a FortiVoice network interface configured to accept SSH connections (see “Enabling access
to the CLI through the network (SSH or Telnet)” on page 7)
• terminal emulation software such as PuTTY
To connect to the CLI using SSH
1. On your management computer, start PuTTY.
2. In Host Name (or IP Address), type the IP address of a network interface on which you have
enabled SSH administrative access.
3. In Port, type 22.
4. From Connection type, select SSH.
5. Click Open.
The SSH client connects to the FortiVoice unit.
The SSH client may display a warning if this is the first time you are connecting to the
FortiVoice unit and its SSH key is not yet recognized by your SSH client, or if you have
previously connected to the FortiVoice unit but it used a different IP address or SSH key. If
your management computer is directly connected to the FortiVoice unit with no network
hosts between them, this is normal.
6. Click Yes to verify the fingerprint and accept the FortiVoice unit’s SSH key. You will not be
able to log in until you have accepted the key.
7. The CLI displays a login prompt.
8. Type a valid administrator account name (such as admin) and press Enter.
You can alternatively log in using an SSH key. For details, see “system admin” on page 79.
Fortinet Technologies Inc.
Page 9
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
9 Type the password for this administrator account and press Enter.
If four incorrect login or password attempts occur in a row, you will be disconnected. Wait one
minute, then reconnect to attempt the login again.
The CLI displays a command line prompt (by default, its host name followed by a #). You can
now enter CLI commands.
Connecting to the CLI using Telnet
Once the FortiVoice unit is configured to accept Telnet connections, you can use a Telnet client
on your management computer to connect to the CLI.
Telnet is not a secure access method. SSH should be used to access the CLI from the Internet
or any other untrusted network.
Requirements
• a FortiVoice network interface configured to accept Telnet connections (see “Enabling
access to the CLI through the network (SSH or Telnet)” on page 7)
• terminal emulation software such as PuTTY
To connect to the CLI using Telnet
1. On your management computer, start PuTTY.
2. In Host Name (or IP Address), type the IP address of a network interface on which you have
enabled Telnet administrative access.
3. In Port, type 23.
4. From Connection type, select Telnet.
5. Click Open.
The CLI displays a login prompt.
6. Type a valid administrator account name (such as admin) and press Enter.
7. Type the password for this administrator account and press Enter.
If three incorrect login or password attempts occur in a row, you will be disconnected. Wait
one minute, then reconnect to attempt the login again.
The CLI displays a command line prompt (by default, its host name followed by a #). You can
now enter CLI commands.
Command syntax
When entering a command, the command line interface (CLI) requires that you use valid syntax,
and conform to expected input constraints. It will reject invalid commands.
Fortinet Technologies Inc.
Page 10
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Fortinet documentation uses the following conventions to describe valid command syntax.
Terminology
Each command line consists of a command word that is usually followed by words for the
configuration data or other specific item that the command uses or affects:
get system admin
To describe the function of each word in the command line, especially if that nature has
changed between firmware versions, Fortinet uses terms with the following definitions.
Figure 1: Command syntax terminology
Command
Subcommand Object
Table
config system interface
edit <port_name>
Option
set status {up | down}
set ip <interface_ipv4mask>
next
end
Field
Value
• command — A word that begins the command line and indicates an action that the
FortiVoice unit should perform on a part of the configuration or host on the network, such as
config or execute. Together with other words, such as fields or values, that end when you
press the Enter key, it forms a command line.
Valid command lines must be unambiguous if abbreviated. (See “Command abbreviation”
on page 19.) Optional words or other command line permutations are indicated by syntax
notation. (See “Notation” on page 12.)
This guide is organized alphabetically by object for the config command, and by the name
of the command for remaining top-level commands.
• sub-command — A kind of command that is available only when nested within the scope of
another command. After entering a command, its applicable sub-commands are available to
you until you exit the scope of the command, or until you descend an additional level into
another sub-command. Indentation is used to indicate levels of nested commands. (See
“Indentation” on page 12.)
Not all top-level commands have sub-commands. Available sub-commands vary by their
containing scope. (See “Sub-commands” on page 14.)
• object — A part of the configuration that contains tables and/or fields. Valid command lines
must be specific enough to indicate an individual object.
• table — A set of fields that is one of possibly multiple similar sets which each have a name
or number, such as an administrator account, policy, or network interface. These named or
Fortinet Technologies Inc.
Page 11
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
numbered sets are sometimes referenced by other parts of the configuration that use them.
(See “Notation” on page 12.)
• field — The name of a setting, such as ip or hostname. Fields in some tables must be
configured with values. Failure to configure a required field will result in an invalid object
configuration error message, and the FortiVoice unit will discard the invalid table.
• value — A number, letter, IP address, or other type of input that is usually your configuration
setting held by a field. Some commands, however, require multiple input values which may
not be named but are simply entered in sequential order in the same command line. Valid
input types are indicated by constraint notation. (See “Notation” on page 12.)
• option — A kind of value that must be one or more words from of a fixed set of options. (See
“Notation” on page 12.)
Indentation
Indentation indicates levels of nested commands, which indicate what other sub-commands
are available from within the scope.
For example, the edit sub-command is available only within a command that affects tables,
and the next sub-command is available only from within the edit sub-command:
config system interface
edit port1
set status up
next
end
For information about available sub-commands, see “Sub-commands” on page 14.
Notation
Brackets, braces, and pipes are used to denote valid permutations of the syntax. Constraint
notations, such as <address_ipv4>, indicate which data types or string patterns are
acceptable value input.
Table 1: Command syntax notation
Convention
Description
Square brackets [ ]
A non-required word or series of words. For example:
[verbose {1 | 2 | 3}]
indicates that you may either omit or type both the verbose word
and its accompanying option, such as:
verbose 3
Fortinet Technologies Inc.
Page 12
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 1: Command syntax notation
Angle brackets < >
A word constrained by data type.
To define acceptable input, the angled brackets contain a descriptive
name followed by an underscore ( _ ) and suffix that indicates the
valid data type. For example:
<retries_int>
indicates that you should enter a number of retries, such as 5.
Data types include:
• <xxx_name>: A name referring to another part of the
configuration, such as policy_A.
• <xxx_index>: An index number referring to another part of the
configuration, such as 0 for the first static route.
• <xxx_pattern>: A regular expression or word with wild cards
that matches possible variations, such as *@example.com to
match all email addresses ending in @example.com.
• <xxx_fqdn>: A fully qualified domain name (FQDN), such as
mail.example.com.
• <xxx_email>: An email address, such as
admin@mail.example.com.
• <xxx_url>: A uniform resource locator (URL) and its associated
protocol and host name prefix, which together form a uniform
resource identifier (URI), such as
http://www.fortinet./com/.
• <xxx_ipv4>: An IPv4 address, such as 192.168.1.99.
• <xxx_v4mask>: A dotted decimal IPv4 netmask, such as
255.255.255.0.
• <xxx_ipv4mask>: A dotted decimal IPv4 address and netmask
separated by a space, such as
192.168.1.99 255.255.255.0.
• <xxx_ipv4/mask>: A dotted decimal IPv4 address and
CIDR-notation netmask separated by a slash, such as such as
192.168.1.99/24.
• <xxx_ipv4range>: A hyphen ( - )-delimited inclusive range of
IPv4 addresses, such as 192.168.1.1-192.168.1.255.
• <xxx_ipv6>: A colon( : )-delimited hexadecimal IPv6 address,
such as 3f2e:6a8b:78a3:0d82:1725:6a2f:0370:6234.
• <xxx_v6mask>: An IPv6 netmask, such as /96.
• <xxx_ipv6mask>: An IPv6 address and netmask separated by a
space.
• <xxx_str>: A string of characters that is not another data type,
such as P@ssw0rd. Strings containing spaces or special
characters must be surrounded in quotes or use escape
sequences. See “Special characters” on page 19.
• <xxx_int>: An integer number that is not another data type,
such as 15 for the number of minutes.
Fortinet Technologies Inc.
Page 13
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 1: Command syntax notation
Curly braces { }
A word or series of words that is constrained to a set of options
delimited by either vertical bars or spaces.
You must enter at least one of the options, unless the set of options
is surrounded by square brackets [ ].
Options
delimited by
vertical bars |
Mutually exclusive options. For example:
{enable | disable}
indicates that you must enter either enable or disable, but must
not enter both.
Options
delimited by
spaces
Non-mutually exclusive options. For example:
{http https ping snmp ssh telnet}
indicates that you may enter all or a subset of those options, in any
order, in a space-delimited list, such as:
ping https ssh
Note: To change the options, you must re-type the entire list. For
example, to add snmp to the previous example, you would type:
ping https snmp ssh
If the option adds to or subtracts from the existing list of options,
instead of replacing it, or if the list is comma-delimited, the exception
will be noted.
Sub-commands
Once you have connected to the CLI, you can enter commands.
Each command line consists of a command word that is usually followed by words for the
configuration data or other specific item that the command uses or affects:
get system admin
Sub-commands are available from within the scope of some commands.When you enter a
sub-command level, the command prompt changes to indicate the name of the current
command scope. For example, after entering:
config system admin
the command prompt becomes:
(admin)#
Applicable sub-commands are available to you until you exit the scope of the command, or until
you descend an additional level into another sub-command.
Fortinet Technologies Inc.
Page 14
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
For example, the edit sub-command is available only within a command that affects tables;
the next sub-command is available only from within the edit sub-command:
config system interface
edit port1
set status up
next
end
Sub-command scope is indicated in this guide by indentation. See “Indentation” on page 12.
Available sub-commands vary by command.From a command prompt within config, two
types of sub-commands might become available:
• commands affecting fields
• commands affecting tables
Syntax examples for each top-level command in this CLI Reference do not show all available
sub-commands. However, when nested scope is demonstrated, you should assume that
sub-commands applicable for that level of scope are available.
Table 2: Commands for tables
delete
<table_name>
Remove a table from the current object.
For example, in config system admin, you could delete an
administrator account named newadmin by typing delete newadmin
and pressing Enter. This deletes newadmin and all its fields, such as
newadmin’s name and email-address.
delete is only available within objects containing tables.
edit
<table_name>
Create or edit a table in the current object.
For example, in config system admin:
• edit the settings for the default admin administrator account by
typing edit admin.
• add a new administrator account with the name newadmin and edit
newadmin‘s settings by typing edit newadmin.
edit is an interactive sub-command: further sub-commands are
available from within edit.
edit changes the prompt to reflect the table you are currently editing.
edit is only available within objects containing tables.
end
Fortinet Technologies Inc.
Save the changes to the current object and exit the config command. This
returns you to the top-level command prompt.
Page 15
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 2: Commands for tables
List the configuration of the current object or table.
get
• In objects, get lists the table names (if present), or fields and their
values.
• In a table, get lists the fields and their values.
Remove all tables in the current object.
purge
For example, in config forensic user, you could type get to see
the list of user names, then type purge and then y to confirm that you
want to delete all users.
purge is only available for objects containing tables.
Caution: Back up the FortiVoice unit before performing a purge. purge
cannot be undone. To restore purged tables, the configuration must be
restored from a backup. For details, see backup.
Caution: Do not purge system interface or system admin tables.
purge does not provide default tables. This can result in being unable to
connect or log in, requiring the FortiVoice unit to be formatted and
restored.
rename
<table_name>
to
<table_name>
Rename a table.
For example, in config system admin, you could rename admin3 to
fwadmin by typing rename admin3 to fwadmin.
rename is only available within objects containing tables.
Display changes to the default configuration. Changes are listed in the
form of configuration commands.
show
Example of table commands
From within the system admin object, you might enter:
edit admin_1
The CLI acknowledges the new table, and changes the command prompt to show that you are
now within the admin_1 table:
new entry 'admin_1' added
(admin_1)#
Table 3: Commands for fields
abort
Exit both the edit and/or config commands without saving
the fields.
end
Save the changes made to the current table or object fields,
and exit the config command. (To exit without saving, use
abort instead.)
get
List the configuration of the current object or table.
• In objects, get lists the table names (if present), or fields
and their values.
• In a table, get lists the fields and their values.
Fortinet Technologies Inc.
Page 16
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 3: Commands for fields
next
Save the changes you have made in the current table’s fields,
and exit the edit command to the object prompt. (To save and
exit completely to the root prompt, use end instead.)
next is useful when you want to create or edit several tables in
the same object, without leaving and re-entering the config
command each time.
next is only available from a table prompt; it is not available
from an object prompt.
set
<field_nam
e> <value>
Set a field’s value.
For example, in config system admin, after typing edit
admin, you could type set passwd newpass to change the
password of the admin administrator to newpass.
Note: When using set to change a field containing a
space-delimited list, type the whole new list. For example, set
<field> <new-value> will replace the list with the
<new-value> rather than appending <new-value> to the list.
show
Display changes to the default configuration. Changes are
listed in the form of configuration commands.
unset
<field_nam
e>
Reset the table or object’s fields to default values.
For example, in config system admin, after typing edit
admin, typing unset passwd resets the password of the
admin administrator account to the default (in this case, no
password).
Example of field commands
From within the admin_1 table, you might enter:
set passwd my1stExamplePassword
to assign the value my1stExamplePassword to the passwd field. You might then enter the
next command to save the changes and edit the next administrator’s table.
Permissions
Depending on the account that you use to log in to the FortiVoice unit, you may not have
complete access to all CLI commands or areas of the web-based manager.
Access profiles control which commands and areas an administrator account can access.
Access profiles assign either read, write, or no access to each area of the FortiVoice software.
To view configurations, you must have read access. To make changes, you must have write
access. For more information on configuring an access profile that administrator accounts can
use, see “system accprofile” on page 78.
Unlike other administrator accounts whose Access profile is super_admin_prof, the admin
administrator account exists by default and cannot be deleted. The admin administrator
account is similar to a root administrator account. This administrator account always has full
permission to view and change all FortiVoice configuration options, including viewing and
changing all other administrator accounts. It is the only administrator account that can reset
another administrator’s password without being required to enter the existing password. As
Fortinet Technologies Inc.
Page 17
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
such, it is the only account that can reset another administrator’s password if that administrator
forgets his or her password.
Set a strong password for the admin administrator account, and change the password
regularly. By default, this administrator account has no password. Failure to maintain the
password of the admin administrator account could compromise the security of your FortiVoice
unit.
Tips and tricks
Basic features and characteristics of the CLI environment provide support and ease of use for
many CLI tasks.
This section includes:
• Help
• Shortcuts and key commands
• Command abbreviation
• Special characters
• Language support
• Baud rate
• Editing the configuration file on an external host
Help
To display brief help during command entry, press the question mark (?) key.
• Press the question mark (?) key at the command prompt to display a list of the commands
available and a description of each command.
• Type a word or part of a word, then press the question mark (?) key to display a list of valid
word completions or subsequent words, and to display a description of each.
Shortcuts and key commands
Table 4: Shortcuts and key commands
Action
Keys
List valid word completions or subsequent words.
?
If multiple words could complete your entry, display all possible
completions with helpful descriptions of each.
Recall the previous command.
Command memory is limited to the current session.
Up arrow, or
Ctrl + P
Recall the next command.
Down arrow,
or
Ctrl + N
Move the cursor left or right within the command line.
Left or Right
arrow
Fortinet Technologies Inc.
Page 18
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 4: Shortcuts and key commands
Move the cursor to the beginning of the command line.
Ctrl + A
Move the cursor to the end of the command line.
Ctrl + E
Move the cursor backwards one word.
Ctrl + B
Move the cursor forwards one word.
Ctrl + F
Delete the current character.
Ctrl + D
Abort current interactive commands, such as when entering
multiple lines.
Ctrl + C
Command abbreviation
In most cases, you can abbreviate words in the command line to their smallest number of
non-ambiguous characters. For example, the command get system status could be
abbreviated to g sy st.
Some commands may not be abbreviated. See the notes in the specific commands.
Special characters
The characters <, >, (,), #, ', and “ are not permitted in most CLI fields. These characters are
special characters, sometimes also called reserved characters.
You may be able to enter a special character as part of a string’s value by using a special
command, enclosing it in quotes, or preceding it with an escape sequence — in this case, a
backslash ( \ ) character.
Table 5: Entering special characters
Character
Keys
?
Ctrl + V then ?
Tab
Ctrl + V then Tab
Space
Enclose the string in quotation marks: "Security
Administrator".
(to be
interpreted as Enclose the string in single quotes: 'Security
part of a string Administrator'.
value, not to
Precede the space with a backslash: Security\
end the string)
Administrator.
'
\'
(to be
interpreted as
part of a string
value, not to
end the string)
Fortinet Technologies Inc.
Page 19
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Table 5: Entering special characters
"
\"
(to be
interpreted as
part of a string
value, not to
end the string)
\
\\
Language support
Characters such as ñ, é, symbols, and ideographs are sometimes acceptable input. Support
varies by the nature of the item being configured.
For example, the host name must not contain special characters, and so the web-based
manager and CLI will not accept most symbols and non-ASCII encoded characters as input
when configuring the host name. This means that languages other than English often are not
supported. But dictionary profiles support terms encoded in UTF-8, and therefore support a
number of languages.
It is simplest to use only US-ASCII characters when configuring the FortiVoice unit using the
web-based manager or CLI. Using only ASCII, you do not need to worry about:
• web browser language support
• Telnet and/or SSH client support
• font availability
• compatibility of your input’s encoding with the encoding/language setting of the web UI
• switching input methods when entering a command word such as get in ASCII but a setting
that uses a different encoding
If you choose to configure parts of the FortiVoice unit using non-ASCII characters, verify that
all systems interacting with the FortiVoice unit also support the same encodings. You should
also use the same encoding throughout the configuration if possible in order to avoid needing
to switch the language settings of the web-based manager and your web browser or
Telnet/SSH client while you work.
Baud rate
You can change the default baud rate of the local console connection. For more information,
see the FortiVoice Setup and Administration Guide.
Editing the configuration file on an external host
You can edit the FortiVoice configuration on an external host by first backing up the
configuration file to a TFTP server. Then edit the configuration file and restore it to the FortiVoice
unit.
Editing the configuration on an external host can be time-saving if you have many changes to
make, especially if your plain text editor provides advanced features such as batch changes.
To edit the configuration on your computer
1. Use backup to download the configuration file to a TFTP server, such as your management
computer.
Fortinet Technologies Inc.
Page 20
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
2. Edit the configuration file using a plain text editor that supports Unix-style line endings.
Do not edit the first line. The first line(s) of the configuration file (preceded by a # character)
contains information about the firmware version and FortiVoice model. If you change the model
number, the FortiVoice unit will reject the configuration file when you attempt to restore it.
• Use restore config to upload the modified configuration file back to the FortiVoice unit.
The FortiVoice unit downloads the configuration file and checks that the model information is
correct. If it is, the FortiVoice unit loads the configuration file and checks each command for
errors. If a command is invalid, the FortiVoice unit ignores the command. If the configuration
file is valid, the FortiVoice unit restarts and loads the new configuration.
Fortinet Technologies Inc.
Page 21
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
config
config commands configure your FortiVoice unit’s settings.
This chapter describes the following commands:
customized-message
profile caller-id-translate
system time manual
dialplan did-mapping
profile sip-setting
system time ntp
dialplan inbound
report
system voicemail
config dialplan outbound
service auto-attendant
trunk office-peer
extension group
service conference
trunk pstn
extension paging
service recording
trunk sip-peer
extension preference
system accprofile
voice music-on-hold
extension remote
system admin
voice sound-file
extension ring-group
system appearance
extension user
system auto-provisioning
log setting remote
system certificate ca
log setting local
system certificate crl
log alertemail recipient
system certificate local
log alertemail setting
system certificate remote
mailsetting relayserver
system ddns
pbx account-code
system dhcp server
pbx call-parking
system dns
pbx feature-access-code
system global
pbx location
system interface
pbx number-management
system mailserver
pbx rating-table
system password-policy
pbx schedule
system port-forwarding
pbx storage-capacity
system route
pbx system-speed-dial
system sip-setting
pbx user-privilege
Fortinet Technologies Inc.
Page 22
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
customized-message
Use this command to configure default notification email templates.
The FortiVoice unit sends out notification email when you have a new voicemail in your mailbox
or missed a call. You can customize the email templates for the email notifications.
You can change the content of the email template by editing the text and HTML codes and by
working with email template variables.
Syntax
This command contains many sub-commands. Each sub-command, linked in the table below,
is documented in subsequent sections.
config customized-message
edit <message_name>
next
end
Variable
Description
Default
<message_name>
Select the email template that you want to customize.
No default.
The message name include:
• email-template-notify-generic
• fv-missed-call-notify
• fv-voicemail-notify
• login-disclaimer
email-template-notify-generic
Use this sub-command to configure the variables and the default email template of the generic
email notification.
Syntax
This sub-command is available from within the command customized-message.
edit email-template-notify-generic
config variable
edit <name>
set content
set display-name
config email-template
edit default
set env-from <string>
set from <string>
set html-body <string>
set subject <string>
set text-body <string>
set to <string>
end
Fortinet Technologies Inc.
Page 23
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
<name>
Enter a variable name that you want to add or edit, such
as %%FILE%%.
content
Enter the content for the variable.
display-name
Enter the display name for the variable. For example, the
display name for vm_date can be voicemail date.
env-from <string>
Enter the mail sender’s address. This is the address for
bounce messages.
from <string>
Enter the email address for the From field of the
notification email.
html-body <string>
Enter the replacement message for the email body in
HTML code.
subject <string>
Enter the replacement message for the subject field of
the notification.
text-body <string>
Enter the replacement message for the email body in text
format.
to <string>
Enter the email address for the To field of the notification
email.
fv-missed-call-notify
Use this sub-command to configure the variables and the default content of the email
notification for missed calls.
Syntax
This sub-command is available from within the command customized-message.
edit fv-missed-call-notify
config variable
edit <name>
set content
set display-name
config email-template
edit default
set env-from <string>
set from <string>
set subject <string>
set text-body <string>
end
Variable
Description
<name>
Enter a variable name that you want to add or edit, such
as %%FILE%%.
content
Enter the content for the variable.
display-name
Enter the display name for the variable. For example, the
display name for %%FILE%% can be notification.
env-from <string>
Enter the mail sender’s address. This is the address for
bounce messages.
Fortinet Technologies Inc.
Page 24
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
from <string>
Enter the email address for the From field of the
notification email.
subject <string>
Enter the replacement message for the subject field of
the notification.
text-body <string>
Enter the replacement message for the email body in text
format.
fv-voicemail-notify
Use this sub-command to configure the variables and the default content of the email
notification for voicemails.
Syntax
This sub-command is available from within the command customized-message.
edit fv-voicemail-notify
config variable
edit <name>
set content
set display-name
config email-template
edit default
set env-from <string>
set from <string>
set subject <string>
set text-body <string>
end
Variable
Description
Default
<name>
Enter a variable name that you want to add or edit, such
as %%FILE%%.
content
Enter the content for the variable.
display-name
Enter the display name for the variable. For example, the
display name for %%FILE%% can be Template.
env-from <string>
Enter the mail sender’s address. This is the address for
bounce messages.
from <string>
Enter the email address for the From field of the
notification email.
subject <string>
Enter the replacement message for the subject field of
the notification.
text-body <string>
Enter the replacement message for the email body in text
format.
login-disclaimer
Use this sub-command to configure the variables and the default content of the FortiVoice
system login disclaimer.
Fortinet Technologies Inc.
Page 25
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Syntax
This sub-command is available from within the command customized-message.
edit login-disclaimer
config variable
edit <name>
set content
set display-name
config message
edit default
set content <string>
set format {html | multiline | text}
end
Variable
Description
Default
<name>
Enter a variable name that you want to add or edit, such
as %%WARNING%%.
content
Enter the content for the variable.
display-name
Enter the display name for the variable. For example, the
display name for %%WARNING%% can be Disclaimer.
content <string>
Enter the replacement message for the login disclaimer.
format {html | multiline | Select the format for the login disclaimer.
text}
Fortinet Technologies Inc.
Page 26
html
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
dialplan did-mapping
Use this command to configure how to map Direct Inward Dialing (DID) numbers.
Local phone companies offer DID service to provide a block of telephone numbers for calling
into an company’s PBX system over limited rented physical lines (also called "trunk lines").
Depending on the phone numbers you rent, some workstations may not get DID numbers.
Instead, they have extensions. In this case, you can map a DID number to the extensions based
on the calling numbers.
Syntax
config dialplan did-mapping
edit <name>
config mapping
edit <No.>
set caller-id-pattern <string>
set did <string>
set extension <string>
set option {inbound | outbound}
set fallback-action {auto-attendant | dial-extension | dialoperator | dial-voicemail | hang-up }
set incoming-trunk <name>
set status {enable | disable}
end
Variable
Description
Default
<name>
Enter a name for the DID setting.
<No.>
Enter a record number for the DID mapping.
caller-id-pattern <string> Enter the caller’s phone number in the Value field.
You can add multiple calling numbers.
Only these callers will reach the mapped extension when
they dial the DID number.
did <string>
Enter the DID number that you want to map to an
extension.
extension <string>
Enter the extension that you want to map to the DID
number.
option {inbound |
outbound}
Enter Inbound to direct incoming calls to the extension inbound
through the mapped DID.
Enter Outbound to send the DID numbers of the
extensions mapped to the DID with outgoing calls so
that the DID numbers can display on the called phones.
Select how the calling numbers match the caller ID
pattern.
Currently, only the equivalent numbers can reach the
mapped extensions when they dial the DID number.
extension <string>
Fortinet Technologies Inc.
If you select dial-extension or dial voicemail
for fallback-action, enter the extension number.
Page 27
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
auto-attendant <name>
If you select auto-attendant for fallback-action,
enter the auto attendant name.
fallback-action {autoSelect the action to take if a caller not in the caller list
hang-up
attendant | dial-extension dialed the DID number mapped to the extensions.
| dial-operator | dialFor some actions, you need to enter the extension, such
voicemail | hang-up }
as Dial voicemail.
incoming-trunk <name>
Enter the trunk used for dialing the DIDs.
status {enable | disable}
Enable or disable this DID setting.
Fortinet Technologies Inc.
Page 28
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
dialplan inbound
Use this command to configure dial plans for incoming calls to the FortiVoice unit.
When the FortiVoice unit receives a call, the call is processed according to the inbound dial
plan. To process the call, the FortiVoice unit selects the dial plan rule that best matches the
dialed number and processes the call using the settings in the dial plan rule. For example, if
your main line is 123-4567, you can set a dial plan rule that sends all incoming calls dialing 1234567 to the auto attendant. Once the auto attendant is reached, the callers can follow the
instructions, for instance, to dial an extension.
Syntax
config dialplan inbound
edit <name>
config from-callerid
edit <No.>
set number-pattern <string>
config <dial-pattern>
set pattern <string>
set postfix <string>
set prefix <string>
set strip-digits <integer>
set call-handling {call-routing | dial-local -number | endpointaction}
set from-trunk <name>
set match-dialed-did <string>
set status {enable | disable}
end
Variable
Description
Default
<name>
Enter a name for the inbound plan.
<No.>
Enter a record number for the caller ID match.
number-pattern <string>
Enter an incoming call’s display name string or the caller’
phone number string as the pattern.
Caller IDs under this pattern are subject to this inbound
plan.
For information on pattern-matching syntax and patternmatching examples, see “pbx number-management” on
page 57.
<endpoint-action>
This action is available if endpoint-action is selected
for <endpoint-action>.
<No.>
Enter a record number for the endpoint action.
action {auto-attendant |
dial-extension | dialoperator | dial-voicemail |
hang-up | hang-up |
lookup-name-directory |
no-action | playannouncement}
Select an action for the incoming calls under this plan.
Fortinet Technologies Inc.
no-action
For some actions, you need to enter the extension (such
as Go voicemail) or select a profile (such as Play
announcement).
Page 29
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
extension <string>
If you select dial-extension or dial voicemail
for action, enter the extension number.
auto-attendant <name>
If you select auto-attendant for action, enter the
auto attendant name.
announcement <name>
If you select play-announcement for action, enter
the name of a sound profile.
schedule <name>
Enter the FortiVoice operation schedule for the action.
<dial-pattern>
This action is available if dial-pattern is selected for
<endpoint-action>.
pattern <string>
Enter the number pattern for this dial plan.
For information on pattern-matching syntax and patternmatching examples, see “pbx number-management” on
page 57.
postfix <string>
Add a number after a pattern.
For example, if your pattern is 9XXX and the numbers
under this pattern have been upgraded to have an
additional digit 5 at the end, you can enter 5 for the
Postfix. When an incoming call matches the pattern,
the FortiVoice unit will add a 5 after the number.
prefix <string>
Add a number before a pattern.
For example, if your pattern is 9XXX and the numbers
under this pattern have been upgraded to have an
additional digit 5 at the beginning, you can enter 5 for the
Prefix. When an incoming call matches the pattern, the
FortiVoice unit will add a 5 before the number.
strip-digits <integer>
Enter a number to omit dialing the starting part of a
pattern. 0 means no action.
0
For example, if your pattern is 222XXXX and Stripdigits is 3, the FortiVoice unit will only dial the last four
digits for all called numbers matching the pattern.
call-handling {callrouting | dial-local number | endpointaction}
Select the type of action for the plan and configure the
actions accordingly.
endpointaction
• Call routing: Select if you want to route incoming calls
(to the FortiVoice unit) to an external phone system
using an outbound dial plan.
• Dial local number: Select if you want to send
incoming calls to the local destinations at any time.
For example, you can enter 222xxxx as a pattern and
strip 222. The FortiVoice unit will only dial the last four
digits for all called numbers matching the pattern.
• Endpoint action: Select if you want to send incoming
calls to the local destinations according to operation
schedules. For example, send calls to the voicemail
after business hours.
from-trunk <name>
Fortinet Technologies Inc.
Enter the trunk for the incoming calls that are subject to
this dial plan.
Page 30
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
match-dialed-did
<string>
Enter one phone number pattern in your dial plan to
match many different numbers.
The called numbers matching this pattern will follow this
dial plan rule.
Create the number match following the pattern-matching
syntax and pattern-matching examples in “pbx numbermanagement” on page 57.
status {enable | disable}
Fortinet Technologies Inc.
Enable or disable this dial plan.
Page 31
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
config dialplan outbound
Use this sub-command to configure dial plans for outgoing calls from the FortiVoice unit.
You can configure dial plans on the FortiVoice unit to route calls made from a FortiVoice
extension to an external phone system. The external phone system can be one or more PSTN
lines or a VoIP service provider. To route calls to an external phone system, you add dial plan
rules that define the extra digits that extension users must dial to call out of the FortiVoice unit.
The rules also control how the FortiVoice unit handles these calls including whether to block or
allow the call, the destinations the calls are routed to and whether to add digits to the beginning
of the dialed number.
For example, if users should be able to dial 911 for emergencies, you should include a dial plan
rule that sends all calls that begin with 911 to an external phone system. This rule should also
override the default outgoing prefix so that users can dial 911 without having to dial 9 first.
Syntax
config dialplan outbound
edit <name>
config call-handling
edit <No.>
set action {allow | allow-with-warning | deny | deny-withwarning}
set delay <integer>
set modify-callerid <name>
set schedule <name>
set trunk-out <name>
config dial pattern
edit <No.>
set pattern <string>
set postfix <string>
set prefix <string>
set strip-digits <integer>
config from-callerid
edit <No.>
set number-pattern <string>
set status {enable | disable}
set option <emergency-call>
end
Variable
Description
<name>
Enter a name for the outbound plan.
<No.>
Enter a record number for the call handling action.
action {allow | allowwith-warning | deny |
deny-with-warning}
Enter the call handling action for the numbers matching
the configured number pattern and the caller IDs
matching the caller ID pattern.
allow
delay <integer>
If you want to discourage certain users for making
outbound calls, enter the call delay time in seconds.
0
modify-callerid <name>
Enter the caller ID modification configuration.
schedule <name>
Enter the FortiVoice operation schedule for the action.
Fortinet Technologies Inc.
Page 32
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
trunk-out <name>
Enter the SIP trunk name for the outbound calls.
<No.>
Enter a record number for the dial pattern.
pattern <string>
Enter the number pattern for this dial plan.
For information on pattern-matching syntax and patternmatching examples, see “pbx number-management” on
page 57.
postfix <string>
Add a number after a pattern.
For example, if your pattern is 9XXX and the numbers
under this pattern have been upgraded to have an
additional digit 5 at the end, you can enter 5 for the
Postfix. When an incoming call matches the pattern,
the FortiVoice unit will add a 5 after the number.
prefix <string>
Add a number before a pattern.
For example, if your pattern is 9XXX and the numbers
under this pattern have been upgraded to have an
additional digit 5 at the beginning, you can enter 5 for the
Prefix. When an incoming call matches the pattern, the
FortiVoice unit will add a 5 before the number.
strip-digits <integer>
Enter a number to omit dialing the starting part of a
pattern. 0 means no action.
0
For example, if your pattern is 222XXXX and Stripdigits is 3, the FortiVoice unit will only dial the last four
digits for all called numbers matching the pattern.
<No.>
Enter a record number for the caller ID pattern.
number-pattern <string>
Enter the caller ID pattern for this dial plan.
You can enter a caller’s display name string or the caller’
phone number string as the pattern.
Callers with IDs under this pattern are subject to this
plan.
Create the number pattern following the patternmatching syntax and pattern-matching examples in “pbx
number-management” on page 57.
status {enable | disable}
Enable or disable this dial plan.
enable
option <emergency-call> Set to allow emergency call with this plan.
Fortinet Technologies Inc.
Page 33
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension group
Use this sub-command to configure extension groups using the extensions created.
Syntax
config extension group
edit <group-name>
set member
end
Variable
Description
<group-name>
Enter a name for the extension group.
member
Enter the existing extension numbers or extension group
names to include in this group.
Fortinet Technologies Inc.
Page 34
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension paging
Use this sub-command to configure page groups using the extensions created.
A page group is a group of extensions that can be paged using one number. Page groups
require telephones that support group paging.
A page group can reach a group of extensions. For example, page group 301 can ring the sales
group at extensions 111, 112, 113, and 114. When a customer calls the sales group, the first
available salesperson answers for the group.
Syntax
config extension group
edit <group-name>
set number <string>
set status {enable | disable}
end
Variable
Description
Default
<group-name>
Enter a name for the extension group.
group
Enter the existing extension numbers or extension group
names to include in this group.
number <string>
Enter the page group number following the extension
number pattern.
This is the number that, once paged, will ring all the
extensions in the group.
status {enable | disable}
Fortinet Technologies Inc.
Enable or disable this page group.
Page 35
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension preference
Use this sub-command to configure extensions user preferences.
Each SIP and analog extension comes with its default user preferences, including voicemail
settings and phone display preference. You can modify these settings.
Syntax
config extension preference
edit <name>
config <call-management>
edit {normal | no-answer | busy | dnd | unavailable | blacklist}
config call-process
edit id <call_process_id>
set schedule <name>
set action {auto-attendant | default | follow-me |
forward | hang-up | play-announcement | playbusy-tone | ring-phone | voicemail}
set follow-me <name>
set sound-file <name>
set auto-attendant <name>
set phone-number <string>
set active-action {system-default | user-define}
config <follow-me>
edit name
aset followme-sequence {array_position | reset} <number>
<order> <timeout>
config <phone-feature-key>
edit <id>
set function {call-forward | call-log | call-return |
conference | extension-appearance | headset | hold |
intercom | line-appearance | message | mute | noconfiguration | no-function | one-key-dial | phonebook | pickup-transfer | redial | ringer-off | system-
Fortinet Technologies Inc.
Page 36
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
speed-dial | transfer | transparent-mode | unpark |
user-defined | voicemail}
set info <string>
config <speed-dial>
edit key
set number
set black-list <string>
set call-forward-number <string>
set call-forward-status {enable | disable}
set call-waiting {enable | disable}
set displayname <string>
set do-not-disturb {enable | disable}
set e911-caller-id <string>
set email <string>
set email-option {attachment | non | simple}
set external-caller-id <string>
set language {chinese-simplified | chinese-traditional | english
| french | japanese | korean | portuguese | spanish}
set message-waiting-indication {enable | disable}
set missed-call-notification {enable | disable}
set ring-duration <integer>
set theme <integer>
set timezone <integer>
set voicemail-pin <string>
end
Variable
Description
Default
<name>
Enter the extension number of which the user
preferences can be configured.
<call-management>
Manage the call process. For example, you can
configure the process to forward a call to another
number on a specific schedule.
normal
{normal | no-answer |
Enter a call status.
busy | dnd | unavailable |
Each status can only be used for one call management
black-list}
configuration.
id <call_process_id>
Enter the ID for the call process.
schedule <name>
Enter the name of the pre-configured schedule for the
call action.
action {auto-attendant | Enter an action for the call process.
default | follow-me |
forward | hang-up | playannouncement | playbusy-tone | ring-phone |
voicemail}
follow-me <name>
If you entered follow-me for action, enter a follow
me profile.
sound-file <name>
If you entered play-announcement for action,
enter a sound file.
Fortinet Technologies Inc.
Page 37
defaults
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
auto-attendant <name>
If you entered auto-attendant for action, enter an
auto attendant profile.
phone-number <string>
If you entered forward for action, enter the number
to which you want to forward the call.
{system-default | userdefine}
Enter a call process type.
<speed-dial>
Map a phone key to a phone number for speed dialing.
key
Enter the phone key to map to a phone number for
speed dialing.
number
Enter the phone number to map to a phone key for
speed dialing.
<follow-me>
This feature allows a call to an extension to be
transferred to another destination when you are not
available.
name
Enter a name for the follow me setting.
followme-sequence
{array_position | reset}
<number> <order>
<timeout>
Configure the follow me setting:
systemdefault
• array_position | reset: Enter the order
number of the follow me number in the sequence to
be dialed. Reset clears all records.
Change the array order following the imbedded
example.
• number: Enter the follow me number to be called.
• order: This is optional and has no impact on the
follow me setting.
• timeout: Enter the phone ringing duration in
seconds before the call goes to voicemail or next
number in the sequence.
<phone-feature-key>
Allows you to program the phone keys.
This option is only available if you configure user
preferences for the extensions of FortiFone 350i and
above.
The number of programmable keys is as following:
• FortiFone 350i: 8
• FortiFone 450i: 12
• FortiFone 550i: 24
Note that keys 1 and 2 are reserved and cannot be
programmed.
<id>
Fortinet Technologies Inc.
Enter the key number to which you want to map a
function.
Page 38
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
function {call-forward | Enter the function that you want to assign to a key.
call-log | call-return |
conference | extensionappearance | headset |
hold | intercom | lineappearance | message |
mute | no-configuration |
no-function | one-keydial | phone-book |
pickup-transfer | redial |
ringer-off | systemspeed-dial | transfer |
transparent-mode |
unpark | user-defined |
voicemail}
noconfiguration
info <string>
Enter any information for the function you select.
black-list <string>
Enter the phone number you want to block from calling
this extension.
call-forward-number
<string>
Enter the phone number to forward the calls. This
function only works if call forwarding is enabled in callforward-status {enable | disable}.
call-forward-status
{enable | disable}
Enable the call forward function and configure callforward-number <string>.
disable
call-waiting {enable |
disable}
Enable call waiting.
enable
displayname <string>
Enter the name displaying on the extension. This is
usually the name of the extension user.
do-not-disturb {enable |
disable}
Enable DND.
e911-caller-id <string>
Enter the caller ID to display on the destination phone
when you dial the emergency number 911.
email <string>
Enter the email address to which the email notifications
are sent.
email-option
{attachment | non |
simple}
Enter the type of email notification when you have a
voicemail.
disable
• None: Do not send any notification.
