FortiGate
Cheat Sheet - General
System
General System Commands
get system status
exec tac report
tree
<command> ? / tab
<command> | grep [filter]
diag debug cli 8
Process Information
get system performance status
diag sys top [sec] [number]
diag debug crashlog history
diag debug crashlog read
Traffic Processing
General Debugging
diag debug appl [appl] [level]
diag test appl [appl] [test_level]
diag debug console timestamp
enable
diag debug [enable/disable]
diag debug reset
Firewall Session Troubleshooting
diag sys session filter
diag sys session list (expect)
diag sys session clear
diag sys session stat
diag firewall iprope clear 100004
[<id>]
Packet Sniffer
diag sniffer packet [any/<if>]
‘[filter]’ [verbose] [count]
[timestamp]
GUI: Network > Diagnostics >
Packet Capture
Flow Trace
diag debug flow filter [filter]
diag debug flow show iprop en
diag debug flow show fun en
diag debug flow trace start
[count]
GUI: Network > Diangostics >
Debug Flow
Version 1.0
General system information
Generates report for support
Lists all commands
Use ? or tab in CLI for help
Grep command to filter outputs
Shows webGUI changes in CLI
General performance infos
Process list
Sort with P (CPU) / M (Memory)
Crash statistics
Crash log
Realtime debugger for different
applications
Monitor proxy operations
Enables timestamp in console
Enable/disable output for “diag
debug” or “diag ip” commands
Reset debug levels
Filter for session list
Lists all (or expected) sessions
Clear all / filtered sessions
Session and memory statistics,
drops, clashes
Resets counter for all or specific
firewall policy id
Packet sniffer. Use filters!
Verbose levels 1-6 for different
output
Packet Capture is newly
available in webUI.
Use filters to narrow down trace
results
Debug command for traffic flow
Flow trace is newly available in
webUI.
Network
Interface Information
diag ip address list
diag firewall iplist list
diag firewall ippool list
diag netlink interface list
Network Troubleshooting
get hardware nic [port]
diag ip arp list / get system arp
exec clear system arp table
exec ping x.x.x.x
exec ping-options [option]
exec traceroute x.x.x.x
exec traceroute-options [option]
exec telnet x.x.x.x [port]
Integrated Iperf Utility
diag traffictest server-intf
diag traffictest client-intf
diag traffictest port [port]
diag traffictest run -c
[public_iperf_server_ip]
General Routing Troubleshooting
get router info routing-table all
get router info routing-table
details x.x.x.x
get router info routing-table
database
get router info kernel
diag firewall proute list
diag ip rtcache list
get router info protocols
exec router restart
diag sys link-monitor
status/interface/launch
High Availability
HA General
exec ha manage [index] [admin]
get sys ha status
diag sys ha history read
diag sys ha dump-by vcluster
diag sys ha reset-uptime
diag debug appl hatalk -1
diag debug appl hasync -1
exec ha ignore-hardware-revision
status / enable / disable
exec ha failover status
exec ha failover set <cluster_id>
Cluster Synchronisation
diag sys ha checksum cluster
diag sys ha checksum
show [vdom]
diag sys ha checksum
recalculate
for FortiOS 7.2
List of IPs on FGT interfaces
List of IPs on VIP
List of IP on pools
List IF with MTU & device id
Interface Information
ARP table
Clears ARP table
Ping utility
Traceroute utility
Telnet utility
Iperf test directly run from
FortiGate
Routing table
Shows Routing decision for
specified Destination-IP
Routing table with inactive
routes
Forwarding information base
List of policy-based routes
List of route cache
Overview of dynamic routing
protocol configuration
Restart of routing process
Shows link monitor status / per
interface / for WAN LLB
Jump to cluster member
Information about HA status
Details about past HA events
Show cluster member uptime
Reset cluster member uptime
Debugging of HA-Talk/-Sync
protocol
Set ignore status for different
HW revisions
View failover status
Device stays in failover state
regardless of condition. Triggers
a HA failover on master device.
Show config checksums of all
cluster member
Detailed config checksum for a
VDOM
Recalculation of config
checksums
Page 1

