Scribd
Upload
317 views3 pages

CheatSheet FortiOS 6.2

The document provides debugging and troubleshooting commands for various Fortinet technologies including virtual WAN links, network interfaces, routing, firewall, SD-WAN, switching, VPN, logging, high availability, traffic processing, and more. It includes commands to check status, restart processes, clear caches, filter output, and monitor performance.

Uploaded by

unforgetable0708
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
317 views3 pages

CheatSheet FortiOS 6.2

The document provides debugging and troubleshooting commands for various Fortinet technologies including virtual WAN links, network interfaces, routing, firewall, SD-WAN, switching, VPN, logging, high availability, traffic processing, and more. It includes commands to check status, restart processes, clear caches, filter output, and monitor performance.

Uploaded by

unforgetable0708
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

TCP/443 diag sys virtual-wan-link

service <rule-id>

TCP/443, TCP/8890 diag sys virtual-wan-link


intf-sla-log <intf-name>
UDP/500, ESP
diag sys virtual-wan-link
UDP/500, UDP/4500 sla-log <sla> <link_id>
TCP/514 diag test application lnkmtd
TCP/1812 1 / 2 / 3
TCP/1813 diag debug application link-
monitor -1
UDP/5246, UDP/5247
TCP/8001
Network Troubleshooting
TCP/8013 get hardware nic [port]
ETH Layer 0x8890, 0x8891 and get system arp
0x8893 diag ip arp list
exec clear system arp table
Network exec ping x.x.x.x
Interface information exec ping-options [option]
diag ip address list exec traceroute x.x.x.x
exec traceroute-options
General diag firewall iplist list
[option]
exec telnet x.x.x.x [port]
Default Device Information
admin / no password diag traffictest server-intf
Security Fabric diag traffictest client-intf
192.168.1.99
diag sys csf upstream / diag traffictest port [port]
downstream diag traffictest run -c
9600/8-N-1 [public_iperf_server_ip]
hardware flow control diag sys csf neighbor list
disabled diag automation test
<stich_name>
Transparent Mode
General system commands diag netlink brctl
diag test appl csfd 1 …
get system status
diag debug appl csfd -1
exec tac report Routing
tree Switch Controller Routing troubleshooting
<command> ? / tab diag switch-controller get router info routing-table
switch-info mac-table all
<command> | grep [filter]
diag switch-controller get router info routing-table
switch-info port-stats details x.x.x.x
Fortinet Links
docs.fortinet.com diag switch-controller get router info routing-table
switch-info trunk database
diag switch-controller get router info kernel
kb.fortinet.com
switch-info mclag
diag firewall proute list
www.fortiguard.com
execute switch-controller diag ip rtcache list
support.fortinet.com get-conn-status
get router info protocols
forum.fortinet.com execute switch-controller
fndn.fortinet.net diagnose-connection
exec router restart
blog.boll.ch
SD-WAN diag sys link-monitor
status/interface/launch
FortiGate most used ports diag sys virtual-wan-link
member
UDP/53, UDP/8888
diag sys virtual-wan-link
TCP/389, UDP/389 health-check <name>

1
BGP VDOMs Packet sniffer
get router info bgp summary sudo global/ vdom-name diag sniffer packet [if]
diag / execute / show / get ‘[filter]’ [verbose] [count]
get router info bgp neighbors [ts]
diag ip router bgp all enable
diag ip router bgp level info FQDN Flow Trace
diagnose test application diag debug flow show iprop en
exec router clear bgp all dnsproxy 6 diag debug flow show fun en
diagnose firewall fqdn list diag debug flow trace start
OSPF [packet count]
get router info ospf status diag debug flow filter
Internet Service database (ISDB) [filter]
get router info ospf diag internet-service
interface info vdom proto port ip
get router info ospf neighbor Firewall session troubleshooting
diag internet-service info …
get router info ospf database diag sys session filter
brief / router lsa diag sys session list[expect]
diag internet-service match
get router info ospf database <vdom> <ip> <netmask> diag sys session clear
self-originate
diag sys session stat
diag ip router ospf all Traffic Shaper
enable diag firewall shaper traffic-
diag ip router ospf level diag firewall iprope clear
shaper list / stats 100004 [<id>]
info
diag firewall shaper per-ip-
exec router clear ospf shaper list / stats
process
UTM Services
Logging FortiGuard Distibution Network (FDN)
System diag log test update.fortiguard.net
Process information exec log list service.fortiguard.net
get system performance status support.fortinet.com
diag debug cli 8
diag sys top [sec] [number]
Firmware Update Signature update
diag sys top-summary [sec] diag debug rating
diag debug config-error-log
read
diag autoupdate versions
diag debug crashlog read
Factory reset diag debug appl update -1
High availability exec factoryreset exec update-now
execute ha manage [index] exec factoryreset2
[admin] IPS
get sys ha status diag ips anomaly list
diag ips packet status
diag sys ha dump-by vcluster Traffic Processing
diag sys ha reset-uptime diag test appl ipsmonitor 2
General debugging
diag sys ha checksum cluster diag test appl ipsmonitor 5
diag debug appl [appl-name]
[debug_level diag test appl ipsmonitor 99
diag sys ha checksum
show [vdom] diag test appl [appl-name] Emailfilter
[test_level]
diag sys ha checksum diag emailfilter fortishield
recalculate diag debug console timestamp servers
enable
diag debug appl hatalk -1 diag debug appl emailfilter
diag debug appl hasync -1 diag debug enable 255
diag debug disable
exec ha ignore-hardware-
revision diag debug reset
status / enable / disable

2
Webfilter
VPN Wireless, FortiExtender, Modem
diag webfilter fortiguard
statistics list IPSEC VPN Wireless Controller
diag debug appl ike 63 exec wireless-controller
diag test appl urlfilter 1 restart-acd
diag vpn ike log filter
exec wireless-controller
SIP diag vpn ike gateway list reset-wtp
diag system sip status diag vpn ike gateway flush diag wireless-controller
diagnose sys sip-proxy stats diag vpn tunnel list wlac -c ap-rogue
list
diag vpn tunnel flush
Access point (CLI commands on Access point)
get vpn ipsec tunnel details
Authentication get vpn ipsec state tunnel
cfg –a ADDR_MODE=DHCP|STATIC

Authentication diag vpn ipsec status


cfg –a
diag firewall auth filter
AP_IPADDR=”xxx.xxx.xxx.xx”
diag firewall auth list
Hardware cfg –a AP_NET-
MASK=”255.255.255.0”
diag test authserver
[auth-protocol] [server] Disk operation
cfg –a IPGW=”yyy.yyy.yyy.yyy”
[user] [password] diag hardware deviceinfo disk
cfg –a
diag debug appl auth -1 exec disk list AC_IPADDR_1=”zzz.zzz.zzz.zzz”
exec disk scan [ref_int]
cfg –c
diag debug appl fnbamd -1
exec disk format [ref_int]
cfg –s
cfg -x
Explicit proxy
exec formatlogdisk
diag wad user list/clear FortiExtender
diag wad filter get extender sys-info
[FXT SN]
diag wad session list
Hardware acceleration
get extender modem-status
diag test appl wad 104 set auto-asic-offload disable [FXT SN]
diag test appl wad 110
diag debug application
diag test appl wad 112 set npu-offload disable extender -1

diag test appl wad 2200 Hardware information


exec extender reset-
diag hardware sysinfo cpu fortiextender
FortiToken diag hardware sysinfo memory exec extender restart-
diag fortitoken info diag hardware sysinfo fortiextender-daemon
exec fortitoken activate conserve
[FortiTokenSN] Modem
diag hardware test suite all
diag deb appl forticldd 255 diag sys modem detect
exec fortitoken-mobile import get hardware nic [port] diag debug appl modemd 3
0000-0000-0000-0000
get system interface
physical / transceiver
FSSO
diag debug authd fsso filter
HQIP hardware check
diag debug authd fsso list
https://support.fortinet.com
diag debug authd fsso → Download → HQIP
server-status
diag debug fsso-polling …
diag debug appl fssod -1

You might also like