1. 可以通过SSH, Telnet, 或者serial console

2. CLI的配置是分级的结构，如下所示：

config system interfaceedit "internal"set vdom "root"set ip 192.168.100.99 255.255.255.0set allowaccess ping https ssh snmp http telnetset type physicalnextend

3. 命令行层次结构具体有下面这些关键字：

1. config

2. edit

3. next

4. end

5. exit

6. abort

4. 使用 “?” 可以查询可用当前级别可以的指令

5. 使用 <tab> 可以将当前命令补齐

6. 设置wan2的IP:的例子：

FortiGate-60 # config system interface

(interface)# edit wan2(wan2)# set ip 192.177.11.12 255.255.255.248(wan2)# endFortiGate-60 #

7. 可以用“get”命令显示参数和当前值：

(internal)# getname : internalvdom : rootcli-conn-status : 0mode : staticdhcp-relay-service :dhcp-relay-ip :dhcp-relay-type :ip : 192.168.96.254 255.255.255.0allowaccess : ping HTTPS HTTP telnet

8. 可以用“show”命令显示当前配置：

FGT50B3 # config system interfaceFGT50B3 (interface) # edit internalFGT50B3 (internal) # showconfig system interfaceedit "internal"set vdom "root"set ip 192.168.100.99 255.255.255.0set allowaccess ping https ssh snmp http telnetset type physicalnextend

9. 可以用“show full-configuration”命令显示当前完全配置：

FGT50B3 # config system interfaceFGT50B3 (interface) # edit internalFGT50B3 (internal) # show full-configurationconfig system interfaceedit "internal"set vdom "root"set mode staticset dhcp-relay-service disableunset dhcp-relay-ipset dhcp-relay-type regularset ip 192.168.100.99 255.255.255.0set allowaccess ping https ssh snmp http telnetset gwdetect disableunset detectserverset ha-priority 0set pptp-client disableset arpforward enableset broadcast-forward disableset bfd globalset l2forward disableset icmp-redirect enableset vlanforward enableset stpforward disableset ident-accept disableset ipmac disableset subst disableset log disableset fdp disableset ddns disableset status upset netbios-forward disableset wins-ip 0.0.0.0set type physicalset tcp-mss 0set inbandwidth 0set outbandwidth 0set description ''set alias ''set l2tp-client disableconfig ipv6set autoconf disableset ip6-address ::/0unset ip6-allowaccessset ip6-default-life 1800set ip6-hop-limit 0set ip6-link-mtu 0set ip6-manage-flag disableset ip6-max-interval 600set ip6-min-interval 198set ip6-other-flag disableset ip6-reachable-time 0set ip6-retrans-time 0set ip6-send-adv disableendset idle-timeout 0unset macaddrset mtu-override disablenextend

10. 执行某些命令，例如:

execute factoryresetexecute pingexecute backupexecute tracerouteexecute reboot