Cheat Sheet - Firewalling
UTM Services
FortiGuard Distibution Network (FDN)
update.fortiguard.net
service.fortiguard.net
securewf.fortiguard.net
diag fdsm image-list / image-
update-matrix
Signature Update
diag autoupdate status
diag autoupdate versions
diag test update info
diag debug appl update -1
exec update-now
Antivirus
diag antivirus database-info
diagnose antivirus test …
IPS
diag ips anomaly list
diag ips packet status
diag test appl ipsmonitor 2
diag test appl ipsmonitor 5
diag test appl ipsmonitor 99
Web- & Email-Filter
diag debug rating
diag webfilter fortiguard
statistics list
diag webfilter fortiguard cache
dump
diag test appl urlfilter 1
diag debug urlfilter src-addr
x.x.x.x
diag debug appl urlfiter -1
diag emailfilter fortishield servers
diag emailfilter fortishield stat list
DNS-Filter
diag test appl dnsproxy 3
Firewall Policy
Device Detection
exec update-src-vis
diag user device list / clear
Internet Service Database (ISDB)
diag internet-service-name list
<internet-service-id>
diag internet-service info
<vdom><proto><port><ip><prio>
diag internet-service match
<vdom> <ip> <netmask>
FQDN
diag test application dnsproxy 6
diagnose firewall fqdn list-all
Version 1.0
URLs to access the FortiGuard
Distribution Network (FDN)
Download firmware image list
and update-matrix
Summary of Fortiguard settings
Detailed versions of packages
Update & license information
Realtime debugging for
updating process with manual
update
Antivirus database information
Different tests for AV engine
Lists statistics of DoS-Policies
IPS packet statistics
Enable / disable IPS engine
Toggle bypass status
Restart all IPS processes
Webfilter/AS Server information
Statistics of FortiGuard requests
List content of webfilter cache
Lists webfilter test commands
Filter and Realtime Debugging
for Webfiltering
Displays FortiShield server list
Statistics of FortiShield requests
Shows server used for DNS-
Filtering
Update device detection DB
Show / clear detected devices
Lists summary/details for
specific Internet Service
Reverse ISDB lookup for
specific IP, protocol or port
Reverse ISDB lookup for
specific IP
Dump FQDN cache
List all FQDN
Logging
diag log test
exec log list
diag test app miglogd 6
Traffic Shaper
diag firewall shaper traffic-shaper
list / stats
diag firewall shaper per-ip-shaper
list / stats
SIP
diag sys sip status
diag sys sip-proxy stats list
diag sys sip-proxy calls list/clear
diag debug appl sip -1
Authentication
Authentication
diag firewall auth filter …
diag firewall auth list
diag test authserver
[auth-protocol] [server] [user]
[password]
diag debug appl authd -1
diag debug appl fnbamd -1
FortiToken
diag fortitoken info
exec fortitoken activate [Forti-
TokenSN]
diag deb appl forticldd 255
diag fortitoken debug enable
exec fortitoken-mobile import
0000-0000-0000-0000-0000
FSSO
diag debug authd fsso filter
diag debug authd fsso list
diag debug authd fsso
server-status
diag debug fsso-polling …
diag debug appl fssod -1
Explicit Proxy
diag wad user list/clear
diag wad filter …
diag wad session list
diag test appl wad 104
diag test appl wad 110
diag test appl wad 112
diag test appl wad 2200
FortiGate
for FortiOS 7.2
Generates dummy log
messages
List log file information
Show log queue and fails
Traffic shaper list / statistics
Per IP traffic shaper list /
statistics
SIP session helper status
SIP ALG session status
List/Clear active SIP calls
Realtime Debugger for SIP
Filter for authentication list
List of authenticated user
Authentication test
Debugging of local
authentication protocol
Debugging of remote
authentication protocol
Current FortiToken status
Manual FortiToken activation
FortiToken activation debugging
FortiToken debugging
Recover Trial FortiToken (delete
existing Trial Token before)
Filter for FSSO user list
List of FSSO authenticated user
List of FSSO collector agents
Info for clientless polling FSSO
Debugging of clientless polling
FSSO
List / clear of explicit proxy user
Filtering / listing of web proxy
sessions
DNS statistics for explicit proxy
Current proxy user
Enables output of subsequent
commands
Maximum number of users
Page 2

