Useful FortiGate CLI troubleshooting commands

 The following commands can be useful when troubleshooting issues on a FortiGate firewall from the CLI:

1. execute tac report

This command runs the majority of the key troubleshooting commands. It doesnt take long to complete and its non-impactful to the functionality of the FortiGate firewall.
This command outputs a lot of text, so it is best to be recording your SSH session prior to running this command so that the output is easily viewable after.



2. get system status

This command displays the versions of the FortiGates firmware, and FortiGuard engines. It also displays other useful system information such as platform and license status.




3. get system performance status

This command displays CPU and memory states, average network usage, average sessions and session startup rate, virus's caught, IPS attacks blocked and uptime.
In Multi-VDOM mode this command needs to be run in global configuration mode (config global, instead of config vdom)



4. diagnose sys top

This command lists the processes running on the FortiGate and displays information about each process.
To exit this command once its run, press CTL + C



5. Diagnose hardware sys conserve

This command is useful to identify issues when the FortiGate is in conserve mode (when more than 80% of RAM is being used)


6. get hardware memory

this command displays the memory stats


 

7. diagnose hardware deviceinfo disk

this command displays info on all the disks



8. diagnose debug crashlog read

this command checks if any daemon has been crashing frequently

 


Comments

Post a Comment

Popular posts from this blog

NSE8 Lab Study Resources - Narbik CCIE R&S v5.1 Foundations

Image
 Hey All, I have been working on putting together some scenarios for lab practice and I've found myself falling back on some of the study materials I used when preparing for the CCIE EI (yet to obtain, on the list after the NSE8). A legendary trainer in this area is Narbik Kocharians CCIE 12410 who is the president of Micronics Networking and Training - his CCIE prep courses and text books are considered almost required reading for any serious candidate for this certification. His text books work through hands on labs that are focused on specific topics to help cement the theory of the different topics in the exam.  His textbook CCIE Routing and Switching 5.1 Foundations: Bridging the Gap between CCNP and CCIE is well aimed at the skill level required of the NSE8 and fortunately there is actually quite a bit of overlap in its 1100 pages. The chapters within the textbook are: 1. Physical Topology 2. Physical and Logical Topologies 3. Spanning Tree Protocol 4. Point-to-Point Protocol
Read more

Journey to the NSE8 - Change in tactic

 I've previously been studying the Secure Wireless LAN content in order to pass the final exam required for my NSE6 (on the way to the NSE8). Going over the material again at the moment I'm noticing that my study sessions are becoming a bit of a blur and I'm not absorbing the content as well as I should be, and I can see this track of study becoming like quicksand if I don't give myself a break from it. The NSE6 fortunately covers a lot of technologies, including FortiAuthenticator and FortiADC which are both heavily featured on the NSE8 blueprint. So from here Im going to review the training for the FortiADC and have a crack at that exam to finish off my NSE6
Read more

Specifying a domain name suffix for DHCP clients on a FortiGate (FortiOS)

Image
Domain Name Suffix You can specify a domain name suffix in a DHCP address pool on the FortiGate DHCP server . With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution. For example a client can type in https://fortimanager in their web browser to access your fortimanager instance, instead of the FQDN of https://fortimanager.domain.local In FortiOS (current as of December 2022) this is configured via the CLI.   Configuration config system dhcp server     edit <#>          set domain <domain suffix>   In a full context this would be config system dhcp server     edit 1          set domain "lab.example.com"          set default-gateway 192.168.1.1          set netmask 255.255.255.0          set interface "port1"          config ip-range               edit 1                    set start-ip 192.168.1.100                    set end-ip 192.168.1.200               next         
Read more