• Simple: Send an email notification.
• Attachment: Send an email notification with the
voicemail attached.
external-caller-id
<string>
Enter the caller ID you want to display on a called phone
instead of the FortiVoice main number or the trunk
phone number.
language {chineseEnter the language for the FortiVoice user web portal.
simplified | chinesetraditional | english |
french | japanese | korean
| portuguese | spanish}
Fortinet Technologies Inc.
Page 39
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
message-waitingindication {enable |
disable}
Enable phone indication that a message is received.
enable
missed-call-notification
{enable | disable}
Enable to send an email when an incoming call is
missed.
enable
ring-duration <integer>
Enter the phone ringing duration in seconds before an
incoming call goes to voicemail.
18
theme <integer>
Enter the number representing the display theme for the 0
FortiVoice user web portal.
...0 means
timezone <integer>
Enter the number representing the time zone for the
FortiVoice user web portal.
4
voicemail-pin <string>
Change the default password for accessing the voice
mailbox and the FortiVoice user web portal.
123123
Fortinet Technologies Inc.
Page 40
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension remote
Use this sub-command to configure remote extensions.
A remote extension reaches an external phone by automatically selecting a line from a trunk and
dialing the phone number. For example, a remote extension could reach an employee’s cell
phone or home phone, or a phone at a branch office.
A caller can connect to a remote extension through the auto attendant, or can be transferred to
a remote extension by a call cascade. A user at a local extension can manually transfer a caller
to a remote extension, or can dial a remote extension directly. If the remote extension is busy or
unanswered, the system can route the call using the remote extension’s call cascade.
For example, a caller reaches the auto attendant and dials a local extension. The user is not
there, so the call is unanswered. The call cascade of the local extension can be configured to
transfer unanswered calls to a remote extension. The remote extension can be configured to
dial the user’s cellular phone. This way the user is available outside the office.
Syntax
config extension remote
edit <name>
set display-name <string>
set number <string>
set remote-number <string>
set status {enable | disable}
end
Variable
Description
<name>
Enter the local extension user ID.
display-name <string>
Enter the name displaying on the remote extension when
a call is transferred.
number <string>
Enter the local extension number from which calls are
transferred to a remote extension.
remote-number <string>
Enter the remote phone number to which a call to the
local extension is transferred, using digits 0-9.
status {enable | disable}
Enable or disable this remote extension.
Fortinet Technologies Inc.
Page 41
Default
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension ring-group
Use this sub-command to configure extension ring groups.
A ring group is a group of local extensions and external numbers that can be called using one
number. Local extensions and auto attendants can dial a ring group.
A ring group can reach a group of extensions. For example, ring group 301 can ring the sales
group at extensions 111, 112, 113, and 114. When a customer calls the sales group, the first
available salesperson answers for the group.
Syntax
config extension ring-group
edit <name>
set external-numbers <string>
set members <extension_number>
set mode {ring-all | ring-sequential}
set number <string>
set status {enable | disable}
set timeout <integer>
end
Variable
Description
Default
<name>
Enter the ring group name.
external-numbers
<string>
Enter an external phone number to the ring group. For
example, you can add the number of a remote employee
to a ring group.
members
<extension_number>
Enter the available extensions or extension groups that
you want to include in the ring group.
20
mode {ring-all | ringsequential}
Select how you want the ring group to be called.
ringsequential
• ring-all: All extensions in the group will ring when
the ring group number is dialed.
• ring-sequential: Each extension in the group is
called one at a time in the order in which they have
been added to the group. You can set a timeout
period for each ring.
number <string>
Enter the ring group number following the extension
number pattern. See the pattern-matching syntax and
pattern-matching examples in “pbx numbermanagement” on page 57.
The ring group number, once dialed, will ring all the
extensions in the group.
status {enable | disable}
Enable or disable this ring group.
timeout <integer>
Enter the amount of time in seconds allowing all
20
extensions or each one to ring before going to voicemail.
Fortinet Technologies Inc.
Page 42
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
extension user
Use this sub-command to configure IP extensions.
An IP extension is an IP phone connected through a network to a system. An internal IP
extension is a phone connected on the same LAN as the system. An external IP extension is a
phone connected outside the LAN.
Syntax
config extension user
edit <name>
set department <name>
set fax {enable | disable}
set fxs-port <port>
set handset-id <integer>
set mac-addr <xx:xx:xx:xx:xx:xx>
set number <string>
set password <string>
set profile-phone <name>
set sip-setting <name>
set sound-language <name>
set status {enable | disable}
set type {sip | analog}
set user-privilege <name>
end
Variable
Description
Default
<name>
Enter the name/ID for the extension.
department <name>
Enter the department that the extension belongs to.
fax {enable | disable}
Enable to activate facsimile function for the extension.
disable
200D-T model only.
fxs-port <port>
fxs1
Enter the analog port number.
200D-T model only.
handset-id <integer>
If your phone type is FortiFone-850i/860i, you can enter
the handset ID range (1-8) because these models
support multiple handset and each handset is assigned
an extension number.
mac-addr <xx:xx:xx:xx:
xx:xx>
Enter the MAC address of the SIP phone using the
extension number.
number <string>
Enter the extension number following the extension
number pattern.
00:00:00:
00:00:00
See the pattern-matching syntax and pattern-matching
examples in “pbx number-management” on page 57.
password <string>
Fortinet Technologies Inc.
Enter the password used for configuring your SIP phone voice#321
from the phone or the Web. You need the phone's IP to
access it from the Web.
Page 43
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
profile-phone <name>
Enter a supported phone type for the extension.
Fortifone350i/450i/
550i
If you cannot find your phone type in the list, select
generic. This phone will not receive the PBX setup
information from the FortiVoice unit.
sip-setting <name>
Enter the SIP profile for the extension.
sound-language <name> Enter the prompt sound language for the extension.
English
status {enable | disable}
Enable or disable this extension.
enable
type {sip | analog}
Enter the type of extension you configure.
sip
analog can only be configured on the 200D-T model.
user-privilege <name>
Fortinet Technologies Inc.
Add the user privilegefor the extension.
Page 44
class_of_
service_
default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
log setting remote
Use this sub-command to configure storing log messages remotely on a Syslog server or a
FortiAnalyzer unit.
You can add a maximum of three remote Syslog servers.
Syntax
config log setting remote
edit <No.>
set call-log-status {enable | disable}
set comma-separated-value {enable | disable}
set event-log-category {admin | configuration | dhcp | smtp |
system | voicemail}
set event-log-status {enable | disable}
set facility <name>
set loglevel {emergency | alert | critical | error | warning |
notification | information | debug}
set port <port_number>
set server <ip_string>
set status {enable | disable}
end
Variable
Description
Default
<No.>
Enter an ID for the Syslog server or FortiAnalyzer unit
where the FortiVoice unit will store the logs.
call-log-status {enable |
disable}
Enable or disable voice logging.
disable
comma-separated-value
{enable | disable}
Enable this option if you want to send log messages in
comma-separated value (CSV) format.
disable
Do not enable this option if the remote host is a
FortiAnalyzer unit. FortiAnalyzer units do not support
CSV-formatted log messages.
event-log-category
{admin | configuration |
dhcp | smtp | system |
voicemail}
Enter the type of logs you want to record to this storage
location.
No event types are logged unless you enable this option
in event-log-status {enable | disable}.
• admin: Log all administrative events, such as logins,
resets, and configuration updates.
• configuration: Log configuration changes.
• dhcp: Log DHCP server events.
• smtp: Log SMTP relay or proxy events.
• system: Log all system-related events, such as
rebooting the FortiVoice unit.
• voicemail: Log voicemail events.
event-log-status {enable | Enable or disable event logging.
disable}
Fortinet Technologies Inc.
Page 45
disable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
facility <name>
Enter the facility identifier that the FortiVoice unit will use kern
to identify itself when sending log messages.
To easily identify log messages from the FortiVoice unit
when they are stored on a remote logging server, enter a
unique facility identifier, and verify that no other network
devices use the same facility identifier.
loglevel {emergency |
alert | critical | error |
warning | notification |
information | debug}
Enter the severity level that a log message must equal or information
exceed in order to be recorded to this storage location.
port <port_number>
If the remote host is a FortiAnalyzer unit, enter 514; if the 514
remote host is a Syslog server, enter the UDP port
number on which the Syslog server listens for
connections (by default, UDP 514).
server <ip_string>
Enter the IP address of the Syslog server or FortiAnalyzer
unit where the FortiVoice unit will store the logs.
status {enable | disable}
Enable or disable logging to the remote host.
Fortinet Technologies Inc.
For information about severity levels, see the FortiVoice
Setup and Administration Guide.
Page 46
disable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
log setting local
Use this sub-command to configure storing log messages locally on the hard disk of the
FortiVoice unit.
To ensure that local hard disk has sufficient disk space to store new log messages and that it
does not overwrite existing logs, you should regularly download backup copies of the oldest log
files to your management computer or other storage, and then delete them from the FortiVoice
unit. (Alternatively, you could configure logging to a remote host.)
Syntax
config log setting local
set call-log-status {enable | disable}
set disk-full {overwrite | nolog}
set event-log-category {admin | configuration | dhcp | smtp |
system | voicemail}
set event-log-status {enable | disable}
set loglevel {emergency | alert | critical | error | warning |
notification | information | debug}
set rotation-hour <int>
set rotation-period <int>
set rotation-size <int>
set status {enable | disable}
end
Variable
Description
Default
call-log-status {enable |
disable}
Enable or disable voice logging.
enable
disk-full {overwrite |
nolog}
Select what the FortiVoice unit will do when the local
disk is full and a new log message is caused, either:
overwrite
• nolog: Discard all new log messages.
• overwrite: Delete the oldest log file in order to
free disk space, and store the new log message.
event-log-category
{admin | configuration |
dhcp | smtp | system |
voicemail}
Enter the type of logs you want to record to the local
hard disk.
No event types are logged unless you enable this
option in event-log-status {enable | disable}.
configuration,
admin,
system, dhcp
• admin: Log all administrative events, such as
logins, resets, and configuration updates.
• configuration: Log configuration changes.
• dhcp: Log DHCP server events.
• smtp: Log SMTP relay or proxy events.
• system: Log all system-related events, such as
rebooting the FortiVoice unit.
• voicemail: Log voicemail events.
event-log-status {enable | Enable or disable event logging.
disable}
Fortinet Technologies Inc.
Page 47
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
loglevel {emergency |
alert | critical | error |
warning | notification |
information | debug}
Enter the severity level that a log message must equal information
or exceed in order to be recorded to the local hard disk.
rotation-hour <int>
Enter the hour of the day (24-hour format) when the file 0
rotation should start.
For information about severity levels, see the FortiVoice
Setup and Administration Guide.
Also see rotation-period <int>.
When a log file reaches either the age or size limit, the
FortiVoice unit rotates the current log file: that is, it
renames the current log file (elog.log) with a file name
indicating its sequential relationship to other log files of
that type (elog2.log, and so on), then creates a new
current log file. For example, if you set the log time to
10 days at hour 23, the log file will be rotated at 23
o’clock of the 10th day.
rotation-period <int>
Enter the number of days before the file rotation should 10
start. Also see rotation-hour <int>.
rotation-size <int>
Enter the file size limit of the current log file in
10
megabytes (MB). The log file size limit must be between
10 MB and 1000 MB.
status {enable | disable}
Enable or disable logging to the local hard disk.
Fortinet Technologies Inc.
Page 48
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
log alertemail recipient
Use this command to add up to 3 email addresses that will receive alerts.
Before the FortiVoice unit can send alert email messages, you must configure it with one or
more recipients.
You must also configure which categories of events will cause the FortiVoice unit to send alert
email message. For more information, see “log alertemail setting” on page 50.
Syntax
config log alertemail recipient
edit <recipient_email>
end
Variable
Description
<recipient_email>
Type an email address that will receive alert email.
Fortinet Technologies Inc.
Page 49
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
log alertemail setting
Use this command to configure which events will cause the FortiVoice unit to send an alert
email message.
Before the FortiVoice unit can send an alert email message, you must select the event or events
that will cause it to send an alert.
You must also configure alert email message recipients. For more information, see “log
alertemail recipient” on page 49.
Syntax
config log alertemail setting
set categories {archivefailure | critical |deferq | dictionary
diskfull ha incidents quotafull systemquarantine}
set deferq-interval <interval_int>
set deferq-trigger <trigger_int>
end
Variable
Description
categories
{archivefailure | critical
|deferq | dictionary
diskfull ha incidents
quotafull
systemquarantine}
Enter a list of one or more of the following event types that will critical
cause alert email:
• archivefailure: Email archiving to the remote host has
failed.
• critical: The FortiMail unit has detected a system error.
• deferq: The deferred mail queue has exceeded the number
of messages during the interval specified in deferq-interval
<interval_int> and deferq-trigger <trigger_int>.
• dictionary: The dictionary database is corrupt.
• diskfull: The FortiMail unit’s hard disk is full.
• ha: A high availability (HA) event such as failover has
occurred.
• incidents: The FortiMail unit has detected a virus.
Separate each option with a space.
• quotafull: An email user account has reached its disk
space quota.
• systemquarantine: The system quarantine has reached
its disk space quota.
deferq-interval
<interval_int>
Enter the interval in minutes between checks of deferred
queue size. This can be any number greater than zero.
deferq-trigger
<trigger_int>
Enter the size that the deferred email queue must reach to
10000
cause an alert email to be sent. The valid range is 1 to 99999.
Fortinet Technologies Inc.
Page 50
Default
30
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
mailsetting relayserver
Use this command to configure an SMTP relay, if needed, to which the FortiVoice unit will relay
outgoing email. This is typically provided by your Internet service provider (ISP), but could be a
mail relay on your internal network.
Syntax
config mailsetting relayserver
set auth-password <password_str>
set auth-status {enable | disable}
set auth-type {auto | plain | login | digest-md5 | cram-md5}
set auth-username <user_str>
set server-name <relay_fqdn>
set server-port <port_int>
set smtps {enable | disable}
end
Variable
Description
Default
auth-password
<password_str>
If auth-status {enable | disable} is enable, enter the
password of the FortiVoice unit’s user account on the
SMTP relay.
auth-status {enable |
disable}
Enable if the SMTP relay requires authentication using
the SMTP AUTH command. Also configure authusername <user_str>, auth-password
<password_str>, and auth-type {auto |
plain | login | digest-md5 | cram-md5}.
auth-type {auto | plain |
login | digest-md5 |
cram-md5}
If auth-status {enable | disable} is enable, enter either auto
the SMTP authentication type required by the SMTP
relay when the FortiVoice unit sends the ESMTP AUTH
command, or enter auto to automatically detect and
use the most secure authentication type supported by
the relay server.
auth-username
<user_str>
If auth-status {enable | disable} is enable, enter the
name of the FortiVoice unit’s user account on the SMTP
relay.
server-name
<relay_fqdn>
Enter the fully qualified domain name (FQDN) of the
SMTP relay.
server-port <port_int>
Enter the TCP port number on which the SMTP relay
listens.
smtps {enable | disable}
Enable to initiate SSL- and TLS-secured connections to disable
the SMTP relay if it supports SSL/TLS. When disabled,
SMTP connections from the FortiVoice unit’s built-in
MTA or proxy to the relay will occur as clear text,
unencrypted.
disable
25
This option must be enabled to initiate SMTPS
connections.
Fortinet Technologies Inc.
Page 51
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx account-code
Use this command to set account codes to restrict long distance and international calls, for
instance. Users must dial these codes first before making long distance or international calls.
You apply the account codes in class of services. For more information, see “pbx featureaccess-code” on page 54.
Syntax
config pbx account-code
edit <account_name>
set code <string>
end
Variable
Description
<account_name>
Enter a name for the account code.
code <string>
Enter the access code, such as 69.
Fortinet Technologies Inc.
Page 52
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx call-parking
Use this command to configure call parking which places a call on hold and then retrieving it
from any other local extension. By default, the FortiVoice unit has 20 park orbits, 101–120.
Syntax
config pbx call-parking
set extension <string>
set music-on-hold <name>
set parked-start <int>
set parked-end <int>
set timeout <int>
end
Variable
Description
Default
extension <string>
Enter the number to dial to park a call.
300
For example, if you enter 100, depending on the phone,
when a user receives a call and wants to park it, the
user may:
• press #100.
The FortiVoice unit selects the first available park
orbit (101–120). The user hears a confirmation
indicating the caller has been parked successfully
and into which park orbit.
• Provide the park orbit to the person with the parked
call through paging or other means (e.g. “Mary,
there is a call parked for you in 101).
music-on-hold <name>
Enter a sound file for the call parking.
parked-start <int>
Enter the starting park orbit.
301
parked-end <int>
Enter the ending park orbit.
320
timeout <int>
Enter the time in seconds to time out the parked call.
80
Fortinet Technologies Inc.
Page 53
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx feature-access-code
Use this command to configure the codes for users to use to access certain features.
By default, the FortiVoice unit has defined 14 codes for users to access certain features by
dialing the codes. You can modify its code and description, but that does not change the
mapping between the code and the feature.
For example, if you change the DISA code from the default ** to 12, dialing 12 still accesses the
DISA feature.
Syntax
config pbx feature-access-code
edit <name>
set code <string>
set description <content>
set with-parameter {enable | disable}
end
Variable
Description
Default
<name>
Enter the feature access code name.
code <string>
Enter the code for a feature.
description <content>
Enter the description for the feature code.
disable
with-parameter {enable | Enable to allow entering further parameter for some
disable}
feature codes that require more values than codes only,
such as pickup-ext. Without the parameters, these
codes will not work.
Fortinet Technologies Inc.
Page 54
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx location
Use this command to identify the FortiVoice location and its number.
Syntax
config pbx location
set area-code <string>
set contact-email <string>
set contact-phone <string>
set country <name>
set default-call-route-prefix <string>
set default-prompt-language <string>
set domestic-prefix <string>
set emergency-number <string>
set international-prefix <string>
set local-number-include-area-code {enable | disable}
set main-display-name
set main-number <string>
set pbx-address-city <string>
set pbx-address-province <string>
set pbx-address-street <string>
end
Variable
Description
Default
area-code <string>
Enter the area code for the main number of the
FortiVoice unit. This code is provided by your phone
company or ISP.
contact-email <string>
Enter the email address of the FortiVoice administrator.
contact-phone <string>
Enter the phone number of the FortiVoice administrator.
country <name>
Enter the name of the country where this FortiVoice unit
locates.
default-call-route-prefix
<string>
Enter the prefix for making outbound calls.
9
default-prompt-language Enter a default prompt language for the FortiVoice unit. english
<string>
domestic-prefix <string> Enter the prefix for dialing domestic long distance calls. 1
emergency-number
<string>
Enter the emergency call number of the selected
country.
911
international-prefix
<string>
Enter the prefix for dialing international calls.
011
local-number-includearea-code {enable |
disable}
Enable to dial the area code for local numbers.
enable
main-display-name
Enter the name displaying on the FortiVoice unit. This
name is provided by your PSTN service provider.
main-number <string>
Enter the main number of the FortiVoice unit. This
number is provided by your PSTN service provider.
Fortinet Technologies Inc.