Cheat Sheet - Networking
VPN
IPsec VPN
diag debug appl ike 63
diag vpn ike log filter
diag vpn ike gateway list
diag vpn ike gateway flush
diag vpn tunnel list
diag vpn tunnel flush
get vpn ike gateway
get vpn ipsec tunnel details
get vpn ipsec stats tunnel
diag vpn ipsec status
BGP, OSPF
BGP
get router info bgp summary
get router info bgp neighbors
diag ip router bgp all enable
diag ip router bgp level info
exec router clear bgp all
OSPF
get router info ospf status
get router info ospf interface
get router info ospf neighbor
get router info ospf database
brief / router lsa
get router info ospf database self-
originate
diag ip router ospf all enable
diag ip router ospf level info
exec router clear ospf process
SD-WAN & Security Fabric
SD-WAN
diag sys sdwan member
diag sys sdwan health-check
status | filter <name/member>
diag sys sdwan service <rule-id>
diag sys sdwan intf-sla-log <intf-
name>
diag sys sdwan sla-log <sla>
<link_id>
diag test appl lnkmtd 0/1/2
diag debug appl link-mon -1
Security Fabric
diag sys csf upstream /
downstream
diag sys csf neighbor list
diag test appl csfd 1
diag debug appl csfd -1
diag automation test
<stitch_name>
Endpoint
diag endpoint record list
Version 1.0
Debugging of IKE negotiation
Filter for IKE negotiation output
Phase 1 state
Delete Phase 1
Phase 2 state
Delete Phase 2
Detailed gateway information
Detailed tunnel information
Detailed tunnel statistics
Shows IPSEC crypto status
BGP summary of BGP status
Information on BGP neighbors
Real-time debugging for BGP
protocol
Restart of BGP session
OSPF status
Information on OSPF interfaces
Information on OSPF neighbors
Summary / Details of all LSDB
entries
Information on LSAs originating
from FortiGate
Real-time debugging of OSPF
protocol
Restart of OSPF session
Provide Interface details
State of SLAs
SD-WAN-Rule-State
Link Traffic History
SLA-Log on specific interface
Statistics of link-monitor
Real-time debugger of link-
monitor
List of up/downstream devices
MAC/IP list of connected FGT
devices
Display security fabric statistics
Real-time debugger
Test stitches in the CLI
Endpoint records on FortiGate
FortiGate
for FortiOS 7.2
Security Rating
Manually run security rating
diag report-runner trigger
report
Wireless, Switch, FortiExtender
Access Point (CLI commands on Access Point)
cfg –a Change IP from DHCP to static
ADDR_MODE=DHCP|STATIC on FortiAP
cfg –a
Set static IP on FortiAP
AP_IPADDR=”xxx.xxx.xxx.xx”
cfg –a AP_NET-
Set subnet mask on FortiAP
MASK=”255.255.255.0”
cfg –a IPGW=”yyy.yyy.yyy.yyy” Set gateway on FortiAP
cfg –a Specify IP of Wireless Controller
AC_IPADDR_1=”zzz.zzz.zzz.zzz” on FortiAP
cfg –s / -c List / Save config on FortiAP
cfg -x Reset to factory default
Wireless Controller
exec wireless-controller restart- Restart wireless controller
acd daemon
exec wireless-controller reset-wtp Restart FortiAPs
diag wireless-controller
List rogue APs
wlac -c ap-rogue
exec wireless-controller spectral-
scan <wtp-id> <radio-id > <on |
Start or stop spectrum analysis
off> <duration> <channel>
<report-interval>
diag wireless-controller wlac -c rf-
sa <wtp-id> <radio-id>
<channel> Show spectrum analysis results
get wireless-controller spectral-
info <wtp-id> <radio-id>
Switch Controller
diag switch-controller switch-info Managed FortiSwitch MAC
mac-table address list
diag switch-controller switch-info Managed FortiSwitch port
port-stats statistics
diag switch-controller switch-info
Trunk information
trunk
diag switch-controller switch-info Dumps MCLAG related
mclag information from FortiSwitch
exec switch-controller get-conn- Get FortiSwitch connection
status status
exec switch-controller diagnose- Get FortiSwitch connection
connection diagnostics
FortiExtender
get extender sys-info [FXT SN] Check the FortiExtender status
get extender modem-status [FXT Get the detailed modem status
SN] of the FortiExtender
FortiExtender debugging, collect
diag debug appl extenderd -1
information for about 5 minutes
exec extender reset-fortiextender Restart managed FortiExtender
exec extender restart-
Restart AC daemon
fortiextender-daemon
Modem
diag sys modem detect Detect attached modem
Debugger for modem
diag debug appl modemd 3
commands
Page 3
Cheat Sheet – Other FortiGate
for FortiOS 7.2

System
Default Device Information
admin / no password
192.168.1.99
9600/8-N-1
hardware flow control disabled
Factory Reset
exec factoryreset
exec factoryreset-shutdown
exec factoryreset2
exec factoryreset keepvmlicense
Firmware Update
diag debug config-error-log read
VDOMs
sudo global/ vdom-name
diag / exec / show / get
Transparent Mode
diag netlink brctl name host
Default login
Default IP on port1, internal or
management port
Default serial console settings
Reset whole configuration
Reset config and shutdown
Reset with retaining admin,
interfaces and static routing
Reset whole config but license
Show config errors after
firmware upgrades
Sudo-command to access
global / VDOM settings directly
Bridge MAC table
Hardware Acceleration
config firewall policy
set auto-asic-offload disable
config vpn ipsec phase-1-int
set npu-offload disable
HQIP Hardware Check
https://support.fortinet.com →
Download → HQIP
General Information
Fortinet Links
docs.fortinet.com
community.fortinet.com
www.fortiguard.com
support.fortinet.com
fndn.fortinet.net
blog.boll.ch
Disable session offloading per
firewall policy
Disable VPN offloading per
Phase 1
Download Hardware Quick
Inspection Package (HQIP)
Images to scan hardware for
possible faults
Documentation, Cookbooks,
Release Notes
Knowledge Base, User Forum
FortiGuard Website
Support Site (Login required)
Fortinet Developer Network
(Login required)
Boll Blog

Workspace Mode FortiGate most used ports

exec config-transaction Start/abort/commit of TCP/443, TCP & UDP/53 TCP &
start/abort/commit Workspace Mode FortiGuard Queries
UDP/8888
diag sys config-transaction status State of Workspace Mode TCP/389, UDP/389 LDAP, PKI Authentication
(enabled/disabled) TCP/636, UDP/636 LDAPS
diag sys config-transaction show Shows all active Workspace Contract Validation, FortiToken,
txn-info Modes TCP/443
Firmware Updates
diag sys config-transaction show Pending CLI commands of TCP/443, TCP/8890 AV and IPS Update
txn-cli-commands Workspace Mode
UDP/500, ESP IPSEC VPN
UDP/500, UDP/4500 IPSEC VPN with NAT-Traversal
Hardware TCP/514 FortiManager, FortiAnalyzer

Hardware Information TCP/1812 RADIUS Authentication

diag hardware sysinfo cpu
diag hardware sysinfo conserve
diag hardware sysinfo memory
diag hardware test suite all
get hardware status
get vpn status ssl hw-
acceleration-status
get hardware nic [port]
get system interface
physical / transceiver
TCP/1813 RADIUS Accounting
CPU information
UDP/5246, UDP/5247 CAPWAP
Conserve Mode details.
“Mem”: Memory / “FD”: File TCP/8001 FSSO
descriptor TCP/8013 Compliance and Security Fabric
Memory size, utilization ETH Layer 0x8890, 0x8891,
HA Heartbeat / Sync
Hardware test (available only on 0x8893
newer models)
ASIC and NP information
Show HW acceleration status
for SSL VPN
Physical interface information
Signal information for Copper or
SFP/SFP+ interfaces

Disk Operation
diag sys logdisk usage
diag hardware deviceinfo disk
exec disk list
exec disk scan [ref_int]
exec disk format [ref_int]
exec formatlogdisk
Logdisk usage information
List disks with partitions
List the disks and partitions
Run a disk check operation
Format the specified partitions
or disks and reboots the system
Formatting the log disk, reboot
included

Version 1.0 Page 4