set
set cores isolate
set cores isolate <CORES>
Command to isolate cores from the OS scheduler, can only be used by VMs pinned to them.
set cores system
set cores system <CORES>
Command to define CPUs affinity of init process and user space
processes by defining the comma separated list of cores (not
cpus). It always automatically includes the core 0.
When system cores is defined, VMs and LXCs are automatically only using “free” cores.
Warning
need to reboot.
set cpus affinity
set cpus affinity <CPUS>
Danger
obsolete command, use set cores ... commands
Command to define CPUs affinity of “init” process, cpu 0 and its sibling must be part of the affinity.
Warning
you MUST reboot when you change the affinity.
set cpus isolate
set cpus isolate <CPUS> <RCU>
Danger
obsolete command, use set cores ... commands
Command to define CPUs to isolate from default scheduler list. You can’t isolate cpu 0 and its sibling.
Warning
when you isolate a CPU, you should also isolate its siblings.
Warning
you MUST reboot when you change the isolation list.
Ex: expert cpus isolate 1,4-9
set dhcp address
Configure mgmt interface address by DHCP.
set dhcp all
Configure mgmt interface address, dns and gateway by DHCP.
set dhcp dns
Configure DNS by DHCP.
set dhcp gateway
Configure gateway by DHCP.
set dhcp nodns
Do not use DHCP configured DNS.
set dhcp nogateway
Do not use DHCP default gateway.
set gui background
set gui background <COLOR>
Change the Web UI title bar background color to color (use
#RRGGBB format).
set gui filter
set gui filter <CRITERIA>+
Can filter repositories’ PoCs listed in simple mode. Criterias are:
repo=[REPO1,REPO2,...]: only display PoCs from REPO1, REPO2, ..,repo!=[REPO1,REPO2,...]: exclude PoCs from REPO1, REPO2, …name=[POC1,POC2]: only display PoCs named POC1, POC2, …name!=[POC1,POC2]: exclude PoCs name POC1, POC2, …name~[REGEXP1,REGEXP2]: only display PoCs matching REGEXP1 or REGEXP2 …name~REGEXP: only display PoCs matching REGEXPname!~REGEXP: exclude PoCs matching REGEXPall: show all PoCs
Example: set gui filter repo=[fortinet] name~^FortiCache
set gui foreground
set gui foreground <COLOR>
Change the Web UI title bar foreground color to color (use
#RRGGBB format).
set gui graph
set gui graph <CASE> <STATE>
Define if graph must be loaded (state is “yes”) on “dashboard” or “model” case or not (state is “no”)
set gui image file
set gui image file <IMAGE>
Change the Web UI title bar image, MUST be stored in local repository gui directory.
set gui image height
set gui image height <HEIGHT>
Change the Web UI title bar height and image height to height (CSS units).
set gui simple
set gui simple <STATE>
“enable” or “disable” the WebUI simple mode. In simple mode only PoCs created locally or repositories’ PoCs matching a filter
set gui sync firmware
set gui sync firmware <STATE>
Define if graph must be loaded (state is “yes”) on “dashboard” or “model” case or not (state is “no”)
set http disable
Disable HTTP listen port on FortiPoC.
set http enable
Enable HTTP listen port on FortiPoC.
set kernel kvm intel nec
set kernel kvm intel nec <STATE>
Enable/disable kvm-intel nested_early_check
set kernel mitigation all
set kernel mitigation all <STATE>
Disable (off) or enable (on) all mitigations.
set kernel mitigation itlb
set kernel mitigation itlb <STATE>
Disable (off) or enable (on) itlb mitigations.
set kernel mitigation l1tf
set kernel mitigation l1tf <STATE>
Disable (off) or enable (on) l1tf mitigations.
set kernel mitigation mds
set kernel mitigation mds <STATE>
Disable (off) or enable (on) mds mitigations.
set kernel mitigation meltdown
set kernel mitigation meltdown <STATE>
Disable (off) or enable (on) meltdown mitigations.
set kernel mitigation spectre
set kernel mitigation spectre <STATE>
Disable (off) or enable (on) spectre mitigations.
set kernel mitigation srbds
set kernel mitigation srbds <STATE>
Disable (off) or enable (on) srbds mitigations.
set kernel mitigation taa
set kernel mitigation taa <STATE>
Disable (off) or enable (on) taa mitigations.
set keyboard
Change keyboard and language.
set keyboard console
Change console keyboard.
set keymap vm
set keymap vm <MAP>
set license
set license <SERVER>
Warning
Obsolete command, use set license server <SERVER>
instead.
set license byol disable
Disable local BYOL license and use only license server.
If no license server is configured, BYOL is always used.
set license byol enable
Enable local BYOL license.
Use local BYOL license before asking license server.
set license server
set license server <SERVER>
Configure license server, local licenses are not used.
Example:
in labsetup:
set license server http://license.fortilab.net/rest/FortiPoC License server:
set license server https://FORTIPOC_SRV_IP/
set license uuid
set license uuid <LIC> <UUID>
Set UUID of a license.
Example: set server license uuid 1
e688f9a8-2293-51e6-010a-786406e87951
set lxc console access disable
Disable lxc console access by WebUI and CLI
Note
Shortcut to do:
set security console access network nolxcset security console access cli nolxc
set lxc console access enable
Enable lxc console access by WebUI and CLI
Note
Shortcut to do:
set security console access network anyset security console access cli any
set macext
set macext <VALUE>
Set external MAC address OUI to value for VM ports connected to external FortiPoC port’s network.
set memory hugepages
set memory hugepages <NBPAGES>
Command to define reserved HugePages to allocate to VM. At least 2GB of memory is reserved to the system.
See diagnose memory hugepages to get available hugepages
Warning
you MUST reboot when you change the hugepages.
set mss delta
set mss delta <DELTA>
set mss enable
set mss enable <VALUE>
Enable or disable MSS update (value is 0 (disable) or 1 (enable))
set mss max
set mss max <VALUE>
set mss min
set mss min <VALUE>
set mss threshold
set mss threshold <MSS>
set refresh
set refresh <CASE> <FREQ>
Set “case” refresh frequency in seconds.
0 as frequency disable the refresh and will require a page reload if enabled again.
case: domstate, hoststate, tasks
set security console access cli
set security console access cli <LEVEL>
Change serial console security access level by CLI.
Because the serial console can stay connected to an account even after the connection is closed, it can be usefull to limit access to it. This command let you choose different level of security restriction:
any: allow access to guest user (default)nolxc: allow access except on lxc to guest usernone: deny access to guest user
set security console access network
set security console access network <LEVEL>
Change serial console security access level through network.
Because the serial console can stay connected to an account even after the connection is closed, it can be usefull to limit access to it. This command let you choose different level of security restriction:
any: allow access (default)nolxc: allow access except on lxcnone: deny access using WebUI and port forwarding
Warning
As there is no validation of the cookies when
accessing the console using the WebUI, anybody knowing the
url can access the console. This is a problem if your
FortiPoC is exposed to the internet. In this case you
should use the none level or set trusted hosts list.
Warning
Must be set before launching a PoC.
set security forward
set security forward <MODE>
Set the port forwarding rules generation mode:
“auto” (default): add all default accesses forwarding rules and PoC extra forwarding rules
“extra”: add only PoC extra forwarding rules
“none”: do not add any forwarding rules
set security password
set security password <MODE>
Set the security password mode:
“legacy” (default): only change the password of a device when the device request it
“effort”: try to change it (only LXC, Debian and VYOS)
set ssh authorized keys
set ssh authorized keys <KEY>
Add key to authorized keys file, you can also use scp KEY
admin@{addr}:authorized_keys to install a key.
set static address
set static address <ADDRESS> <GATEWAY>
Configure mgmt interface static address (and default gateway)
Example:
set static address 10.0.0.1/24
set static address 10.0.0.1/24 10.0.0.254
set static gateway
set static gateway <GATEWAY>
Configure static default route gateway:
Example: set static gateway 10.0.0.254
set static nodns
Do not use static DNS server (may fall back to DHCP one).
set static nogateway
Do not use static default gateway (may fall back to DHCP one).