Page 55
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
pbx-address-city
<string>
Enter the name of the city where this FortiVoice unit
locates.
pbx-address-province
<string>
Enter the name of the province where this FortiVoice
unit locates.
pbx-address-street
<string>
Enter the name of the street where this FortiVoice unit
locates.
Fortinet Technologies Inc.
Page 56
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx number-management
Use this command to configure the pattern and number of digits you want the FortiVoice unit to
use for phone numbers, speed dials, and prefixes.
The FortiVoice unit support the following pattern-matching syntax:
Table 6: Pattern-matching syntax
Syntax
Description
X
Matches any single digit from 0 to 9.
Z
Matches any single digit from 1 to 9.
N
Matches any single digit from 2 to 9.
[15-7]
Matches a single character from the range of digits specified. In this case, the
pattern matches a single 1, as well as any number in the range 5, 6, 7.
.
Wildcard match; matches one or more characters, no matter what they are.
!
Wildcard match; matches zero or more characters, no matter what they are.
,
These pattern delimiters allow you to enter multiple pattern strings at a time. For
example, you can enter NXXX,6XXXX;[3-5]X
; or
(space)
Table 7: Pattern-matching examples
Pattern
Description
NXXX
Matches any four-digit number, as long as the first digit is 2 or higher.
NXXNXXXXXX
This pattern matches with areas with 10-digit dialing.
1NXXNXXXXXX
Matches the number 1, followed by an area code between 200 and 999,
then any seven-digit number. In the North American Numbering Plan calling
area, you can use this pattern to match any long-distance number.
011.
Matches any number that starts with 011 and has at least one more digit.
Fortinet Technologies Inc.
Page 57
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Syntax
config pbx number-management
set default-sip-password <string>
set default-voicemail-pin <string>
set dial-0-action {call-manager | call-operator | nothing}
set number-pattern <pattern>
set operator-extension <string>
set prohibited-prefix <string>
set ring-duration <int>
set speed-dial-pattern <string>
set support-extension <string>
set unrestricted-prefix <string>
end
Variable
Description
Default
default-sip-password
<string>
Enter the password used for configuring your SIP
phone from the phone or the Web. You need the
phone's IP to access it from the Web.
voice#321
default-voicemail-pin
<string>
Enter the password for the extension user to access
voicemail.
123123
dial-0-action {callmanager | call-operator |
nothing}
Enter the action taken by the FortiVoice unit when
dialing 0.
nothing
number-pattern
<pattern>
Enter the extension number pattern. For example,
X.
NXXX is any four digit number as long as the first digit is
2 or higher and 7XXX is a four digit number that always
starts with 7. This pattern will be followed when
creating extensions.
operator-extension
<string>
Enter the FortiVoice operator’s extension.
prohibited-prefix
<string>
Enter the phone number prefix that you want to ban,
such as 900.
ring-duration <int>
Enter the time in seconds for the FortiVoice unit to ring 20
before it responds to a call.
speed-dial-pattern
<string>
Enter the speed dial pattern. For example, *3XX is any *3XX
three digit number that starts with 3. This pattern will be
followed when configuring speed dials.
support-extension
<string>
Enter the FortiVoice technical support extension.
unrestricted-prefix
<string>
Enter the allowed phone number prefix, such as 800.
Fortinet Technologies Inc.
Page 58
900
800 866 877
888
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx rating-table
Use this command to configure call rates. The rates are used to calculate phone bills.
Syntax
config pbx rating-table
edit <name>
set comment <string>
set effective-from <date/time>
set effective-to <date/time>
set international <currency_in_cents>
set local <currency_in_cents>
set long-distance <currency_in_cents>
set other <currency_in_cents>
set time-from <string>
set time-to <string>
set trunk <name>
end
Variable
Description
<name>
Enter a name for the rating profile.
comment <string>
Enter any notes you have for this rating profile.
effective-from
<date/time>
Enter the date and time when the call rate becomes
effective.
effective-to <date/time>
Enter the date and time when the call rate becomes
expired.
international
<currency_in_cents>
Enter the rate for international phone calls in cents.
0.000000
local
<currency_in_cents>
Enter the rate for local phone calls in cents.
0.000000
long-distance
<currency_in_cents>
Enter the rate for domestic long distance phone calls in 0.000000
cents.
time-from <string>
Enter the starting time for the rate.
time-to <string>
Enter the ending time for the rate.
other
<currency_in_cents>
Enter the rate for other types of phone calls in cents.
trunk <name>
Enter the trunk that will use the rates.
Fortinet Technologies Inc.
Page 59
Default
0.000000
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx schedule
Use this command to schedule the FortiVoice operation time and use the schedules when
configuring dial plans. There are three default schedules, namely after_hour, any_time,
and business_hour.
Syntax
config pbx schedule
edit <name>
config holiday
edit <no>
set description <string>
set date <holiday_date>
config daily
edit <week-day>
set am-end-time <hh:mm>
set am-start-time <hh:mm>
set fullday {enable | disable}
set pm-end-time <hh:mm>
set pm-start-time <hh:mm>
end
Variable
Description
Default
<name>
Enter a name for the schedule.
<no>
Enter a number for the holiday record.
description <string>
Enter the description for the date <holiday_date>, such
as New Year’s day.
date <holiday_date>
Enter the holiday date, such as 2012-01-01.
<week-day>
Enter the week day to include in the schedule.
am-end-time <hh:mm>
Enter the AM end time for the week day, between 00:00 08:59
and 11:59.
am-start-time <hh:mm>
Enter the AM start time for the week day, between 00:
00 and 11:59.
fullday {enable | disable} Enable to include the full week day in the schedule.
1900-01-00
00:00
disable
pm-end-time <hh:mm>
Enter the PM end time for the week day, between 12:00 23:59
and 23:59.
pm-start-time <hh:mm>
Enter the PM start time for the week day, between 12:
00 and 23:59.
Fortinet Technologies Inc.
Page 60
17:01
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx storage-capacity
Use this command to configure quotas for call recording and voicemail.
Syntax
config pbx storage-capacity
set recording-file-quota <int>
set recording-file-retention <int>
set voice-message-quota <string>
end
Variable
Description
Default
recording-file-quota
<int>
Enter the maximum disk space allowed for phone
recording files in MB.
0
recording-file-retention
<int>
Enter the number of days to keep the phone recording
files.
0
voice-message-quota
<string>
Enter the maximum disk space allowed for voice
messages in MB.
0
Fortinet Technologies Inc.
Page 61
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx system-speed-dial
Use this command to configure speed dial pattern for fast and efficient dialing, mostly for
outbound numbers.
Syntax
config pbx system-speed-dial
edit <name>
set code <string>
set description <string>
set number <string>
end
Variable
Description
<name>
Enter a name for the speed dial mapping.
code <string>
Enter the number based on the speed dial pattern you
set. For example, 333.
description <string>
Enter a note for the mapping, such as “This is for
customer A”.
number <string>
Enter the phone number to map to the speed dial code.
For example, 222-1234.
Fortinet Technologies Inc.
Page 62
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
pbx user-privilege
Use this command to configure user privileges which are collections of phone services and
restrictions that can be applied to each extension user.
Syntax
config pbx user-privilege
edit <name>
config call restriction
edit <name>
set area-code <string>
set exempt-account-code <name>
set status {enable | disable}
set auto-provision-status {enable | disable}
set conference-exempt <string>
set conference-permission {allow-all | allow-all-with-exempt |
disallow-all | disallow-all-with-exempt}
set config-phone-key {enable | disable}
set dial-by-name {enable | disable}
set international-call {enable | disable}
set list-in-directory {enable | disable}
set long-distance-account-code <string>
set long-distance-call {enable | disable}
set paging-exempt <string>
set paging-permission {allow-all | allow-all-with-exempt |
disallow-all | disallow-all-with-exempt}
set permit-outgoing-rules <name>
set recording-personal {enable | disable}
set search-directory {enable | disable}
set search-office {enable | disable}
set trusted-host <ip&netmask>
set voicemail-max-messages <int>
set voicemail-retention-days <int>
set voicemail-status {enable | disable}
end
Variable
Description
Default
<name>
Enter a name for the class of service.
<name>
Enter a name for the call restriction record.
area-code <string>
Enter the area code/prefix of the number to be called,
such as 900.
exempt-account-code
<name>
Enter the account code that needs to be dialed before
making a long distance or international call.
For information on account code, see pbx accountcode.
status {enable | disable}
Fortinet Technologies Inc.
Enable or disable call restrictions.
Page 63
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
auto-provision-status
{enable | disable}
Enable or disable auto provisioning for the extension.
disable
conference-exempt
<string>
If you entered allow-all-with-exempt or
disallow-all-with-exempt in conferencepermission {allow-all | allow-all-with-exempt | disallowall | disallow-all-with-exempt}, enter the exempted
extension number.
conference-permission
{allow-all | allow-allwith-exempt | disallowall | disallow-all-withexempt}
Select the permission for conference calls:
• allow-all: Allows all extensions to join
conference calls.
allow-allwith-exempt
• disallow-all: Prohibits all extensions from
joining conference calls.
• allow-all-with-exempt: Allows all extensions
to join conference calls with exceptions. Enter the
exempted numbers in conference-exempt <string>.
• disallow-all-with-exempt: Prohibits all
extensions from joining conference calls with
exceptions. Enter the exempted numbers in
conference-exempt <string>.
config-phone-key
{enable | disable}
Enable to configure the feature access codes.
dial-by-name {enable |
disable}
Enable to put the user’s name in the dial-by-name
disable
directory which allows a caller to find a user’s extension
number, and connect to their local extension or remote
extension. This way the caller can reach their party
without speaking to the receptionist.
enable
See <phone-feature-key>.
international-call {enable Enable or disable international direct dialing.
| disable}
disable
list-in-directory {enable | Enable to list this extension in the public directory.
disable}
disable
long-distance-accountcode <string>
Enter the access code, such as 69.
long-distance-call
{enable | disable}
Enable or disable domestic long distance direct dialing. disable
paging-exempt <string>
If you entered allow-all-with-exempt or
disallow-all-with-exempt in paging-permission
{allow-all | allow-all-with-exempt | disallow-all |
disallow-all-with-exempt}, enter the exempted
extension number.
Fortinet Technologies Inc.
Also see pbx account-code.
Page 64
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
paging-permission
{allow-all | allow-allwith-exempt | disallowall | disallow-all-withexempt}
Select the permission for paging:
allow-allwith-exempt
• allow-all: Allows all paging numbers to page.
• disallow-all: Prohibits all paging numbers from
paging.
• allow-all-with-exempt: Allows all paging
numbers to page with exceptions. Enter the
exempted numbers in paging-exempt <string>.
• disallow-all-with-exempt: Prohibits all
paging numbers from paging with exceptions. Enter
the exempted numbers in paging-exempt <string>.
permit-outgoing-rules
<name>
Enter the available outbound calling rules. For more
information on calling rules, see “config dialplan
outbound” on page 32.
recording-personal
{enable | disable}
Enable to allow users to configure personal recording of enable
their incoming and outgoing calls on the user web
portal.
search-directory {enable | Enable to allow viewing the phone directory of the local enable
disable}
office.
search-office {enable |
disable}
Enable to allow viewing the phone directories of remote enable
offices.
trusted-host
<ip&netmask>
Enter the IP address and netmask of the subnet that
0.0.0.0/0
can register with the SIP server. Only extensions on the
specified subnet can register with the SIP server.
voicemail-max-messages Enter the number of voice mails allowed.
<int>
1000
voicemail-retention-days Enter the number of days to keep the voicemails.
<int>
60
voicemail-status {enable Enable or disable the voicemail service.
| disable}
enable
Fortinet Technologies Inc.
Page 65
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
profile caller-id-translate
Use this command to change the phone number, caller’s name, or both that will appear on the
other phone when the local extension is used to make a VoIP call.
Caller ID modifications are used when configuring outbound dial plans.
Syntax
config profile caller-id-translate
edit <name>
set match-name <string>
set match-number <string>
set new-name <string>
set postfix <string>
set prefix <string>
set strip-digits <int>
set truncate-digits <int>
end
Variable
Description
Default
<name>
Enter the name for this caller ID modification record.
match-name <string>
Enter the caller ID that you want to map to another one.
Caller IDs are created when configuring SIP extensions.
See extension user.
match-number <string>
Enter the extension number or number pattern you
want to modify.
XX
For example, you can enter 8134 to modify a single
extension, or 81xx to modify all the four-digit numbers
starting with 81.
new-name <string>
Enter the new caller ID name to which you want to map
the one entered in match-name <string>.
postfix <string>
If you have entered a match-number <string>, enter a
number after the extension.
For example, if your match number is 8134 and postfix
is 5, the caller ID will be 81345.
prefix <string>
If you have entered a match-number <string>, enter a
number before the extension.
For example, if your match number is 8134 and prefix is
5, the caller ID will be 58134.
Fortinet Technologies Inc.
Page 66
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
strip-digits <int>
If you have entered a match-number <string>, enter a
number to hide the starting part of the extension from
displaying. 0 means no action.
0
For example, if your match number is 8134 and stripdigit is 2, only 34 will be displayed as caller ID.
truncate-digits <int>
If you have entered a match-number <string>, enter a
number to hide the ending part of the extension from
displaying. 0 means no action.
0
For example, if your match number is 8134 and stripdigit is 2, only 81 will be displayed as caller ID.
Fortinet Technologies Inc.
Page 67
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
profile sip-setting
Use this command to create SIP settings for configuring extensions and SIP trunks.
Syntax
config profile sip-setting
edit <name>
set codecs {g711u | g711a | g729 | g722 | g723.1 | g726 | gsm}
set direct-media {enable | disable}
set dtmf {auto | inband | info | rfc2833 | shortinfo}
set nat {enable | disable}
set preferred-codecs {g711u | g711a | g729 | g722 | g723.1 |
g726 | gsm}
set qualify-check-interval <integer>
set transport {tcp | tls | udp}
set
end
Variable
Description
Default
<name>
Enter a name for this SIP setting.
codecs {g711u | g711a |
g729 | g722 | g723.1 |
g726 | gsm}
Enter the Codecs supported by the service provider
from the displayed list.
direct-media {enable |
disable}
Enable if the service provider supports direct media
transfer to extensions by bypassing the PBX in
between.
g711u g711a
g729 g722
g723.1 g726
Also configure preferred-codecs {g711u | g711a | g729 |
gsm
g722 | g723.1 | g726 | gsm}.
enable
dtmf {auto | inband | info Enter the DTMF method used by the VoIP provider.
auto
| rfc2833 | shortinfo}
Auto means the VoIP provider’s server and the
FortiVoice unit will negotiate to select a DTMF method.
You could also select a specific DTMF method if
required.
nat {enable | disable}
Enable if the service provider supports SIP NAT
translation.
preferred-codecs {g711u Enter the preferred Codec for the VoIP provider. The
| g711a | g729 | g722 |
preferred Codec is usually the most used one in your
g723.1 | g726 | gsm}
area and provides the best quality of communication.
enable
g711u
If your preferred Codec is different from that of your
service provider, the service provider’s Codec will be
used as long as it is one of your supported Codecs.
Also configure codecs {g711u | g711a | g729 | g722 |
g723.1 | g726 | gsm}.
Fortinet Technologies Inc.
Page 68
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
qualify-check-interval
<integer>
Enter the time interval in seconds for the FortiVoice unit 0
to talk to the SIP server of your service provider to keep
the connectivity and check its capability.
0 means no checking by the FortiVoice unit.
transport {tcp | tls | udp}
SIP commonly uses TCP or UDP port 5060 and/or
udp
5061. Port 5060 is used for nonencrypted SIP signaling
sessions and port 5061 is typically used for SIP
sessions encrypted with Transport Layer Security (TLS).
Enable the protocols as required.
This option, if applied to a user, overrides the systemwide transport settings.
Fortinet Technologies Inc.
Page 69
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
report
Use this command to configure report profiles.
A report profile is a group of settings that contains the report name, its subject matter, its
schedule, and other aspects that the FortiVoice unit considers when generating reports from log
data. The FortiVoice unit presents the information in tabular and graphical format.
You can create one report profile for each type of report that you will generate on demand or on
a schedule.
Syntax
config report
edit <name>
config query-list
edit <name>
set query-type{Call_Usage_ Detailed | Call_Usage_Summary |
Phone_Bill_Detailed | Phone_Bill_Summary |
Trunk_Usage_Detailed | Trunk_Usage_ Summary}
set call-from {any | external | internal}
set call-to {any | external | internal}
set region {any | internal | international | local |
long_distance | other | unrestricted}
set report-column {caller | receiver}
set sort-column {calls | cost || duration | report-column}
set separate-tables {default | disabled | enabled}
set file-format {html | pdf}
set period-relative <period>
set period-relative-value <int>
set ratings <string>
set recipients <email_addr>
set schedule {daily | dates | none | weekdays}
set schedule-dates <date_of_month>
set schedule-hour <hour_int>
set schedule-weekdays <weekday>
end
Variable
Description
Default
<name>
Enter a name for this report profile.
<name>
Enter a name for the report query.
When configuring a report profile, you can select the
queries that define the subject matter of the report.
query-type{Call_Usage_
Detailed |
Call_Usage_Summary |
Phone_Bill_Detailed |
Phone_Bill_Summary |
Trunk_Usage_Detailed |
Trunk_Usage_
Summary}
Fortinet Technologies Inc.
Enter the type of report you want: detailed or summary. Call_Usage_
• Call Usage: The number of calls.
Summary
• Phone Bill: The cost of making the phone calls.
• Trunk Usage: The status of the trunks being used.
Page 70
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
call-from {any | external | Enter the source of the incoming calls: internal,
internal}
external, or any.
internal
call-to {any | external |
internal}
Enter the source of the outgoing calls: internal,
external, or any.
internal
region {any | internal |
international | local |
long_distance | other |
unrestricted}
Enter the call region, such as international or long
distance.
local
report-column {caller |
receiver}
Enter the source of the call statistics: from caller or
receiver.
caller
sort-column {calls | cost || Enter the value for filtering the call information. The
duration | report-column} caller or receiver with the higher value moves to the top
of the table.
If you enter report-column, the sort column value is
equal to what you enter for report-column {caller |
receiver}.
separate-tables {default | Depending on the query values, if a report table is too
disabled | enabled}
long, it can be divided into separate tables. Entering
default keeps the pre-defined table settings of the
query values and is recommended.
default
You can select to enable or disable the pre-defined
table settings of the query values, although this is not
recommended.
file-format {html | pdf}
Enter the file format of the generated report attached to pdf
the email sent to designated recipients.
See recipients <email_addr>.
period-relative <period>
Enter the time span of log messages from which to
generate the report. The time span is listed.
today
Enter a relative time, such as today, yesterday,
last n hours, and so on. If you enter an option with
an unspecified “N” value, enter the number of hours,
days or weeks in period-relative-value <int>.
period-relative-value
<int>
If you enter an option with an unspecified “N” value in
period-relative <period>, enter the number of hours,
days or weeks.
ratings <string>
Enter the call rate profile for the report. The rates apply
to the calls in the report.
0
See pbx rating-table.
recipients <email_addr>
Fortinet Technologies Inc.
Enter the email addresses of the people who will
receive the report notifications. Separate the addresses
with comma.
Page 71
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
schedule {daily | dates |
none | weekdays}
Enter a time when the report will be generated.
none
• daily: Enter to generate the report each day. Also
configure schedule-hour <hour_int>.
• dates: Enter to generate the report on specific date
of each month. Also configure schedule-dates
<date_of_month> and schedule-hour <hour_int>.
• none: Enter if you do not want the FortiVoice unit to
generate the report automatically according to a
schedule.
• weekdays: Enter to generate the report on specific
days of each week. Also configure scheduleweekdays <weekday> and schedule-hour
<hour_int>.
schedule-dates
<date_of_month>
If you enter dates in schedule {daily | dates | none |
weekdays}, enter the date of the month.
schedule-hour
<hour_int>
If you enter daily, dates, or weekdays in
schedule {daily | dates | none | weekdays}, enter the
hour for each day.
schedule-weekdays
<weekday>
If you enter weekdays in schedule {daily | dates |
none | weekdays}, enter the day of the week.
Fortinet Technologies Inc.
Page 72
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
service auto-attendant
Use this command to configure auto attendant.
An auto attendant can answer a telephone line or VoIP number, and can be included in the call
cascade of a local extension, remote extension or ring group.
An auto attendant can answer a call if the receptionist is away or if you do not have a
receptionist. Each auto attendant has a message with options. The message tells the caller
what the options are. You can load a professionally pre-recorded message, or can record a
message using a handset.
Syntax
config service auto-attendant
edit <name>
config key-action
edit <key>
set action {auto-attendant | dial-extension | dialexternal-number | dial-operator | dial-ring-group |
dial-voicemail | go-back | hang-up | lookup-namedirectory | no-action | play-announcement | startover}
set comments <string>
set auto-attendant <name>
set dial-extension <string>
set dial-external-number <string>
set dial-ring-group <string>
set dial-voicemail <string>
set announcement <name>
set followed-action {hang-up | no-action | start-over}
set dial-local {enable | disable}
set disa {enable | disable}
set disa-account <name>
set greeting <name>
set ring-duration <int>
set status {enable | disable}
set timeout <int>
set timeout-action {dial-operator | hang-up | start-over}
end
Variable
Description
Default
<name>
Enter a name for the auto attendant.
<key>
Enter the key number that transfers a call to a resource,
if pressed.
This is to configure the auto attendant dial pad keys for
callers to use when navigating through the auto
attendant hierarchy.
Fortinet Technologies Inc.
Page 73
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
action {auto-attendant |
dial-extension | dialexternal-number | dialoperator | dial-ring-group
| dial-voicemail | go-back
| hang-up | lookup-namedirectory | no-action |
play-announcement |
start-over}
Enter the resource to which a call is transferred by
pressing a key.
lookup-namedirectory
Also configure auto-attendant <name>, dial-extension
<string>, dial-external-number <string>, dial-ring-group
<string>, dial-voicemail <string>, announcement
<name>, and followed-action {hang-up | no-action |
start-over}.
comments <string>
Enter any notes for this action.
auto-attendant <name>
If you entered auto-attendant for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the name of the auto
attendant.
dial-extension <string>
If you entered dial-extension for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the extension
number.
dial-external-number
<string>
If you entered dial-external-number for action
{auto-attendant | dial-extension | dial-external-number |
dial-operator | dial-ring-group | dial-voicemail | go-back
| hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the remote extension
number.
dial-ring-group <string>
If you entered dial-ring-group for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the ring group name.
dial-voicemail <string>
If you entered dial-voicemail for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the extension for the
voice mailbox.
announcement <name>
If you entered play-announcement for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter the name of the
sound file for the announcement.
Fortinet Technologies Inc.
Page 74
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
followed-action {hangup | no-action | startover}
If you entered play-announcement for action {autoattendant | dial-extension | dial-external-number | dialoperator | dial-ring-group | dial-voicemail | go-back |
hang-up | lookup-name-directory | no-action | playannouncement | start-over}, enter an action to follow
the announcement:
hang-up
• hang-up: The call will be terminated.
• no-action: The auto attendant takes no action.
• start-over: The auto attendant will repeat the
announcement.
dial-local {enable |
disable}
Enable to allow an external caller to dial local
extensions.
disa {enable | disable}
Enable Direct Inward System Access (DISA) service to disable
allow external users to dial into the FortiVoice unit and
use the FortiVoice service just like the local extensions.
enable
Also configure disa-account <name>.
disa-account <name>
If you enabled disa {enable | disable}, enter an account
code for dialing certain restricted outgoing calls. Callers
must dial the DISA code followed by the account code
before making the calls.
See “pbx feature-access-code” on page 54 and “pbx
account-code” on page 52.
greeting <name>
Enter a greeting message (sound file) for the auto
attendant.
outbound-rules <name>
Enter the outbound dial plan for users to call the
FortiVoice unit and through it to make outbound calls.
ring-duration <int>
Enter the number of seconds for the phone to ring
before the auto attendant answers with the greeting
message.
8
status {enable | disable}
Enable to activate the auto attendant.
enable
timeout <int>
Enter the number of seconds that an auto attendant
20
should be allowed to wait before the caller takes further
action according to the voice instructions.
greetingdefault
Also configure timeout-action {dial-operator | hang-up |
start-over}
timeout-action {dialEnter the action when the auto attendant timeout is
operator | hang-up | start- reached.
over}
• dial-operator: The call is transferred to an
operator.
start-over
• start-over: The auto attendant will repeat the
instructions for the caller.
• hang-up: The call will be terminated.
Fortinet Technologies Inc.
Page 75
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
service conference
Use this command to configure conference call settings.
Syntax
config service conference
edit <name>
set admin-pin <string>
set description <string>
set join-message <name>
set music <name>
set music-on-hold {enable | disable}
set number <string>
set quiet-mode {enable | disable}
set status {enable | disable}
set user-join-or-leave <name>
set user-pin <string>
set user-privilege <name>
end
Variable
Description
<name>
Enter a name for the conference call configuration.
admin-pin <string>
Enter the number to be entered by the conference host 123123
to be able to host a conference call.
description <string>
Enter any notes for this conference call.
join-message <name>
Enter the name of the joining message for the
conference call.
music <name>
Enter the music to play for music on hold.
music-on-hold {enable |
disable}
Enable to play background music that callers hear after disable
the joining message and leaving message are played.
number <string>
Enter an extension number that callers can call and
enter the user PIN to join a conference call.
quiet-mode {enable |
disable}
Enable to mute the background sound that callers hear disable
after the joining message and leaving message are
played.
status {enable | disable}
Enable to activate this conference call.
user-join-or-leave
<name>
Enter the name of the message to play when someone
joins or leaves a conference call.
user-pin <string>
Enter a password for joining the conference call. A
caller needs to dial the conference call number and
enter this password to join the conference call.
user-privilege <name>
Enter the user privilege for this conference call.
Fortinet Technologies Inc.
Page 76
Default
enable
123456
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
service recording
For supervision and monitoring purpose, use this command to configure recording incoming
and outgoing calls to and from the extensions matching the caller number patterns or dialed
number patterns you set.
Syntax
config service recording
edit <name>
set callee-number-pattern <string>
set caller-number-pattern <string>
set status {enable | disable}
end
Variable
Description
Default
<name>
Enter a name for the call recording configuration.
callee-number-pattern
<string>
Enter the number pattern to match the dialed phone
numbers.
For information on pattern-matching syntax and
pattern-matching examples, see “pbx numbermanagement” on page 57.
caller-number-pattern
<string>
Enter the number pattern to match the callers’ phone
numbers.
20
For information on pattern-matching syntax and
pattern-matching examples, see “pbx numbermanagement” on page 57.
status {enable | disable}
Fortinet Technologies Inc.
Enable to activate this call recording.
Page 77
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system accprofile
Use this command to configure access profiles that govern which areas of the web-based
manager and CLI that an administrator can access, and whether or not they have the
permissions necessary to change the configuration or otherwise modify items in each area.
Syntax
config system accprofile
edit <profile_name>
set monitor {none | read | read-write}
set operator {none | read | read-write}
set others {none | read | read-write}
end
Variable
Description
Default
<profile_name>
Enter the name of the access profile.
monitor {none | read |
read-write}
For the monitoring configuration, enter the permissions
none
that will be granted to administrator accounts associated
with this access profile.
operator {none | read |
read-write}
For the operating configuration, enter the permissions
none
that will be granted to administrator accounts associated
with this access profile.
others {none | read | read- For the rest of the configurations except monitor, enter
write}
the permissions that will be granted to administrator
accounts associated with this access profile.
Fortinet Technologies Inc.
Page 78
none
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system admin
Use this command to configure FortiVoice administrator accounts.
By default, FortiVoice units have a single administrator account, admin. For more granular
control over administrative access, you can create additional administrator accounts with
restricted permissions.
Syntax
config system admin
edit <name_str>
set access-profile <profile_name>
set is-system-admin {no | yes}
set language <lang_str>
set access-profile <profile_name>
set password <password_str>
set sshkey <key_str>
set trusthosts <host_ipv4mask>
end
Variable
Description
Default
<name_str>
Enter the name of the administrator account.
access-profile
<profile_name>
Enter the name of an access profile that determines
which functional areas the administrator account may
view or affect.
is-system-admin {no |
yes}
Enter yes to indicate that the administrator account may yes
view all settings on the FortiVoice unit.
language <lang_str>
Enter this administrator account’s preference for the
display language of the web-based manager. Available
languages vary by whether or not you have installed
additional language resource files.
super_
admin_prof
To view a list of languages, enter a question mark ( ? ).
password
<password_str>
Fortinet Technologies Inc.
Enter the password for the administrator account.
Caution: Do not enter a FortiVoice administrator
password less than six characters long. For better
security, enter a longer password with a complex
combination of characters and numbers, and change the
password regularly. Failure to provide a strong password
could compromise the security of your FortiVoice unit.
Page 79
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
sshkey <key_str>
Enter the SSH key string surrounded in single straight
quotes ( ' ).
When connecting from an SSH client that presents this
key, the administrator will not need to provide their
account name and password in order to log in to the CLI.
trusthosts
<host_ipv4mask>
Enter one to three IP addresses and netmasks from
which the administrator can log in to the FortiVoice unit.
Separate each IP address and netmask pair with a
comma ( , ).
0.0.0.0/
::/0
To allow the administrator to authenticate from any IP
address, enter 0.0.0.0/0.0.0.0.
Fortinet Technologies Inc.
Page 80
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system appearance
Use this command to customize the appearance of the web-based manager and the user web
portal.
Syntax
config system appearance
set customized-login-status {enable | disable}
set login-page-language <lang_str>
set product <product-name_str>
set webmail-lang <language_str>
set webmail-login <login_str>
set webmail-login-hint <login_hint_str>
set webmail-theme {IndigoDarkBlue | RedGrey | Standard}
end
Variable
Description
Default
customized-login-status
{enable | disable}
Enable to edit a graphic that will appear at the top of disable
all user web portal pages. The image’s dimensions
must be 314 pixels wide by 36 pixels tall.
login-page-language
<lang_str>
Enter the default language for the display of the login english
page of the web-based manager.
To view a list of languages, enter a question mark
( ? ).
Note that the setting only affect the login page, not
the entire web-based manager.
product
<product-name_str>
Enter the text that will precede ‘Administrator Login’
on the login page of the web-based manager.
webmail-lang
<language_str>
Enter the name of the language in English, such as
english
'French', that will be used when a user initially logs
in to the user web portal.
FortiVoice
The user may switch the display language in their
preferences; this affects only the initial state of the
display.
Available languages vary by whether or not you have
installed additional language resource files.
webmail-login
<login_str>
Enter a word or phrase that will appears on top of the Login
user web portal, such as User Login.
webmail-login-hint
<login_hint_str>
Enter a hint for the user name, such as Your
name
Extension. This hint will apear as a mouse-over
display on the login name field of the user web portal.
webmail-theme
{IndigoDarkBlue |
RedGrey | Standard}
Select a theme for the user web portal GUI.
Fortinet Technologies Inc.
Page 81
RedGrey
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system auto-provisioning
Use this command to configure the FortiVoice unit to auto-provision SIP phones on your
network. The SIP phones must support auto-provisioning using TFTP.
For more information about auto provisioning, see the FortiVoice Setup and Administration
Guide.
Syntax
config system auto-provisioning
set config-unassigned-phone {enable | disable}
set ntp-interface {port1 | port2 | port3 | port4}
set ntp-server <ip_string>
set ntp-server-option {bind-to-interface | static-ip}
set phone-configure-pin <string>
set sip-interface {port1 | port2 | port3 | port4}
set sip-server <ip_string>
set sip-server-option {bind-to-interface | static-ip}
set status {enable | disable}
set tftp-interface {port1 | port2 | port3 | port4}
set tftp-server <ip_string>
set tftp-server-option {bind-to-interface | static-ip}
end
Variable
Description
Default
config-unassigned-phone Enable to generate phone configuration files for the
{enable | disable}
supported unassigned SIP phones.
enable
With this option selected, once a supported SIP phone
connects to the FortiVoice unit and is auto-discovered,
the FortiVoice unit assigns an IP address to the phone
and sends the basic PBX setup information to it.
ntp-interface {port1 |
port2 | port3 | port4}
If you enter bind-to-interface for ntp-server-option port1
{bind-to-interface | static-ip}, enter the interface for the
NTP server. The SIP phones connect to this server to
sychronize time.
ntp-server <ip_string>
If you enter static-ip for ntp-server-option {bind-tointerface | static-ip}, enter the current public IP address
or public domain name of the server. The SIP phones
connect to this server to sychronize time.
ntp-server-option {bindto-interface | static-ip}
Enter the option for the SIP phones to connect to the
NTP server to sychronize time.
phone-configure-pin
<string>
Enter a password to be used by a FortiFone that
connects to the FortiVoice unit to set mobile extension
number.
sip-interface {port1 |
port2 | port3 | port4}
If you enter bind-to-interface for sip-server-option
{bind-to-interface | static-ip}, enter the interface for the
server. The SIP phones connect to this server to register.
Fortinet Technologies Inc.
Page 82
static-ip
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
sip-server <ip_string>
If you enter static-ip for sip-server-option {bind-tointerface | static-ip}, enter the current public IP address
or public domain name of the server. The SIP phones
connect to this server to register.
sip-server-option {bindto-interface | static-ip}
Enter the option for the SIP phones to connect to the SIP bind-toserver to register.
interface
status {enable | disable}
Enable to activate SIP phone auto provisioning
tftp-interface {port1 |
port2 | port3 | port4}
If you enter bind-to-interface for tftp-server-option
{bind-to-interface | static-ip}, enter the interface for the
server. The SIP phones connect to this server to receive
the PBX setup information.
tftp-server <ip_string>
If you enter static-ip for tftp-server-option {bind-tointerface | static-ip}, enter the current public IP address
or public domain name of the server. The SIP phones
connect to this server to receive the PBX setup
information.
tftp-server-option {bind- Enter the option for the SIP phones to connect to the
to-interface | static-ip}
TFTP server to receive the PBX setup information.
Fortinet Technologies Inc.
Page 83
disable
1.1.1.1
static-ip
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system certificate ca
Use this command to import certificates for certificate authorities (CA).
Certificate authorities validate and sign other certificates in order to indicate to third parties that
those other certificates may be trusted to be authentic.
CA certificates are required by connections that use transport layer security (TLS). For more
information, see the FortiVoice Setup and Administration Guide.
Syntax
config system certificate ca
edit <name_str>
set certificate <cert_str>
end
Variable
Description
<name_str>
Enter a name for this certificate.
certificate <cert_str>
Enter or paste the certificate in PEM format to import it.
Fortinet Technologies Inc.
Page 84
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system certificate crl
Use this command to import certificate revocation lists.
To ensure that your FortiVoice unit validates only certificates that have not been revoked, you
should periodically upload a current certificate revocation list, which may be provided by
certificate authorities (CA). Alternatively, you can use online certificate status protocol (OCSP) to
query for certificate statuses. For more information, see the FortiVoice Setup and Administration
Guide.
Syntax
config system certificate crl
edit <name_str>
set crl <cert_str>
end
Variable
Description
<name_str>
Enter a name for this certificate revocation list.
crl <cert_str>
Enter or paste the certificate in PEM format to import it.
Fortinet Technologies Inc.
Page 85
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system certificate local
Use this command to import signed certificates and certificate requests in order to install them
for local use by the FortiVoice unit.
FortiVoice units require a local server certificate that it can present when clients request secure
connections, including:
• the web-based manager (HTTPS connections only)
• web user portal (HTTPS connections only)
Caution: When using this command to import a local certificate, you must enter the
commands in the order described in the following syntax. This is because the "set
privatekey...." will need the password to decrypt the private key if it was encrypted and "set
certificate ...." will try to find a matched private key file.
Syntax
config system certificate local
edit <name_str>
set certificate <cert_str>
set comments <comment_str>
set csr <csr_str>
set password <pwd_str>
set private-key <key_str>
end
Variable
Description
<name_str>
Enter a name for the certificate to be imported.
certificate <cert_str>
Enter or paste the certificate in PEM format to import it.
comments
<comment_str>
Enter any comments for this certificate.
csr <csr_str>
Enter or paste the certificate signing request in PEM
format to import it.
password <pwd_str>
Enter a password for the certificate.
private-key <key_str>
Enter a private key for the certificate.
Fortinet Technologies Inc.
Page 86
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system certificate remote
Use this command to import the certificates of the online certificate status protocol (OCSP)
servers of your certificate authority (CA).
OCSP enables you to revoke or validate certificates by query, rather than by importing
certificate revocation lists (CRL).
Remote certificates are required if you enable OCSP for PKI users.
Syntax
config system certificate remote
edit <name_str>
set certificate <cert_str>
end
Variable
Description
<name_str>
Enter a name for the certificate to be imported.
certificate <cert_str>
Enter or paste the certificate in PEM format to import it.
Fortinet Technologies Inc.
Page 87
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system ddns
Use this command to configure the FortiVoice unit to update a dynamic DNS (DDNS) service
with its current public IP address.
Syntax
config system ddns
edit <ddns-service_str>
config domain
edit domain <domain_str>\
set ipmode {auto | bind | static}
set interface <interface_str>
set ip <host_ipv4>
set status {enable | disable}
set type {custom | dynamic | static}
set password <password_str>
set timeout <time_int>
set username <username_str>
end
Variable
Description
Default
<ddns-service_str>
Enter one of the following DDNS update servers:
• members.dhs.org
• dipdnsserver.dipdns.com
• www.dnsart.com
• members.dyndns.org
• www.dyns.net
• ip.todayisp.com
• ods.org
• rh.tzo.com
• ph001.oray.net
Note: You must have an account with this DDNS service
provider.
domain <domain_str>
Enter the domain name that is tied to this username and
server.
ipmode {auto | bind |
static}
Select the method of determining the IP address:
auto
auto: Automatically detect the public IP address of the
FortiVoice unit and use that as the IP address to which
domain <domain_str> will resolve.
bind: Use the IP address of a specific network interface
as the IP address to which domain <domain_str> will
resolve. Also configure interface
<interface_str>.
static: Use the public IP address to which domain
<domain_str> will resolve. Also configure ip
<host_ipv4>.
Fortinet Technologies Inc.
Page 88
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
interface <interface_str> Enter the specific network interface of which the IP
address is used as the IP address to which domain
<domain_str> will resolve.
ip <host_ipv4>
Enter the public IP address to which domain
<domain_str> will resolve.
status {enable | disable}
Enable to notify a DDNS service provider to update
public DNS records when the public IP address of the
FortiVoice unit changes.
disable
type {custom | dynamic | Enter a service type for this domain.
static}
password
<password_str>
Enter the password of the DDNS account.
timeout <time_int>
Enter the amount of time in hours after which your
168
FortiVoice unit will contact the DDNS server to reaffirm its
current IP address.
username
<username_str>
Enter the user name of your account with the DDNS
service provider.
Fortinet Technologies Inc.
Page 89
*
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system dhcp server
Use this command to configure the DHCP server.
A DHCP server provides an address to a client on the network, when requested, from a defined
address range.
