Changelog

Get current version

Current version of your flhcli tool can be found in the output of flhcli version command. Following example shows it is running version 1.14.

$ flhcli version

FortiLightHouse CLI version 1.14 (d01185be337fe82b5ae7645334bd86f0f1ecbd3f)

Copyright (c) 2020, 2021, 2022, Ondrej Holecek <ondrej@holecek.eu>. Some rights reserved.

This software is "freeware". You can copy and redistribute it in the binary form
under the terms of Creative Commons "CC BY-NC-ND 4.0" license. For details please
read the actual license at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.

Version 1.25 (13 August 2025)

  • Fixed interface counters for NP7 devices
  • Fixed interface counters for NP6LITE and NP6XLITE interfaces
  • Added new interface driver for i40e (management interfaces)

Version 1.24 (10 June 2025)

  • Fixed problems with running on recent interim builds

Version 1.23 (21 Oct 2024)

  • Fixed crash that happened when FortiGate stopped responding or it was taking it too long.

Version 1.22 (16 May 2024)

  • Dynamic variables introduced to XML scripts (at this point only #date is supported).

Version 1.21 (24 Apr 2024)

  • Improvements when running on chassis FIM.
  • Fix the problem unknown key algorithm: rsa-sha2-512 happening with latest FortiGate versions.

Version 1.20 (4 Dec 2023)

  • Fixed hang issue on Windows.
  • Enlarged process name column in cputop command to not break alignment with long process names.
  • Implemented new dynamic array for XML scripts - np7ids - to retrieve NP7 IDs usable in NP7 diagnose commands.

Version 1.19 (21 Nov 2023)

  • Bugfix: Auto-discovery of management VDOM was not working well.

Version 1.18 (19 Jan 2023)

  • Bugfix: ipsectop now correctly handles dialup tunnels with thousands of connected clients.
  • Bugfix: ipsectop now correctly counts statistics even during rekeys.
  • Bugfix: ipsectop now correctly parses IP/netmask format in phase2 selectors.
  • System VDOMs dmgmt-vdom and vsys_hamgmt are now also recognized as non-user VDOMs and not shown by default

Version 1.17 (11 Nov 2022)

  • Bugfix: Command ipsectop fixed to work also with 7.0.8/7.2.3 and newer (now all p2 selectors are shown as ranges).
  • Bugfix: Command polictytop fixed to work also with 7.0.0 and newer.

Version 1.16 (23 Sep 2022)

  • Bugfix: Command np6lanes showed zero rate when NP6 counters were too big.

Version 1.15 (19 Sep 2022)

  • New command lograte to monitor logging (miglog) counters. With option to restart miglogd if some thresholds are crossed (both ways).

Version 1.14 (15 Aug 2022)

  • Implemented new IPSec related commands:
  • ipseccpu to see on which CPU(s) (software) IPSec in decrypting/encrypting packets.
  • ipsectop which displays traffic statistics about (phase2) tunnels and/or summarized statistics about phase1s. Advanced views are available to see more details, including percentage of traffic inside p1 or overall. Detailed filtering and sorting is available via additional command line parameters.

Version 1.13 (8 Aug 2022)

  • Command "policytop" now waits (up to) 3 minutes to download list of firewall policies (previously it was only 1 minute) and this timeout is now also adjustable with "--policy-list-timeout" parameter.

Version 1.12 (21 Jul 2022)

  • Fix log rotation problem on Windows

Version 1.11 (20 Jan 2022)

  • XML scripts new dynamic array "pids" that retrieves PIDs of running processes of given name. See example of use case.

Version 1.10 (4 Aug 2021)

  • New command "crashlog" to follow FortiGate's crashlog and possibly search it using regular expression and/or run extenal command when match is found.

Version 1.9

  • When command outputs are saved to file with --redirect or --copy parameters, it is now possible to rotate the file by its size with --rotate-size parameter or by the time it is used with --rotate-age parameter. See new parameters description.
  • Some commands on FortiGate do not print any output unless virtual terminal ("pty") is allocated (like diagnose test application ipsmonitor ...). FlhCli allocates it when necessary, but it doesn't know it should do that when explicit commands are executed with cmd direct or cmd xml. In that case new global parameter --force-pty must be used.

bugfixes

  • Command cmd xml didn't handle timeouts very well (skipped the rest of the section, timeout value wasn't very precise) and it didn't give any information that the command timeouted.
  • Command cputop coudn't handle processes with space in their name.

Version 1.8

  • New standard command "hwinfo" to collect CPU layout and NP6/nTurbo CPU bindings and save that information as XML file.
  • New auxiliary command "aux hwinfo" to generate HTML from XML generated by standard "hwinfo" command.

Version 1.7

  • Command "np6lanes" has new parameter "--show-total" to summarize all counters from all NP6s/XAUIs.

Version 1.6

  • Batch mode for "traffic" command that shows the same output but without any headers or column separators.

Version 1.5

  • New command "traffic" to show output from "diagnose sys traffic statistics show" - either by packets or throughput.