Fortigate Troubleshooting Cheatsheet

For all you Fortinuts out there I’m hoping this cheat sheet will help you as much as it’s helped me 🙂

CPU Utilisation

diag sys top

Fortigate Top Processes

Diagnose Sessions

diag sys session…
diag sys session filter <see below screenshot for options>

 

E.g.
diag sys session filter dport 443 –> displays sessions that have a destination port of 443

diag sys session list –> displays sessions that match the filter

diag sys session clear –> clears sessions that match the filter

 

Fortigate Session Filter

Network troubleshooting commands

execute ping <ip or hostname>

execute traceroute <ip or hostname>

execute telnet <ip or hostname> <port>

 

Network troubleshooting

Running a packet trace

diag sniffer packet <interface> <filter> <verbose level logging>

 

Where

  • Interface:  Network interface to sniff
  • Filter: Flexible logical filters for sniffer (or “none”).
    For example: To print UDP 1812 traffic between forti1 and either forti2 or forti3
    ‘udp and port 1812 and host forti1 and \( forti2 or forti3 \)’
  • Verbose logging:
    1: print header of packets
    2: print header and data from ip of packets
    3: print header and data from ethernet of packets (if available)
    4: print header of packets with interface name
    5: print header and data from ip of packets with interface name
    6: print header and data from ethernet of packets (if available) with intf name

E.g.

diag sniffer packet any ‘port 5060’ 6

Run a packet trace

Running debug for traffic flow

1) Clear debug results and output to console

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug flow show console enable
diag debug flow show function-name enable

 

2) Set a filter and start the debug trace

diag debug flow filter <filter>
diag debug flow trace start <number>

 

E.g.

diag debug flow filter port 5060

diag debug flow trace start 1000

 

3) Force stop the trace and reset the results

diag debug flow trace stop
diag debug reset

Debug flow

Get the system status

Get the system status including Fortigate version, hostname, operation mode, HA status, system time.

get sys status

Get the system performance status

Get the system performance status including CPU, Memory, network utilisation, uptime.

get sys performance status

Enjoy! 🙂

Fortigate: Configure Interface Mode

Some of the SMB Fortigate units will have default settings that are good for the everyday user. But what if there’s more to life then an in built switch? What if we want to configure, respect and treat all interfaces as their own?

For anyone that has a Fortigate unit and does not want to use the internal switch (factory default), here are quick steps to configure interface mode i.e. all ports are treated as individual interfaces and will need to be configured appropriately:

1. Delete DHCP server entries

FG123456# conf sys dhcp server
FG123456# delete 1
FG123456# end

2. Delete default firewall policy

FG123456# conf firewall policy
FG123456# delete 1
FG123456# end

3. Enable interface mode

FG123456# conf system global
FG123456# set internal-switch-mode interface
FG123456# end

Done and dusted. Now get that config up and ready!