You can configure one or more DHCP servers on any FortiVoice interface. A DHCP server
dynamically assigns IP addresses to hosts on the network connected to the interface. The host
extensions must be configured to obtain their IP addresses using DHCP.
Syntax
config system dhcp server
edit <dhcp_id>
config exclude-range
edit <ip_range_id>
set start-ip <ip_addr>
set end-ip <ip_addr>
config ip-range
edit <ip_range_id>
set start-ip <ip_addr>
set end-ip <ip_addr>
config reserved-address
edit <reserved_ip_id>
set ip <ip_addr>
set mac <mac_addr>
set auto-configuration {enable | disable}
set conflicted-ip-timeout <int>
set default-gateway <ip_addr>
set dns-server1 <ip_addr>
set dns-server2 <ip_addr>
set dns-service {default | specify}
set domain <name-str>
set interface <name_str>
set lease-time <int>
set match vci {enable | disable}
set netmask <ip>
set option1 <option_code> [<option_hex>]
set option2 <option_code> [<option_hex>]
set option3 <option_code> [<option_hex>]
set tftp-server <tftp_name/ip>
set status {enable | disable}
set vci-string <string>
end
Fortinet Technologies Inc.
Page 90
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
auto-configuration
{enable | disable}
disable
Enable to auto-provision the SIP phones that use the
FortiVoice unit as the DHCP server.
The FortiVoice unit can auto provision the SIP phones
that it supports if the phones use the FortiVoice unit as
the DHCP server, or if other existing DHCP server is
used, then the DHCP server option 66 should be set to
the FortiVoice unit. In case the FortiVoice unit and the SIP
phone with an IP assigned by a DHCP server are on
different subnets, proper route should be set to make
them reachable.
For more information about auto provisioning, see
“system auto-provisioning” on page 82.
<dhcp_id>
Enter an ID for the DHCP server.
<ip_range_id>
Enter the ID for the DHCP excluded IP range that should
not be assigned.
start-ip <ip_addr>
Enter the start IP address of a range that this server
should not assign to the DHCP clients.
end-ip <ip_addr>
Enter the end IP address of a range that this server
should not assign to the DHCP clients.
<ip_range_id>
Enter the ID for the range of IP addresses that this DHCP
server assigns to DHCP clients.
start-ip <ip_addr>
Enter the start IP address of a range that this DHCP
server assigns to DHCP clients.
end-ip <ip_addr>
Enter the end IP address of a e that this DHCP server
assigns to DHCP clients.
<reserved_ip_id>
Enter the ID for an IP address from the DHCP server to
match it to a specific client using its MAC address.
ip <ip_addr>
Enter an IP address from the DHCP server to match it to 0.0.0.0
a specific client using its MAC address.
00:00:00:
Enter the MAC address to match ip <ip_addr>.
00:00:00
mac <mac_addr>
conflicted-ip-timeout
<int>
default-gateway
<ip_addr>
dns-server1 <ip_addr>
dns-server2 <ip_addr>
Enter the timeout in seconds. If an IP address assigned 1800
by the DHCP server to a client conflicts with the IP
address of another client, the assigned IP address will be
released after the timeout and a new IP address will be
assigned.
192.168.2.9
Enter the IP address of the default gateway that the
9
DHCP server assigns to DHCP clients.
0.0.0.0
Enter the IP address for the primary DNS server.
This option is available when you enter specify in dnsservice {default | specify}.
0.0.0.0
Enter the IP address for the secondary DNS server.
This option is available when you enter specify in dnsservice {default | specify}.
Fortinet Technologies Inc.
Page 91
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
dns-service {default |
specify}
default
Enter default to use the system’s DNS settings and
specify to use a specific DNS server.
If you enter specify, configure dns-server1 <ip_addr>
and dns-server2 <ip_addr>.
Enter the domain that the DHCP server assigns to
clients.
domain <name-str>
Default
interface <name_str>
Enter an interface for the server.
port1
lease-time <int>
Enter the length of time an IP address remains assigned
to a client in seconds. Once the lease expires, the
address is released for allocation to the next client
request for an IP address.
604800
match vci {enable |
disable}
Enable to apply the DHCP configuration to the phones of disable
a specific vendor identified by the VCI string supplied by
the vendor.
Also configure “vci-string <string>” on page 92.
Enter the netmask of the addresses that the DHCP server 255.255.25
assigns.
5.0
netmask <ip>
option1 <option_code>
[<option_hex>]
option2 <option_code>
[<option_hex>]
option3 <option_code>
[<option_hex>]
tftp-server
<tftp_name/ip>
The first, second, and third custom DHCP options that
0
can be sent by the DHCP server. option_code is the
DHCP option code in the range 1 to 255. option_hex
is an even number of hexadecimal characters. For
detailed information about DHCP options, see RFC 2132,
DHCP Options and BOOTP Vendor Extensions.
status {enable | disable}
192.168.2.9
The default TFTP server (192.168.2.99) is where the
9
configuration profiles for some vendors’ phone models
are stored. This is also the IP address of the default
gateway that the DHCP server assigns to DHCP clients.
If you have your own TFTP server for such information,
enter its IP address. However, SIP phone auto
provisioning will not work in this case.
For more information, see “system auto-provisioning” on
page 82.
enable
Enable to activate the DHCP server.
vci-string <string>
Enter the VCI name to match before serving a device.
Fortinet Technologies Inc.
Page 92
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system dns
Use this command to configure the IP addresses of the primary and secondary DNS servers
that the FortiVoice unit will query to resolve domain names into IP addresses.
Syntax
config system dns
set cache {enable | disable}
set primary <dns_ipv4>
set private_ip_query {enable | disable}
set secondary <dns_ipv4>
end
Variable
Description
Default
cache {enable | disable}
Enable to cache DNS query results, improving
performance.
enable
Disable the DNS cache to free memory if you are low on
memory.
primary <dns_ipv4>
Enter the IP address of the primary DNS server.
private_ip_query
{enable | disable}
disable
Enable to perform reverse DNS lookups on private
network IP addresses, as defined in RFC 1918. The DNS
server must have PTR records for your private network’s
IP addresses. Failure to contain records for those IP
addresses may increase DNS query time and cause
query results to be ‘Host not found’.
secondary <dns_ipv4>
Enter the IP address of the secondary DNS serve.
Fortinet Technologies Inc.
Page 93
0.0.0.0
0.0.0.0
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system global
Use this command to configure many FortiVoice system-wide configurations.
Syntax
config system global
set admin-idle-timeout <timeout_int>
set admin-scp {enable | disable}
set default-certificate <name_str>
set disk-monitor {enable | disable}
set hostname <host_str>
set local-domain-name <name_str>
set port-http <port_int>
set port-https <port_int>
set port-ssh <port_int>
set port-telnet <port_int>
end
Variable
Description
Default
admin-idle-timeout
<timeout_int>
Enter the amount of time in minutes after which an idle
administrative session will be automatically logged out.
5
The maximum idle time out is 480 minutes (8 hours). To
improve security, do not increase the idle timeout.
admin-scp
{enable | disable}
Enable to allow system configuration download by SCP. disable
default-certificate
<name_str>
Enter the name of a local certificate to use it as the
“default" (that is, currently chosen for use) certificate.
FortiVoice units require a local server certificate that it
can present when clients request secure connections.
disk-monitor
{enable | disable}
Enable to monitor the hard disk status of the FortiVoice
unit. If a problem is found, an alert email is sent to the
administrator.
disable
hostname <host_str>
Enter the host name of the FortiVoice unit.
Varies by
model.
local-domain-name
<name_str>
Enter the local domain name of the FortiVoice unit.
port-http <port_int>
Enter the HTTP port number for administrative access on 80
all interfaces.
port-https <port_int>
Enter the HTTPs port number for administrative access
on all interfaces.
443
port-ssh <port_int>
Enter the SSH port number for administrative access on
all interfaces.
22
port-telnet <port_int>
Enter the TELNET port number for administrative access 23
on all interfaces.
Fortinet Technologies Inc.
Page 94
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system interface
Use this command to configure allowed and denied administrative access protocols, maximum
transportation unit (MTU) size, and up or down administrative status for the network interfaces
of a FortiVoice unit.
Syntax
config system interface
edit <physical_interface_str>, <logical_interface_str>, or
loopback
set allowaccess {ping | http | https | snmp | ssh | telnet}
set ip <ipv4mask>
set ip6 <ipv6mask>
set mode {static | dhcp}
set mtu <mtu_int>
set speed {auto | 10full | 10half | 100full | 100half | 1000full
|1000half}
set status {down | up}
end
Variable
Description
Default
<physical_interface_str> Enter the name of the physical network interface, such
as port1.
<logical_interface_str>
Enter a name for the VLAN or redundant interface. Then
set the interface type.
loopback
A loopback interface is a logical interface that is always
up (no physical link dependency) and the attached
subnet is always present in the routing table.
The FortiVoice's loopback IP address does not depend
on one specific external port, and is therefore possible to
access it through several physical or VLAN interfaces. In
the current release, you can only add one loopback
interface on the FortiVoice unit.
The loopback interface is useful when you use a layer 2
load balancer in front of several FortiVoice units. In this
case, you can set the FortiVoice loopback interface’s IP
address the same as the load balancer’s IP address and
thus the FortiVoice unit can pick up the traffic forwarded
to it from the load balancer.
Fortinet Technologies Inc.
Page 95
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
allowaccess {ping | http | Enter one or more of the following protocols to add them Varies by
https | snmp | ssh | telnet} to the list of protocols permitted to administratively
the network
access the FortiVoice unit through this network interface: interface.
• ping: Allow ICMP ping responses from this network
interface.
• http: Allow HTTP access to the web-based manager
and user web portal.
Caution: HTTP connections are not secure and can
be intercepted by a third party. To reduce risk to the
security of your FortiVoice unit, enable this option
only on network interfaces connected directly to your
management computer.
• https: Allow secure HTTP (HTTPS) access to the
web-based manager and user web portal.
• snmp: Allow SNMP v2 access.
• ssh: Allow SSH access to the CLI.
• telnet: Allow Telnet access to the CLI.
Caution: Telnet connections are not secure and can
be intercepted by a third party. To reduce risk to the
security of your FortiVoice unit, enable this option
only on network interfaces connected directly to your
management computer.
ip <ipv4mask>
Enter the IP address and netmask of the network
interface.
ip6 <ipv6mask>
Enter the IPv6 address and netmask of the network
interface.
mode {static | dhcp}
Enter the interface mode.
static
mtu <mtu_int>
Enter the maximum packet or Ethernet frame size in
bytes.
1500
If network devices between the FortiVoice unit and its
traffic destinations require smaller or larger units of
traffic, packets may require additional processing at
each node in the network to fragment or defragment the
units, resulting in reduced network performance.
Adjusting the MTU to match your network can improve
network performance.
The valid range is from 576 to 1500 bytes.
speed {auto | 10full |
10half | 100full |
100half | 1000full
|1000half}
Enter the speed of the network interface.
status {down | up}
Enter either up to enable the network interface to send
and receive traffic, or down to disable the network
interface.
Fortinet Technologies Inc.
auto
Note: Some network interfaces may not support all
speeds.
Page 96
up
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system mailserver
Use this command to configure the system-wide mail settings.
Syntax
config system mailserver
set queue-timeout <timeout_int>
set queue-retry <interval_int>
end
Variable
Description
Default
queue-timeout
<timeout_int>
Enter the maximum number of hours that deferred email 24
notifications can remain in the deferred mail queue,
during which the FortiVoice unit periodically retries to
send the message.
After the maximum time has been reached, the
FortiVoice unit will send a final delivery status notification
(DSN) email message to notify the sender that the email
message was undeliverable.
The valid range is from 1 to 240 hours.
queue-retry
<interval_int>
Enter the number of minutes between delivery retries for 15
email messages in the deferred mail queues.
The valid range is from 10 to 120 minutes.
Fortinet Technologies Inc.
Page 97
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system password-policy
Use this command to configure password policy for administrators and user web portal users.
Syntax
config system password-policy
set status {enable | disable}
set apply-to {admin-user | local-mail-user}
set minimum-length <minimum_int>
set must-contain {upper-case-letter | lower-caseletter | number | non-alphanumeric}
end
Variable
Description
Default
status {enable | disable}
Enable to activate the password policy.
disable
apply-to {adminuser | local-mail-user}
Enter where to apply the password policy:
• admin_user — Apply to administrator passwords. If
any password does not conform to the policy, require
that administrator to change the password at the next
login.
• local-mail-user — Apply to FortiVoice web user
portal users’ passwords. If any password does not
conform to the policy, require that user to change the
password at the next login.
minimum-length
<minimum_int>
Enter the minimum acceptable length for passwords.
must-contain {uppercase-letter | lower-caseletter | number | nonalphanumeric}
Enter any of the following special character types to
require in a password. Each selected type must occur at
least once in the password.
8
• upper-case-letter — A, B, C, ... Z
• lower-case-letter — a, b, c, ... z
• number — 0, 1, 2, 3, 4, 5, 6, 7 8, 9
• non-alphanumeric — punctuation marks, @,#, ...
%
Fortinet Technologies Inc.
Page 98
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system port-forwarding
FortiVoice port forwarding allows remote computers, for example, computers on the Internet, to
connect to a specific computer or service within a private local area network (LAN).
For example, FortiVoice port1 is connected to the Internet and its IP address 192.168.37.4, port
7000, is mapped to 10.10.10.42, port 8000, on a private network. Attempts to communicate
with 192.168.37.4, port 7000, from the Internet are translated and sent to 10.10.10.42, port
8000, by the FortiVoice unit. The computers on the Internet are unaware of this translation and
see a single computer at 192.168.37.4, port 7000, rather than the 10.10.10.42 network behind
the FortiVoice unit.
Before you do the mapping, make sure both ports are open.
Syntax
config system port-forwarding
edit <number>
set dst-host <calss_ip>
set dst-port <port_number>
set host <class_ip>
set port <port_number>
set protocol {tcp | udp | both}
end
Variable
Description
<number>
Enter the index number of the entry.
dst-host <calss_ip>
Enter the IP address of the host where the packets will
be forwarded.
0.0.0.0
dst-port <port_number>
Enter the port number of the destination host.
0
host <class_ip>
Enter the IP address of the FortiVoice interface where the 0.0.0.0
packets are received.
port <port_number>
Enter the port number on the FortiVoice interface where
the packets are received.
0
protocol {tcp | udp |
both}
Specify the protocol of the traffic.
tcp
Fortinet Technologies Inc.
Page 99
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system route
Use this command to configure static routes.
Syntax
config system route
edit <route_int>
set destination <destination_ipv4mask>
set gateway <gateway_ipv4>
end
Variable
Description
Default
<route_int>
Enter the index number of the route in the routing table.
destination
Enter the destination IP address and netmask of traffic
0.0.0.0
<destination_ipv4mask> that will be subject to this route, separated with a space. 0.0.0.0
To indicate all traffic regardless of IP address and
netmask, enter 0.0.0.0 0.0.0.0.
gateway
<gateway_ipv4>
Fortinet Technologies Inc.
Enter the IP address of the gateway router.
Page 100
0.0.0.0
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system sip-setting
Use this command to configure Session Initiation Protocol (SIP) settings.
Syntax
config system sip-setting
set default-register-interval <interval_int>
set max-register-timeout <integer>
set min-register-timeout <integer>
set rtp-hold-timeout <timeout_int>
set rtp-timeout <timeout_int>
set rtp-port-end <integer>
set rtp-port-start <integer>
set tcp-port <port_num>
set tls-client-protocol {sslv2 | sslv3 | tlsv1}
set tls-port <port_num>
set tls-server-cert-verification {enable | disable}
set transport {tcp | tls | udp}
set udp-port <port_num>
end
Variable
Description
default-register-interval
<interval_int>
2
If this is a dynamic account with the VoIP service
provider, enter the registration interval as required by the
VoIP provider in minutes. After each registration interval
the FortiVoice unit renews the registration of the account
with the VoIP provider.
max-register-timeout
<integer>
Enter the maximum phone registration time limit as
required by the FortiVoice unit in minutes. If a phone’s
registration timeout setting exceeds the value of this
option, the FortiVoice unit deregisters the phone.
min-register-timeout
<integer>
Enter the minimum phone registration time limit as
1
required by the FortiVoice unit in minutes. If a phone’s
registration timeout setting is lower than the value of this
option, the FortiVoice unit deregisters the phone.
rtp-hold-timeout
<timeout_int>
Enter the amount of time in seconds that the extension
will wait on hold for RTP packets before hanging up the
call. 0 means no time limit.
rtp-timeout
<timeout_int>
Enter the amount of time in seconds during an active call 60
that the extension will wait for RTP packets before
hanging up the call. 0 means no time limit.
rtp-port-end <integer>
Enter the end RTP port that the FortiVoice unit will use
30000
for phone call sessions. Ensure there is a reasonable port
range so that you have enough ports for all open calls.
rtp-port-start <integer>
Enter the starting Real-time Transport Protocol (RTP)
5000
port that the FortiVoice unit will use for phone call
sessions. If the unit is behind a firewall, these ports
should be open. Ensure there is a reasonable port range
so that you have enough ports for all open calls.
Fortinet Technologies Inc.
Page 101
Default
480
300
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
tcp-port <port_num>
If you entered tcp in transport {tcp | tls | udp}, enter the
TCP port used for SIP.
5060
tls-client-protocol {sslv2 Enter the TLS protocol version.
| sslv3 | tlsv1}
tlsv1
tls-port <port_num>
If you entered tls in transport {tcp | tls | udp}, enter the
TLS port used for SIP.
5061
tls-server-certverification {enable |
disable}
Enable for the TLS clients to confirm the validity of a
server’s credentials with a trusted root certification
authority’s (CA’s) certificates.
disable
transport {tcp | tls | udp}
Enter the port used for SIP.
tcp tls udp
Also configure tcp-port <port_num>, tls-client-protocol
{sslv2 | sslv3 | tlsv1}, and udp-port <port_num>
depending on your selection.
udp-port <port_num>
Fortinet Technologies Inc.
If you entered udp in transport {tcp | tls | udp}, enter the
UDP port used for SIP.
Page 102
5060
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system time manual
Use this command to manually configure the system time of the FortiVoice unit.
Accurate system time is required by many features of the FortiVoice unit, such as log messages.
This command applies only if NTP is disabled. Alternatively, you can configure the FortiVoice
unit to synchronize its system time with an NTP server. For details, see “system time ntp” on
page 104.
Syntax
config system time manual
set daylight-saving-time {disable | enable}
set zone <zone_int>
end
Variable
Description
Default
daylight-saving-time
{disable | enable}
Enable to automatically adjust the system time for
daylight savings time (DST).
enable
zone <zone_int>
Enter the number that indicates the time zone in which
the FortiVoice unit is located.
12
Fortinet Technologies Inc.
Page 103
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system time ntp
Use this command to configure the FortiVoice unit to synchronize its system time with a
network time protocol (NTP) server.
Accurate system time is required by many features of the FortiMail unit, such as log messages.
Alternatively, you can manually configure the system time of the FortiVoice unit. For details, see
“system time manual” on page 103.
Syntax
config system time ntp
set ntpserver {<address_ipv4> | <fqdn_str>}
set ntpsync {enable | disable}
set syncinterval <interval_int>
end
Variable
Description
Default
ntpserver
{<address_ipv4> |
<fqdn_str>}
Enter either the IP address or fully qualified domain name pool.ntp.org
(FQDN) of an NTP server.
You can add a maximum of 10 NTP servers. The
FortiVoice unit uses the first NTP server based on the
selection mechanism of the NTP protocol.
To locate a public NTP server, visit http://www.ntp.org/.
ntpsync
{enable | disable}
Enable to synchronize the FortiVoice unit with an NTP
server, instead of manually configuring the system time.
syncinterval
<interval_int>
Enter the interval in minutes between synchronizations of 60
the system time with the NTP server. The valid range is
from 1 to 1440 minutes.
