Get external public IP from command line in Fortinet

Is there any way to know the public IP address of a Fortinet? There are many services such as icanhazip.com that tell you the current IP. In Linux, I would just run:

curl http://icanhazip.com

How could that be done with Fortinet (I am using a fortigat 200B in case it's noteworthy)

Some cases come to my mind:

  • I want to know the default GW I am using in a fast way
  • My DSL router is NATing, so I don't know directly the public IP address
  • Or IPs assigned as DCHP/PPPoE (as stated by @mbrownnyc)

Since it doesn't seem possible to use any form of curl/wget from the command line, another option would be to use nslookup (still not sure if it's a valid FortiGate command or only for some forti* products). See here for what I mean getting external IP


There is a trick how to do it. It requires access to an SSH server available from the internet, preferably a linux machine. Simply log in to the server via SSH from the FortiOS CLI:

execute ssh user@sshserverip.

After logging in, drop off by typing exit and then log in again. You should then see a line saying:

Last login: date & time from: X.X.X.X.

X.X.X.X is your public address, when you logged in first time as described above.

The line "Last login:" is displayed by default unless it is deleted from SSH daemon config.

In case the server displays a DNS entry instead of the IP address, simply resolve it by typing nslookup dnsentry


I got here because I was wondering the same thing. Sure, you can just plug a PC into the internal port with a crossover cable, but I thought there had to be another way to get it.

So the solution was to have a computer on the external side of the fortigate with wireshark installed. Then in the fortigate command line, you

execute ping "computer IP address"

while the computer is running wireshark with the "icmp" display filter.

Now you should get the ping requests from the fortigate with its external IP adress.


Try "diagnose system waninfo ipify", it will show you the public facing IP address, GeoIP information and if you're on FortiGuard's blacklist. It also takes a source IP address as optional argument, if you have multiple internet lines. (tested on FortiOS 6.2)