Useful FortiGate CLI troubleshooting commands
The following commands can be useful when troubleshooting issues on a FortiGate firewall from the CLI:
1. execute tac report
This command runs the majority of the key troubleshooting commands. It doesnt take long to complete and its non-impactful to the functionality of the FortiGate firewall.
This command outputs a lot of text, so it is best to be recording your SSH session prior to running this command so that the output is easily viewable after.
2. get system status
This command displays the versions of the FortiGates firmware, and FortiGuard engines. It also displays other useful system information such as platform and license status.
3. get system performance status
This command displays CPU and memory states, average network usage, average sessions and session startup rate, virus's caught, IPS attacks blocked and uptime.
In Multi-VDOM mode this command needs to be run in global configuration mode (config global, instead of config vdom)
4. diagnose sys top
This command lists the processes running on the FortiGate and displays information about each process.
To exit this command once its run, press CTL + C
5. Diagnose hardware sys conserve
This command is useful to identify issues when the FortiGate is in conserve mode (when more than 80% of RAM is being used)
6. get hardware memory
this command displays the memory stats
7. diagnose hardware deviceinfo disk
this command displays info on all the disks
8. diagnose debug crashlog read
this command checks if any daemon has been crashing frequently
Comments
Post a Comment