Fortinet Technologies Inc.
Page 104
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system voicemail
Use this command to configure FortiVoice voicemail greeting and message length.
Syntax
config system voicemail
set max-seconds-per-message <int>
set max-greeting-seconds <int>
end
Variable
Description
Default
max-seconds-permessage <int>
Enter the maximum message length in seconds.
600
max-greeting-seconds
<int>
Enter the maximum greeting length in seconds.
600
Fortinet Technologies Inc.
Page 105
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
trunk office-peer
If you have remote offices equipped with VoIP network, use this command to configure office
peer trunks so that offices can call each other as if they are local extensions.
Syntax
config trunk office-peer
edit <peer_name>
set auth-incoming {enable | disable}
set auth-outgoing {enable | disable}
set port <port_num>
set remote-server <ip/name_str>
set sip-setting <name>
set status {enable | disable}
set sync-directory {enable | disable}
set type {sip | iax2}
end
Variable
Description
Default
<peer_name>
Enter a name for the trunk.
auth-incoming {enable |
disable}
Enable to authenticate incoming calls.
disable
auth-outgoing {enable |
disable}
Enable to authenticate outgoing calls.
enable
port <port_num>
Enter the port number for VoIP network on the remote
office’s PBX.
5060
remote-server
<ip/name_str>
Enter the domain name or IP address of the remote
office’s PBX.
sip-setting <name>
Enter the SIP profile for the trunk.
For more information, see “system sip-setting” on
page 101.
sip_setting_
default
status {enable | disable}
Enable to activate the trunk.
sync-directory {enable |
disable}
Enable to obtain the phone directory from this office peer disable
on this trunk.
enable
This option only works if the PBX of the remote office is a
FortiVoice unit and sync-directory is enabled on the
remote unit.
type {sip | iax2}
Fortinet Technologies Inc.
Enter the trunk type.
Page 106
sip
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
trunk pstn
Use this command to configure PSTN/PRI trunks.
PSTN (Public Switched Telephone Network)/PRI (Primary Rate Interface) trunks connect your
PBX or VoIP network to your PSTN service providers and through them to the outside world.
These trunks can be analog or digital phone lines.
This option is only available on the FortiVoice 200D-T model.
The FortiVoice 200D-T supports four FXO (Foreign eXchange Office) analog ports and one FXS
(Foreign eXchange Subscriber) digital port.
There are two default PSTN/PRI trunks:
• T1/E1 voice circuit trunk - pri1 that uses ISDN PRI
• analog CO (Central Office) trunk - line1 that uses four FXO ports
You can modify the default trunks.
Syntax
config trunk pstn
edit {line1 | pri1}
config did
edit <did_id>
set number <did_number_str>
set caller-name <name_str>
set caller-number <number_int>
set description <string>
set group <group_id>
set number-pattern <pattern_str>
set span <name_str>
set status {enable | disable}
set type {analog | digital}
end
Variable
Description
{line1 | pri1}
Enter line1 to configure the analog CO trunk, or pri1 to
configure the the T1/E1 voice circuit trunk.
<did_id>
Enter the ID for the DID configuration.
number
<did_number_str>
Enter the Direct Inward Dial number provided by your
PSTN service provider. DID allows the service provider
SIP server to direct calls from external callers directly to
the FortiVoice unit. You can add multiple DIDs.
caller-name <name_str>
Enter your caller ID that will appear on the called phone,
such as Example Company.
caller-number
<number_int>
Enter the phone number that will appear on the called
phone.
description <string>
Enter any descriptions about the trunk.
0
group <group_id>
For digital trunk, enter 1, and for analog trunk, enter 2.
2
Fortinet Technologies Inc.
Page 107
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
number-pattern
<pattern_str>
Enter the pattern for outgoing call numbers.
span <name_str>
Enter a span name.
For information on pattern-matching syntax and patternmatching examples, see “pbx number-management” on
page 57.
Spans represent trunks (spans) of T1/E1 PSTN lines. The
FortiVoice unit supports T1/E1 lines according to the
installed voice card.
status {enable | disable}
Enable to activate the analog trunk.
enable
type {analog | digital}
Enter the trunk type.
analog
Fortinet Technologies Inc.
Page 108
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
trunk sip-peer
Use this command to add one or more SIP service providers to the FortiVoice unit trunk
configuration. The service providers deliver your telephone services to customers equipped
with SIP-based PBX (IP-PBX).
Syntax
config trunk sip-peer
edit <peer_name>
config did
edit <did_id>
set number <did_number_str>
set caller-name <id_str>
set caller-number <string>
set dns-srv-record {enable | disable}
set max-incoming-channels <channel_int>
set max-outgoing-channels <channel_int>
set number-pattern <pattern_str>
set password <pwd_str>
set proxy {enable | disable}
set proxy-port <integer>
set proxy-server <string>
set proxy-transport {tcp | tls | udp}
set realm <string>
set register-expiry <string>
set register-string <string>
set registration {disable | registra-server | standard | userdefine}
set registra-port <int>
set registra-server <host/ip_str>
set registra-transport {tcp | tls | udp}
set sip-port <int>
set sip-server <host/ip_str>
set sip-setting <name>
set status {enable | disable}
set username<name_str>
end
Variable
Description
<peer_name>
Enter a name for the trunk.
<did_id>
Enter the ID for the DID configuration.
number
<did_number_str>
Enter the Direct Inward Dial number provided by your
service provider. DID allows the service provider SIP
server to direct calls from external callers directly to the
FortiVoice unit. You can add multiple DIDs.
caller-name <id_str>
Enter your caller ID that will appear on the phone of an
outbound call receiver.
Fortinet Technologies Inc.
Page 109
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
caller-number <string>
Enter the phone number that will appear on the called
phone.
dns-srv-record {enable |
disable}
If you entered the VoIP provider’s domain name in the
disable
SIP server field, enable to translate the domain name and
obtain the SIP port.
max-incoming-channels
<channel_int>
Enter the mximum channel numbers for incoming calls.
max-outgoing-channels
<channel_int>
Enter the maximum channel numbers for outgoing calls. 0
number-pattern
<pattern_str>
Enter the pattern for outgoing call numbers.
password <pwd_str>
Enter the password provided by the provider for the
FortiVoice unit to register with the SIP server.
proxy {enable | disable}
Enable to activate the proxy server settings.
0
For information on pattern-matching syntax and patternmatching examples, see “pbx number-management” on
page 57.
enable
Some service providers use proxy servers to direct its
traffic. If this is the case, your registration request will go
to the proxy server first before reaching the registration
server.
proxy-port <integer>
Enter the port number of the proxy server.
proxy-server <string>
Enter the proxy server’s domain name or IP address. For
example, 172.20.120.11 or voip.example.com.
proxy-transport {tcp | tls | Enter the transport protocol used for the registration.
udp}
realm <string>
Some VoIP service providers’ SIP servers authenticate
the PBXes that register with them by requesting the
name of the host performing the authentication. If this is
the case with your VoIP service provider, enter the name
of the host performing the authentication provided by
your VoIP service provider.
register-expiry <string>
Enter the SIP registration expiry in minutes.
register-string <string>
If you enter user-define for registration {disable |
registra-server | standard | user-define}, enter the
registration string which usually has the following
formats:
5060
udp
2
register => user[:secret[:
authuser]]@host
[:port][/extension]
or
register => fromuser@fromdomain:
secret@host
or
register => fromuser@fromdomain:secret:
authuser@host:port/extension
For example, a string could be: register => 2345:
password@mysipprovider.com/1234
Fortinet Technologies Inc.
Page 110
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
registration {disable |
Enter the SIP registration information from the VoIP
registra-server | standard | service provider. You can receive calls after registering
user-define}
with the SIP server of the service provider.
disable
• Disable: Disables registration with the service
provider. This trunk is not usable.
• registra-server: enter the registration
information from the VoIP service provider. Also
configure registra-port <int>, registra-server
<host/ip_str>, and registra-transport {tcp | tls | udp}.
• Standard: Enter to use the standard registration
method which automatically registers with the SIP
server of the VoIP service provider.
• User-define: Enter to use your own registration
string. Also configure register-string <string>.
registra-port <int>
Most SIP configurations use TCP or UDP port 5060 for 5060
SIP sessions. If your provider uses a different port for SIP
sessions, enter the port number.
This option is available if you enter registra-server
in registration {disable | registra-server | standard | userdefine}.
registra-server
<host/ip_str>
Enter the VoIP provider’s SIP registration server domain
name or IP address. For example, 172.20.120.11 or
voip.example.com.
This option is available if you enter registra-server
in registration {disable | registra-server | standard | userdefine}.
registra-transport {tcp |
tls | udp}
Enter the transport protocol used for the registration.
udp
This option is available if you enter registra-server
in registration {disable | registra-server | standard | userdefine}.
sip-port <int>
Most SIP configurations use TCP or UDP port 5060 for 5060
SIP sessions. If your provider uses a different port for SIP
sessions, enter the port number.
sip-server <host/ip_str>
Enter the VoIP provider’s domain name or IP address.
For example, 172.20.120.11 or
voip.example.com.
sip-setting <name>
Enter the SIP profile to apply the supported phone
features and Codecs for the trunk.
For more information, see “system sip-setting” on
page 101.
status {enable | disable}
Enable to activate the SIP trunk.
username<name_str>
Enter the user name provided by the provider for the
FortiVoice unit to register with the SIP server.
Fortinet Technologies Inc.
Page 111
enable
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
voice music-on-hold
Use this command to choose the sound files to play while a call is on hold.
For information on sound files, see “voice sound-file” on page 113.
Syntax
config voice music-on-hold
edit <name>
set description <str>
set members <name_str>
set mode {random | sequential}
end
Variable
Description
<name>
Enter a name for the configuration.
description <str>
Enter a description for the music on hold file.
members <name_str>
Enter the sound file to use as the music on hold file.
mode {random |
sequential}
If you want to play the sound files randomly, Enter
Random. If you want to play the files according to the
order of members <name_str> you entered, enter
sequential.
Fortinet Technologies Inc.
Page 112
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
voice sound-file
Use this command to configure phone sound files such as voicemail greetings. These files can
be used when configuring music on hold, conference calls, and auto attendants.
Syntax
config voice sound-file
edit <name>
set description <str>
set language <int>
end
Variable
Description
<name>
Enter a name for the configuration.
description <str>
Enter a description for the sound file.
language <int>
Enter the number representing the language.
Fortinet Technologies Inc.
Page 113
Default
1
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
execute
execute commands perform immediate operations on the FortiVoice unit.
This chapter describes the following execute commands:
backup
restore config
certificate
restore image
checklogdisk
shutdown
date
smtptest
db
storage
factoryreset
telnettest
nslookup
traceroute
partitionlogdisk
user-config
phone
user-config
ping
ping-option
ping6
ping6-option
reboot
reload
Page 114
backup
Use this command to back up the configuration file to either a TFTP server or FortiManager
(“management-station”).
Syntax
execute backup {config | full-config | user-config}
{tftp <filename_str> <tftp_ipv4> [<password_str>] |
management-station [<comments_str>]}
Variable
Description
{config | full-config |
user-config}
Type either:
Default
• config: Back up configuration changes only. The
default settings will not be backed up.
• full-config: Back up the entire configuration file,
including the default settings.
• user-config: Enable updating user-specific
configurations, such as user preferences, to the user
configuration file. To update the configurations, see
“user-config” on page 140.
<filename_str>
Type the file name that will be used for the backup file, such
as FortiVoice_backup.txt.
<tftp_ipv4>
Type the IP address of the TFTP server.
[<password_str>]
Type a password that will be used to encrypt the backup
file, and which must be provided when restoring the backup
file.
If you do not provide a password, the backup file is stored
as clear text.
[<comments_str>]
Fortinet Technologies Inc.
If you are adding a comment, do not add spaces,
underscore characters ( _ ), or quotation marks ( “ ) or any
other punctuation marks.
Page 115
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
certificate
Use this command to upload and download certificates, and to generate certificate signing
requests (CSR).
Syntax
execute certificate ca import tftp <file_name> <tftp_ip>
execute certificate ca export tftp <cert_name> <file_name> <tftp_ip>
execute certificate config verify
execute certificate crl import tftp <file_name> <tftp_ip>
execute certificate local export tftp <cert_name> <file_name>
<tftp_ip>
execute certificate local generate <cert_name> <key_size> <subject>
<country> <state> <organization> <unit> <email>
execute certificate local import tftp <file_name> <tftp_ip>
execute certificate remote import tftp <file_name> <tftp_ip>
execute certificate remote export tftp <cert_name> <file_name>
<tftp_ip>
Variable
Description
Default
ca import tftp
Imports the certificate authority (CA) certificate from a TFTP
<file_name> <tftp_ip> server.
Certificate authorities validate and sign other certificates in
order to indicate to third parties that those other certificates
may be trusted to be authentic.
ca export tftp
Exports the CA certificate to a TFTP server.
<cert_name>
<file_name> <tftp_ip>
config verify
Since the FortiVoice unit stores configuration information of
CA certificates and local certificates in the configuration file
and stores the certificates themselves in the file system, in
some circumstances (such as a firmware upgrade or an
abnormal system shutdown), the certificate configuration
and the certificate may be out of sync.
Use this command to synchronize the certificate
configuration in the configuration file with the certificate in
the file system.
crl import tftp
Imports the Certificate Revocation List.
<file_name> <tftp_ip>
To ensure that your FortiVoice unit validates only certificates
that have not been revoked, you should periodically upload
a current certificate revocation list, which may be provided
by certificate authorities (CA). Alternatively, you can use
online certificate status protocol (OCSP) to query for
certificate statuses.
local export tftp
Exports a certificate signing request or a local certificate to
<cert_name>
a TFTP server.
<file_name> <tftp_ip>
Note that this command does not support exporting a
certificate in PKCS#12 format. To do this, you must go to
the web UI.
Fortinet Technologies Inc.
Page 116
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Variable
Description
Default
local generate
<cert_name>
<key_size> <subject>
<country> <state>
<organization> <unit>
<email>
Enter the information required to generate a certificate
signing request.
Certificate signing request files can then be submitted for
verification and signing by a certificate authority (CA).
local import tftp
Imports a local certificate from a TFTP server. Note that this
<file_name> <tftp_ip> command does not support importing a certificate that is in
PKCS#12 format. To do this, you must go to the web UI.
FortiVoice units require a local server certificate that it can
present when clients request secure connections,
including:
the web UI (HTTPS connections only)
webmail (HTTPS connections only)
secure email, such as SMTPS, IMAPS, and POP3S
remote import tftp
Imports the certificate of the online certificate status
<file_name> <tftp_ip> protocol (OCSP) servers of your certificate authority (CA).
OCSP enables you to revoke or validate certificates by
query, rather than by importing certificate revocation lists
(CRL).
remote export tftp
Exports the OCSP certificate to a TFTP server.
<cert_name>
<file_name> <tftp_ip>
Fortinet Technologies Inc.
Page 117
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
checklogdisk
Use this command to find and correct errors on the log disk.
Use this command only when recommended by Fortinet Technical Support. Logging is
suspended while this command is executing.
Syntax
execute checklogdisk
Fortinet Technologies Inc.
Page 118
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
date
Use this command to set the system date.
Syntax
execute date <date_str>
Variable
Description
<date_str>
Enter the system date in the format of mm/dd/yyyy.
Fortinet Technologies Inc.
Page 119
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
db
Use this command to repair, rebuild, or reset the FortiVoice databases.
Syntax
execute db force-recover
execute db rebuild
execute db reset <database>
Variable
Description
force-recover
Try to repair all of the databases using force recovery.
rebuild
Clean and rebuild all of the databases.
reset <database>
Enter the name of the database to clean and rebuild.
Fortinet Technologies Inc.
Page 120
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
dhcp lease-clear
Use this command to clear all DHCP address leases.
Syntax
For IPv4:
execute dhcp lease-clear
For IPv6:
execute dhcp6 lease-clear
Fortinet Technologies Inc.
Page 121
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
dhcp lease-list
Use this command to display DHCP leases on a given interface.
Syntax
For IPv4:
execute dhcp lease-list [interface_name]
For IPv6:
execute dhcp6 lease-list [interface_name]
If you specify an interface, the command lists only the leases issued on that interface.
Otherwise, the list includes all leases issued by DHCP servers on the FortiVoice unit.
If there are no DHCP leases in use on the FortiVocie unit, an error will be returned.
Fortinet Technologies Inc.
Page 122
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
factoryreset
Use this command to reset the FortiVoice unit to its default settings for the currently installed
firmware version. If you have not upgraded or downgraded the firmware, this restores factory
default settings.
Back up your configuration before entering this command. This procedure resets all changes
that you have made to the FortiVoice unit’s configuration file and reverts the system to the
default values for the firmware version, including factory default settings for the IP addresses
of network interfaces. For information on creating a backup, see the FortiVoice Setup and
Administration Guide.
Syntax
execute factoryreset
Fortinet Technologies Inc.
Page 123
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
nslookup
Use this command to query the DNS server for domain name or IP address mapping or for any
other specific DNS record.
Syntax
execute nslookup name <fqdn | ip> type <type> class <class> server
<dns_server> port <port_number>
Variable
Description
Default
name <fqdn | ip> type <type>
<fqdn | ip>: enter either an IP address or a fully
class <class> server <dns_server> qualified domain name (FQDN) of a host.
port <port_number>
<type>: optionally specify the DNS query type:
A
• A -- host address
• AAAA -- IPv6 address
• ANY -- all cached records
• CNAME -- canonical name
• DLV -- DNSSEC lookaside validation
• DNSKEY -- DNS key
• DS -- delegation signer
• MX -- mail exchanger
• NS -- authoritative name server
• NSEC -- next SECure
• NSEC3 -- NSEC3 parameters
• PTR -- domain name pointer
• RRSIG -- DNSSEC signature
• SOS -- start of authority zone
• SPF -- sender policy framework
• TA -- DNSSEC trust authorities
• TXT -- text string
The default type is A.
<class>: optionally specify the DNS class type:
either IN or ANY.
ANY
<dns_server>: optionally specify the DNS
server’s host name or IP address. If you do not
specify the server here, FortiMail will use its local
host DNS settings.
<port_number>: optionally specify the port
number of the DNS server.
Fortinet Technologies Inc.
Page 124
53
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
partitionlogdisk
Use this command to adjust the size ratio of the hard disk partitions for log and voice data.
Back up all data on the disks before beginning this procedure. Partitioning the hard disks
deletes all files on those disks.
Syntax
execute partitionlogdisk <logpercentage_str>
Variable
Description
Default
partitionlogdisk
<logpercentage_str>
Enter an integer between 10 and 90 to create a
partition for log files using that percentage of the
total hard disk space.
25
The remaining partition (by default, 75% of the
hard disk space) will be used for voice data.
Fortinet Technologies Inc.
Page 125
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
phone
Use this command to reboot phones remotely and create or delete all SIP phone auto
provisioning files.
For information on confguring auto provisioning, see “system auto-provisioning” on page 82.
Syntax
execute partitionlogdisk <logpercentage_str>
Variable
Description
reboot <extension_num_str>
Enter the extensions to be rebooted.
cfg-all {generate | delete}
Enter generate to refresh the files and delete
to remove the files.
Fortinet Technologies Inc.
Page 126
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
ping
Use this command to perform an ICMP ECHO request (also called a ping) to a host by
specifying its fully qualified domain name (FQDN) or IP address, using the options configured by
“ping-option” on page 128.
Pings are often used to test connectivity.
