Fortigate Troubleshooting Cheatsheet

For all you Fortinuts out there I’m hoping this cheat sheet will help you as much as it’s helped me 🙂

CPU Utilisation

diag sys top

Fortigate Top Processes

Diagnose Sessions

diag sys session…
diag sys session filter <see below screenshot for options>

 

E.g.
diag sys session filter dport 443 –> displays sessions that have a destination port of 443

diag sys session list –> displays sessions that match the filter

diag sys session clear –> clears sessions that match the filter

 

Fortigate Session Filter

Network troubleshooting commands

execute ping <ip or hostname>

execute traceroute <ip or hostname>

execute telnet <ip or hostname> <port>

 

Network troubleshooting

Running a packet trace

diag sniffer packet <interface> <filter> <verbose level logging>

 

Where

  • Interface:  Network interface to sniff
  • Filter: Flexible logical filters for sniffer (or “none”).
    For example: To print UDP 1812 traffic between forti1 and either forti2 or forti3
    ‘udp and port 1812 and host forti1 and \( forti2 or forti3 \)’
  • Verbose logging:
    1: print header of packets
    2: print header and data from ip of packets
    3: print header and data from ethernet of packets (if available)
    4: print header of packets with interface name
    5: print header and data from ip of packets with interface name
    6: print header and data from ethernet of packets (if available) with intf name

E.g.

diag sniffer packet any ‘port 5060’ 6

Run a packet trace

Running debug for traffic flow

1) Clear debug results and output to console

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug flow show console enable
diag debug flow show function-name enable

 

2) Set a filter and start the debug trace

diag debug flow filter <filter>
diag debug flow trace start <number>

 

E.g.

diag debug flow filter port 5060

diag debug flow trace start 1000

 

3) Force stop the trace and reset the results

diag debug flow trace stop
diag debug reset

Debug flow

Get the system status

Get the system status including Fortigate version, hostname, operation mode, HA status, system time.

get sys status

Get the system performance status

Get the system performance status including CPU, Memory, network utilisation, uptime.

get sys performance status

Enjoy! 🙂

Share on Facebook0Share on LinkedIn0Tweet about this on TwitterShare on Google+0Email this to someone
Posted in Fortigate, Fortinet, IT, Networking, Troubleshooting and tagged , , , , , , , , , , , , , , , .

2 Comments

  1. hi

    if i enter
    diag sys session filter dst x.x.x.x
    returns nothing although there’s connection to that IP. i.e i can ping that IP through the firewall.

    how should i show this connection?

    • Hi King,

      If it’s in Windows, can you open up resource monitor > network > network activity > sort by IP. Can you see the destination IP address there? Are you certain the Fortigate is the default gateway? And have you got any other filters in place?

      Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *