Fortigate Troubleshooting Cheatsheet

For all you Fortinuts out there I’m hoping this cheat sheet will help you as much as it’s helped me 🙂

CPU Utilisation

diag sys top

Fortigate Top Processes

Diagnose Sessions

diag sys session…
diag sys session filter <see below screenshot for options>

 

E.g.
diag sys session filter dport 443 –> displays sessions that have a destination port of 443

diag sys session list –> displays sessions that match the filter

diag sys session clear –> clears sessions that match the filter

 

Fortigate Session Filter

Network troubleshooting commands

execute ping <ip or hostname>

execute traceroute <ip or hostname>

execute telnet <ip or hostname> <port>

 

Network troubleshooting

Running a packet trace

diag sniffer packet <interface> <filter> <verbose level logging>

 

Where

  • Interface:  Network interface to sniff
  • Filter: Flexible logical filters for sniffer (or “none”).
    For example: To print UDP 1812 traffic between forti1 and either forti2 or forti3
    ‘udp and port 1812 and host forti1 and \( forti2 or forti3 \)’
  • Verbose logging:
    1: print header of packets
    2: print header and data from ip of packets
    3: print header and data from ethernet of packets (if available)
    4: print header of packets with interface name
    5: print header and data from ip of packets with interface name
    6: print header and data from ethernet of packets (if available) with intf name

E.g.

diag sniffer packet any ‘port 5060’ 6

Run a packet trace

Running debug for traffic flow

1) Clear debug results and output to console

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug flow show console enable
diag debug flow show function-name enable

 

2) Set a filter and start the debug trace

diag debug flow filter <filter>
diag debug flow trace start <number>

 

E.g.

diag debug flow filter port 5060

diag debug flow trace start 1000

 

3) Force stop the trace and reset the results

diag debug flow trace stop
diag debug reset

Debug flow

Get the system status

Get the system status including Fortigate version, hostname, operation mode, HA status, system time.

get sys status

Get the system performance status

Get the system performance status including CPU, Memory, network utilisation, uptime.

get sys performance status

Enjoy! 🙂

Configure IE 10/11 startup settings (registry)

I had an issue configuring the way Internet Explorer started up at a client site. They use an intranet home page and every time someone closed their current browsing session and reopened internet explorer, the software would hang momentarily then reopen the tabs they recently closed down. The option in IE is under Tools > Internet Options > General as below

IE Startup Options

Easy enough right, definitely. Now for a single user this isn’t such a big deal but as a sys admin running Windows 7, Server 2008 R2 infrastructure environment for several hundred users group policy would be the answer, right? I had a hard time looking around for the adm or admx files and tried leveraging the Internet Explorer Administration Kit to no avail. I didn’t have a Windows Server 2012 server onsite. So what’s the easy answer? Registry 🙂

They details of the entry are as follows

Key Name: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ContinuousBrowsing
DWORD Name: Enabled
Value: 0 – Start with home page, 1 – Start with tabs from the last session

IE Startup Registry

So amend this via GPO (add a user policy registry entry or logon script) and voila!