Syntax
execute ping {<fqdn_str> | <host_ipv4>}
Variable
Description
ping {<fqdn_str> | <host_ipv4>}
Enter either the IP address or fully qualified
domain name (FQDN) of the host.
Fortinet Technologies Inc.
Page 127
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
ping-option
Use this command to configure behavior of “ping” on page 127.
Syntax
execute ping-option
execute ping-option
execute ping-option
execute ping-option
execute ping-option
execute ping-option
execute ping-option
throughput}
execute ping-option
execute ping-option
execute ping-option
data-size <bytes_int>
df-bit {yes | no}
pattern <bufferpattern_hex>
repeat-count <repeat_int>
source {auto | <interface_ipv4>}
timeout <seconds_int>
tos {default | lowcost | lowdelay | reliability |
ttl <hops_int>
validate-reply {yes | no}
view-settings
Variable
Description
Default
data-size <bytes_int>
Enter datagram size in bytes.This allows you to
56
send out packets of different sizes for testing the
effect of packet size on the connection. If you
want to configure the pattern that will be used to
buffer small datagrams to reach this size, also
configure pattern <bufferpattern_hex>.
df-bit {yes | no}
Enter either yes to set the DF bit in the IP header no
to prevent the ICMP packet from being
fragmented, or enter no to allow the ICMP packet
to be fragmented.
pattern <bufferpattern_hex>
Enter a hexadecimal pattern, such as 00ffaabb,
to fill the optional data buffer at the end of the
ICMP packet. The size of the buffer is determined
by data-size <bytes_int>.
repeat-count <repeat_int>
Enter the number of times to repeat the ping.
source {auto | <interface_ipv4>}
Select the network interface from which the ping auto
is sent. Enter either auto or a FortiVoice network
interface’s IP address.
timeout <seconds_int>
Enter the ping response timeout in seconds.
2
tos {default | lowcost | lowdelay |
reliability | throughput}
Enter the IP type-of-service option value, either:
default
5
• default: Do not indicate. (That is, set the
TOS byte to 0.)
• lowcost: Minimize cost.
• lowdelay: Minimize delay.
• reliability: Maximize reliability.
• throughput: Maximize throughput.
ttl <hops_int>
Enter the time-to-live (TTL) value.
64
validate-reply {yes | no}
Select whether or not to validate ping replies.
no
view-settings
Display the current ping option settings.
Fortinet Technologies Inc.
Page 128
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
ping6
Use this command to perform a ping6 request to an IPv6 host by specifying its fully qualified
domain name (FQDN) or IP address, using the options configured by “ping6-option” on
page 130.
Pings are often used to test connectivity.
Syntax
execute ping6 {<fqdn_str> | <host_ipv4>}
Variable
Description
Default
ping6 {<fqdn_str> | <host_ipv4>} Enter either the IP address or fully qualified
domain name (FQDN) of the host.
Fortinet Technologies Inc.
Page 129
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
ping6-option
Use this command to configure behavior of “ping6” on page 129.
Syntax
execute ping6-option
execute ping6-option
execute ping6-option
execute ping6-option
execute ping6-option
execute ping6-option
| throughput}
execute ping6-option
execute ping6-option
execute ping6-option
data-size <bytes_int>
pattern <bufferpattern_hex>
repeat-count <repeat_int>
source {auto | <interface_ipv4>}
timeout <seconds_int>
tos {default | lowcost | lowdelay | reliability
ttl <hops_int>
validate-reply {yes | no}
view-settings
Variable
Description
Default
data-size <bytes_int>
Enter datagram size in bytes.This allows you to
56
send out packets of different sizes for testing the
effect of packet size on the connection. If you
want to configure the pattern that will be used to
buffer small datagrams to reach this size, also
configure pattern <bufferpattern_hex>.
pattern <bufferpattern_hex>
Enter a hexadecimal pattern, such as 00ffaabb,
to fill the optional data buffer at the end of the
ICMP packet. The size of the buffer is determined
by data-size <bytes_int>.
repeat-count <repeat_int>
Enter the number of times to repeat the ping.
source {auto | <interface_ipv4>}
Select the network interface from which the ping auto
is sent. Enter either auto or a FortiVoice network
interface’s IP address.
timeout <seconds_int>
Enter the ping response timeout in seconds.
2
tos {default | lowcost | lowdelay |
reliability | throughput}
Enter the IP type-of-service option value, either:
default
5
• default: Do not indicate. (That is, set the
TOS byte to 0.)
• lowcost: Minimize cost.
• lowdelay: Minimize delay.
• reliability: Maximize reliability.
• throughput: Maximize throughput.
ttl <hops_int>
Enter the time-to-live (TTL) value.
64
validate-reply {yes | no}
Select whether or not to validate ping replies.
no
view-settings
Display the current ping option settings.
Fortinet Technologies Inc.
Page 130
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
reboot
Use this command to restart the FortiVoice unit.
Syntax
execute reboot
Fortinet Technologies Inc.
Page 131
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
reload
If you set your console to batch mode, use this command to flush the current configuration from
system memory (RAM) and reload the configuration from a previously saved configuration file.
In addition, you can also use this command to reload individual daemons that have crashed. In
this case, the command is as following:
exec reload [{httpd | ...}]
where [{httpd | ...}] indicates the name of a specific daemon that you want to restart, if you want
to limit the reload to a specific daemon.
For example, if HTTP and HTTPS access are enabled, but you cannot get a connection
response on webmail or the GUI, although you can still connect via SSH and ping. Thus you
know that the FortiVoice unit has not crashed entirely. If you do not want to reboot because this
would interrupt SMTP, you can choose to restart the HTTP daemon only.
FVC200D# exec reload httpd
Restart httpd?
Do you want to continue? (y/n)y
Reloading httpd....done
Note that the command does not check whether your indicated daemon actually exists. It
simply indicates whether the command is executed. If the command does not take a few
seconds to execute, it is possible that the daemon does not really exist.
Syntax
execute reload [<daemon_name>]
Fortinet Technologies Inc.
Page 132
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
restore config
Use this command to restore a primary configuration file from a TFTP server.
Back up your configuration before entering this command. This procedure can perform large
changes to your configuration, including, if you are downgrading the firmware, resetting all
changes that you have made to the FortiVoice unit’s configuration file and reverting the
system to the default values for the firmware version, including factory default settings for the
IP addresses of network interfaces. For information on creating a backup, see the FortiVoice
Setup and Administration Guide.
Unlike installing firmware via TFTP during a boot interrupt, installing firmware using this
command will attempt to preserve settings and files, and not necessarily restore the
FortiVoice unit to its firmware/factory default configuration. For information on installing
firmware via TFTP boot interrupt, see the FortiVoice Setup and Administration Guide.
Syntax
execute restore config {tftp <filename_str> <server_ipv4> |
management-station {normal | template} <revision_int>}
Variable
Description
Default
<filename_str>
If you want to restore a configuration file stored on
a TFTP server, enter the name of the configuration
file.
<server_ipv4>
If you want to restore a configuration file stored on
a TFTP server, enter the IP address of the TFTP
server.
management-station {normal |
template}
If you want to restore a configuration file or apply a
template stored on a FortiManager unit, enter the
management-station keyword then enter
either:
• normal: Restore a configuration revision
number.
• template: Apply a template revision number.
<revision_int>
Fortinet Technologies Inc.
If you want to restore a configuration file or apply a
template stored on a FortiManager unit, enter the
revision number of the configuration file or
template.
Page 133
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
restore image
Use this command to restore a firmware file from a TFTP server or FortiManager unit.
Back up your configuration before entering this command. This procedure can perform large
changes to your configuration, including, if you are downgrading the firmware, resetting all
changes that you have made to the FortiVoice unit’s configuration file and reverting the
system to the default values for the firmware version, including factory default settings for the
IP addresses of network interfaces. For information on creating a backup, see the FortiVoice
Setup and Administration Guide.
Syntax
execute restore image {tftp <filename_str> <server_ipv4> |
management-station <image_id>}
Variable
Description
<filename_str>
If you want to restore a firmware file stored on a
TFTP server, enter the name of the firmware file
backup file.
<server_ipv4>
If you want to restore a firmware file stored on a
TFTP server, enter the IP address of the TFTP
server.
management-station <image_id>
If you want to restore a firmware file stored on a
FortiManager unit, enter the
management-station keyword then enter the
ID number of the firmware file.
Fortinet Technologies Inc.
Page 134
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
shutdown
Use this command to prepare the FortiVoice unit to be powered down by halting the software,
clearing all buffers, and writing all cached data to disk.
Power off the FortiVoice unit only after issuing this command. Unplugging or switching off the
FortiVoice unit without issuing this command could result in data loss.
Syntax
execute shutdown
Fortinet Technologies Inc.
Page 135
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
smtptest
Use this command to test SMTP connectivity to a specified host.
Syntax
execute smtptest {<fqdn_str> | <host_ipv4>}[:<port_int>] [domain
<domain_str>]
Variable
Description
Default
{<fqdn_str> | <host_ipv4>}
Enter the IP address or fully qualified domain
name (FQDN) of the SMTP server.
No
default.
[:<port_int>]
If the SMTP server listens on a port number other :25
than port 25, enter a colon (:) followed by the port
number.
[domain <domain_str>]
If you want to test the connection from an IP
address in the protected domain’s IP pool, enter
the name of the protected domain.
Fortinet Technologies Inc.
Page 136
No
default.
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
storage
Use this command to configure remote file storage.
Syntax
execute
execute
execute
execute
storage
storage
storage
storage
format
fscheck
start
test
Variable
Description
format
Remove all data on the remote storage device.
fscheck
Check the remote file storage system.
start
Start the remote storage daemon.
test
Test the remote file storage system.
Fortinet Technologies Inc.
Page 137
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
telnettest
Use this command to test Telnet connectivity to a specified host.
Syntax
execute telnettest {<fqdn_str> | <host_ipv4>}[:<port_int>]
Variable
Description
Default
{<fqdn_str> |
<host_ipv4>}
Enter the IP address or fully qualified domain name
(FQDN) of the Telnet server.
No
default.
[:<port_int>]
If the Telnet server listens on a port number other than
port 23, enter a colon (:) followed by the port number.
:23
Fortinet Technologies Inc.
Page 138
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
traceroute
Use this command to use ICMP to test the connection between the FortiVoice unit and another
network device, and display information about the time required for network hops between the
device and the FortiVoice unit.
Syntax
execute traceroute {<fqdn_str> | <host_ipv4>}
Variable
Description
traceroute {<fqdn_str> |
<host_ipv4>}
Enter the IP address or fully qualified domain
name (FQDN) of the host.
Fortinet Technologies Inc.
Page 139
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
user-config
Use this command to generate a file with the latest user-specific configurations, such as user
preferences, to the user configuration file, so that you will have the latest configuration when
you make a configuration backup using backup.
Syntax
execute user-config generate
execute user-config getinfo
Variable
Description
generate
Updates the user configuration file with the latest
user-specific configuration.
getinfo
Displays the timestamp when the last configuration
file update was performed.
Fortinet Technologies Inc.
Page 140
Default
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
get
get commands display a part of your FortiVoice unit’s configuration in the form of a list of
settings and their values.
Unlike show, get displays all settings, even if they are still in their default state.
For example, you might get the current DNS settings:
FVC200D# get system dns
primary
secondary
private-ip-query
cache
:
:
:
:
172.16.95.19
0.0.0.0
enable
enable
Notice that the command displays the setting for the secondary DNS server, even though it has
not been configured, or has been reverted to its default value.
Also unlike show, unless used from within an object or table, get requires that you specify the
object or table whose settings you want to display.
For example, at the root prompt, this command would be valid:
FVC200D# get system dns
and this command would not:
FVC200D# get
Depending on whether or not you have specified an object, like show, get may display one of
two different outputs: either the configuration that you have just entered but not yet saved, or
the configuration as it currently exists on the disk, respectively.
For example, immediately after configuring the secondary DNS server setting but before saving
it, get displays two different outputs (differences highlighted in bold):
FVC200D# config system dns
(dns)# set secondary 192.168.1.10
(dns)# get
primary
: 172.16.95.19
secondary
: 192.168.1.10
private-ip-query
: enable
cache
: enable
(dns)# get system dns
primary
: 172.16.95.19
secondary
: 0.0.0.0
private-ip-query
: enable
cache
: enable
The first output from get indicates the value that you have configured but not yet saved; the
second output from get indicates the value that was last saved to disk.
If you were to now enter end, saving your setting to disk, get output for both syntactical forms
would again match. However, if you were to enter abort at this point and discard your recently
Fortinet Technologies Inc.
Page 141
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
entered secondary DNS setting instead of saving it to disk, the FortiVoice unit’s configuration
would therefore match the second output, not the first.
If you have entered settings but cannot remember how they differ from the existing
configuration, the two different forms of get, with and without the object name, can be a useful
way to remind yourself.
Most get commands, such as get system dns, are used to display configured settings. You
can find relevant information about such commands in the corresponding config commands in
the config chapter.
Other get commands, such as system performance, are used to display system information
that is not configurable. This chapter describes this type of get command.
This chapter describes the following commands.
system performance
system status
Although not explicitly shown in this section, for all config commands, there are related get
and show & show full-configuration commands which display that part of the
configuration. get and show commands use the same syntax as their related config
command, unless otherwise mentioned. For syntax examples and descriptions of each
configuration object, field, and option, see “config” on page 22.
Fortinet Technologies Inc.
Page 142
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system performance
Displays the FortiVoice unit’s CPU usage, memory usage, system load, and up time.
Syntax
get system performance
Fortinet Technologies Inc.
Page 143
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
system status
Use this command to display FortiVoice system status information including:
• firmware version, build number and date
• release date and time
• FortiVoice unit serial number and BIOS version
• log hard disk availability
• host name
• branching point (same as firmware build number)
• release version
• system time
Syntax
get system status
Fortinet Technologies Inc.
Page 144
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
show & show full-configuration
The show commands display a part of your FortiVoice unit’s configuration in the form of
commands that are required to achieve that configuration from the firmware’s default state.
Note: Although not explicitly shown in this section, for all config commands,
there are related get and show commands which display that part of the
configuration. get and show commands use the same syntax as their related
config command, unless otherwise mentioned. For syntax examples and
descriptions of each configuration object, field, and option, see the config
chapters.
Unlike get, show does not display settings that are assumed to remain in their default state.
For example, you might show the current DNS settings:
FVC200D# show system dns
config system dns
set primary 172.16.1.10
end
Notice that the command does not display the setting for the secondary DNS server. This
indicates that it has not been configured, or has reverted to its default value.
Exceptions include show full-configuration commands. This displays the full
configuration, including the default settings, simliar to get commands. However, show fullconfiguration output uses configuration file syntax, while get commands do not.
For example, you might show the current DNS settings, including settings that remain at their
default values (differences highlighted in bold):
FVC200D# show full-configuration system dns
config system dns
set primary 172.16.1.10
set secondary 172.16.1.11
set private-ip-query disable
set cache enable
end
Depending on whether or not you have specified an object, like get, show may display one of
two different outputs: either the configuration that you have just entered but not yet saved, or
the configuration as it currently exists on the disk, respectively.
Fortinet Technologies Inc.
Page 145
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
For example, immediately after configuring the secondary DNS server setting but before saving
it, show displays two different outputs (differences highlighted in bold):
FVC200D# config system dns
FVC200D (dns)# set secondary 192.168.1.10
FVC200D (dns)# show
config system dns
set primary 172.16.1.10
set secondary 192.168.1.10
end
FVC200D (dns)# show system dns
config system dns
set primary 172.16.1.10
end
The first output from show indicates the value that you have configured but not yet saved; the
second output from show indicates the value that was last saved to disk.
If you have entered settings but cannot remember how they differ from the existing
configuration, the two different forms of show, with and without the object name, can be a
useful way to remind yourself.
Fortinet Technologies Inc.
Page 146
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Index
A
abort 16
access controls 17
admin 7
administrative access protocol 95
administrator
log messages 45, 47
alert email
event categories 50
recipients 49
ambiguous command 11, 19
ASCII 20
B
batch changes 6, 20
baud rate 20
bits per second (bps) 7
boot interrupt 6, 133
C
certificate
server 86, 94, 117
certificate authority (CA) 84, 85, 87, 116, 117
certificate revocation list (CRL) 85, 87, 116, 117
characters, special 19
CIDR 13
CLI
connecting 6
connecting to the 6
command 11
abbreviation 19
ambiguous 11, 19
completion 18
help 18
incomplete 11
interactive 19
prompt 14, 18
scope 11, 12
command line interface (CLI) 10
comma-separated value (CSV) 45
config router 145
configuration script 6
connecting to the FortiMail CLI using SSH 9
connecting to the FortiMail CLI using Telnet 10
connecting to the FortiMail console 6
console port 6, 7
CPU usage 143
D
DB-9 6
default
administrator account 7
password 7
definitions 11
delete, shell command 15
Fortinet Technologies Inc.
delivery status notification (DSN) 97
DIGEST-MD5 51
digital certificate requests 84, 85, 86, 87
dotted decimal 13
E
edit
shell command 15
_email 13
encoding 20
end
command in an edit shell 16
shell command 15
error message 12
escape sequence 19
expected input 10
extended simple mail transport (ESMTP) 51
F
field 12
firmware
restoring 6
flow control 7
font 20
FortiAnalyzer 45
_fqdn 13
fully qualified domain name (FQDN) 13
G
get
edit shell command 16
shell command 16
H
hard disk
logging to 47
HTTPS 86, 117
I
IMAP
secure 117
incomplete command 11
indentation 12
_index 13
index number 13
input constraints 10
_int 13
interface address
resetting 123, 133, 134
International characters 20
_ipv4 13
_ipv4/mask 13
_ipv4mask 13
_ipv4range 13
_ipv6 13
Page 147
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
_ipv6mask 13
K
key 9
L
language 20
web-based manager 81
line endings 21
local console access 6
log
FortiAnalyzer 45
rotate 48
Syslog 45
to the hard disk 47
login prompt 7
M
maximum transportation unit (MTU) 95
memory usage 143
N
_name 13
network time protocol (NTP) 104
next 17
no object in the end 11
null modem 7, 8
O
object 11
Online Certificate Status Protocol (OCSP) 87, 117
option 12
P
parity 7
password 7
_pattern 13
pattern 13
peer connection 7
permissions 17
PLAIN 51
plain text editor 20
POP3
secure 117
PTR record 93
purge, shell command 16
Q
query
report 70
R
regular expression 13
rename, shell command 16
report
on demand 70
periodically generated 70
query 70
subject matter 70
time span 71
reserved characters 19
restoring the firmware 6
RJ-45 6, 8
RJ-45-to-DB-9 7, 8
S
Secure Shell (SSH)
key 9
serial communications (COM) port 7, 8
set 17
setting administrative access for SSH or Telnet 7
shell command
delete 15
edit 15
end 15
get 16
purge 16
rename 16
show 16
show 17
show, shell command 16
SMTP
AUTH 51
SMTPS 117
special characters 19, 20
SSH 6, 7, 8, 9
key 9
_str 13
string 13
sub-command 11, 12, 14, 15
subject matter 70
syntax 10
Syslog 45
T
table 11
Telnet 6, 7, 8, 10
tips and tricks 18
transport layer security (TLS) 84
U
uniform resource identifier (URI) 13
uniform resource locator (URL) 13
unknown action 11
unset 17
up time 143
_url 13
US-ASCII 20
using the CLI 6
UTF-8 20
V
_v4mask 13
Fortinet Technologies Inc.
Page 148
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
_v6mask 13
value 12
value parse error 12, 13
Fortinet Technologies Inc.
W
web-based manager
language 81
wild cards 13
Page 149
FortiVoice 200D/200D-T v2.0 MR1 CLI Reference
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising