Scribd
Upload
90 views

FortiGate Troubleshooting

This document lists general commands for viewing system information and troubleshooting a FortiGate firewall such as viewing interfaces, policies, routes, sessions and troubleshooting VPN and HA configurations with 3 sentences or less.

Uploaded by

aripang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
90 views

FortiGate Troubleshooting

This document lists general commands for viewing system information and troubleshooting a FortiGate firewall such as viewing interfaces, policies, routes, sessions and troubleshooting VPN and HA configurations with 3 sentences or less.

Uploaded by

aripang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

General Commands

1) To view version & serial no of firewall


#get system status

2) To see Mode of operation


#get system settings

3) To see fortiguard updates


#get system autoupdate schedule

4) To see current login users


#get system info admin status

5) To view Configuration files


Ans: show full-configuration

4) To view date & time


#get system status

5) To view Logs
# Execute log display

6) To view Interfaces
# get system interface physical

7) To See Route table


# get router info routing-table all

8) To view Forwarding Table


#get router info kernel

9) To view NAT Table


#get sys session list

10)To view NAT table of a source ip


# diag sys session filter src <ip>
# diag sys session list
To clear nat entries
# diag sys session clear

11)To see ARP table


#get system arp
12) To see detail ARP table
# diagnose ip arp list
13)To view firewall Policies
#show firewall policy

14)To sniff packets @ interface


# diag sniffer packet <interface name>
to see only @ verbose level 4
# diag sniffer packet interface <int.Name> none 4 3

15)Filtering sniffing packet

To see what's going on between two PCs

# diag sniffer packet interface <int name> ‘src host 10.0.0.100 and dst
host 4.2.2.2’ 1

In this example we're sniffing for ICMP only, to and from 10.0.0.100

# diag sniffer packet internal 'host 10.0.0.100 and icmp' 1

To capture Only TCP traffic between a source and destination

# diag sniffer packet internal 'host 10.0.0.100 and 4.2.2.2 and tcp port 80'
1

16) Packet flow trace

diagnose debug reset


diagnose debug flow filter ?
diagnose debug flow filter saddr 172.16.27.148
diagnose debug flow filter daddr 8.8.8.8
diagnose debug flow show console enable
diagnose debug enable
diagnose debug flow trace start 10 #display the next 10 packets, after
that, disable the flow:
diagnose debug disable

17)To see VPN configuration


# get vpn ike gateway <name>
# get vpn ipsec tunnel name <name>
# get vpn ipsec tunnel details
# diagnose vpn tunnel list
# diagnose vpn ipsec status #shows all crypto devices with counters
that are used by the VPN
get router info routing-table all
18)VPN Debugging
diagnose debug reset

diagnose vpn ike log-filter clear

diagnose vpn ike log-filter ?

diagnose vpn ike log-filter dst-addr4 1.2.3.4

diagnose debug app ike 255 #shows phase 1 and phase 2 output

diagnose debug enable #after enough output, disable the debug:

diagnose debug disable

19)To see HA Status


#show system ha

20)Ha Troubleshooting
diagnose sys ha status

execute ha manage ? #switch to the CLI of a secondary unit

execute ha manage <device-index>

diagnose sys ha showcsum #verify the checksum of all synchronized peers

21) To do factory reset


#execute factory reset
22)To see running processes
# get system top/diagnose sys top
23)To kill specific process
# diagnose sys kill -9 <pid>

24)To see Authentication order


#diag firewall iprop list
# diag firewall iprop clear

25)To Take Backup to FTP


#execute backup image tftp image.out 192.168.1.168

26) To restore backup from tftp


execute restore image tftp image.out 192.168.1.168

27)Password Recovery

28)To see dhcp lease list


# get system dhcp lease-list

29)To See CPU & Network USAGE


# get system performance status
30)To see crashlogs
#diagnose debug crashlog read

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy