Sudo Command in FortiOS

Any Fortinet administrator that uses Fortigates with VDOMs will tell you that sometime, you need to jump back and forth from the VDOMs to run and capture certain commands. You can use sudo as you would in xNix world to run commands as another user, but in the FortiOS, you can use it to run commands in another VDOMs instead of user.  Let’s see how this works.

What you are going to need:

• Fortigate running at least 5.4
• Fortigate running VDOMs

In my lab, I am running a 7K chassis but you can do this on any Fortigate with VDOMs enabled.

In the screenshot above, we can see that I have the following VDOMs created:

• DataCenter
• Guest
• Inspect
• LAN1
• LAN2
• mgmt-vdom
• root

In my example, I will show the routing table of the DataCenter VDOM and without leaving the DataCenter VDOM, check the routing table of the LAN1 VDOM.

As you can see, I am currently in the DataCenter VDOM.

Above, I have run the get router info routing-table all from the DataCenter VDOM.  We can see I have 5 connecting networks.  Now I will use the sudo command to see the routing table of the LAN1 VDOM.

Again, by looking at the screenshot above, you can see I am STILL in the DataCenter VDOM and I am issuing the following command:

sudo LAN1 get router info routing-table all

And the returned information is the routing table of the LAN1 VDOM.  I did not have to leave the DataCenter VDOM to run it.  We can clearly see it is a different routing table.

Without the sudo command, I would have had to:

1. Exit the DataCenter VDOM and go into the VDOM configuration mode with the config vdom
2. Next, I would need to edit the LAN1 VDOM by entering the edit LAN1.
3. Then type the get router info routing-table all command.

Then of course, rinse and repeat for every-time I need to jump back and forth.

 

Hope this helps