Scribd Logo
Upload

Welcome to Scribd!

  • CheatSheet FortiOS 6.2

    Uploaded by

    unforgetable0708
    196 views3 pages
    The document provides debugging and troubleshooting commands for various Fortinet technologies including virtual WAN links, network interfaces, routing, firewall, SD-WAN, switching, VPN, logging, high availability, traffic processing, and more. It includes commands to check status, restart processes, clear caches, filter output, and monitor performance.

    Original Description:

    CheatSheet

    Original Title

    CheatSheet-FortiOS-6.2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides debugging and troubleshooting commands for various Fortinet technologies including virtual WAN links, network interfaces, routing, firewall, SD-WAN, switching, VPN, logging, high availability, traffic processing, and more. It includes commands to check status, restart processes, clear caches, filter output, and monitor performance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    196 views3 pages

    CheatSheet FortiOS 6.2

    Uploaded by

    unforgetable0708
    The document provides debugging and troubleshooting commands for various Fortinet technologies including virtual WAN links, network interfaces, routing, firewall, SD-WAN, switching, VPN, logging, high availability, traffic processing, and more. It includes commands to check status, restart processes, clear caches, filter output, and monitor performance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    TCP/443 diag sys virtual-wan-link

    service <rule-id>

    TCP/443, TCP/8890 diag sys virtual-wan-link


    intf-sla-log <intf-name>
    UDP/500, ESP
    diag sys virtual-wan-link
    UDP/500, UDP/4500 sla-log <sla> <link_id>
    TCP/514 diag test application lnkmtd
    TCP/1812 1 / 2 / 3
    TCP/1813 diag debug application link-
    monitor -1
    UDP/5246, UDP/5247
    TCP/8001
    Network Troubleshooting
    TCP/8013 get hardware nic [port]
    ETH Layer 0x8890, 0x8891 and get system arp
    0x8893 diag ip arp list
    exec clear system arp table
    Network exec ping x.x.x.x
    Interface information exec ping-options [option]
    diag ip address list exec traceroute x.x.x.x
    exec traceroute-options
    General diag firewall iplist list
    [option]
    exec telnet x.x.x.x [port]
    Default Device Information
    admin / no password diag traffictest server-intf
    Security Fabric diag traffictest client-intf
    192.168.1.99
    diag sys csf upstream / diag traffictest port [port]
    downstream diag traffictest run -c
    9600/8-N-1 [public_iperf_server_ip]
    hardware flow control diag sys csf neighbor list
    disabled diag automation test
    <stich_name>
    Transparent Mode
    General system commands diag netlink brctl
    diag test appl csfd 1 …
    get system status
    diag debug appl csfd -1
    exec tac report Routing
    tree Switch Controller Routing troubleshooting
    <command> ? / tab diag switch-controller get router info routing-table
    switch-info mac-table all
    <command> | grep [filter]
    diag switch-controller get router info routing-table
    switch-info port-stats details x.x.x.x
    Fortinet Links
    docs.fortinet.com diag switch-controller get router info routing-table
    switch-info trunk database
    diag switch-controller get router info kernel
    kb.fortinet.com
    switch-info mclag
    diag firewall proute list
    www.fortiguard.com
    execute switch-controller diag ip rtcache list
    support.fortinet.com get-conn-status
    get router info protocols
    forum.fortinet.com execute switch-controller
    fndn.fortinet.net diagnose-connection
    exec router restart
    blog.boll.ch
    SD-WAN diag sys link-monitor
    status/interface/launch
    FortiGate most used ports diag sys virtual-wan-link
    member
    UDP/53, UDP/8888
    diag sys virtual-wan-link
    TCP/389, UDP/389 health-check <name>

    1
    BGP VDOMs Packet sniffer
    get router info bgp summary sudo global/ vdom-name diag sniffer packet [if]
    diag / execute / show / get ‘[filter]’ [verbose] [count]
    get router info bgp neighbors [ts]
    diag ip router bgp all enable
    diag ip router bgp level info FQDN Flow Trace
    diagnose test application diag debug flow show iprop en
    exec router clear bgp all dnsproxy 6 diag debug flow show fun en
    diagnose firewall fqdn list diag debug flow trace start
    OSPF [packet count]
    get router info ospf status diag debug flow filter
    Internet Service database (ISDB) [filter]
    get router info ospf diag internet-service
    interface info vdom proto port ip
    get router info ospf neighbor Firewall session troubleshooting
    diag internet-service info …
    get router info ospf database diag sys session filter
    brief / router lsa diag sys session list[expect]
    diag internet-service match
    get router info ospf database <vdom> <ip> <netmask> diag sys session clear
    self-originate
    diag sys session stat
    diag ip router ospf all Traffic Shaper
    enable diag firewall shaper traffic-
    diag ip router ospf level diag firewall iprope clear
    shaper list / stats 100004 [<id>]
    info
    diag firewall shaper per-ip-
    exec router clear ospf shaper list / stats
    process
    UTM Services
    Logging FortiGuard Distibution Network (FDN)
    System diag log test update.fortiguard.net
    Process information exec log list service.fortiguard.net
    get system performance status support.fortinet.com
    diag debug cli 8
    diag sys top [sec] [number]
    Firmware Update Signature update
    diag sys top-summary [sec] diag debug rating
    diag debug config-error-log
    read
    diag autoupdate versions
    diag debug crashlog read
    Factory reset diag debug appl update -1
    High availability exec factoryreset exec update-now
    execute ha manage [index] exec factoryreset2
    [admin] IPS
    get sys ha status diag ips anomaly list
    diag ips packet status
    diag sys ha dump-by vcluster Traffic Processing
    diag sys ha reset-uptime diag test appl ipsmonitor 2
    General debugging
    diag sys ha checksum cluster diag test appl ipsmonitor 5
    diag debug appl [appl-name]
    [debug_level diag test appl ipsmonitor 99
    diag sys ha checksum
    show [vdom] diag test appl [appl-name] Emailfilter
    [test_level]
    diag sys ha checksum diag emailfilter fortishield
    recalculate diag debug console timestamp servers
    enable
    diag debug appl hatalk -1 diag debug appl emailfilter
    diag debug appl hasync -1 diag debug enable 255
    diag debug disable
    exec ha ignore-hardware-
    revision diag debug reset
    status / enable / disable

    2
    Webfilter
    VPN Wireless, FortiExtender, Modem
    diag webfilter fortiguard
    statistics list IPSEC VPN Wireless Controller
    diag debug appl ike 63 exec wireless-controller
    diag test appl urlfilter 1 restart-acd
    diag vpn ike log filter
    exec wireless-controller
    SIP diag vpn ike gateway list reset-wtp
    diag system sip status diag vpn ike gateway flush diag wireless-controller
    diagnose sys sip-proxy stats diag vpn tunnel list wlac -c ap-rogue
    list
    diag vpn tunnel flush
    Access point (CLI commands on Access point)
    get vpn ipsec tunnel details
    Authentication get vpn ipsec state tunnel
    cfg –a ADDR_MODE=DHCP|STATIC

    Authentication diag vpn ipsec status


    cfg –a
    diag firewall auth filter
    AP_IPADDR=”xxx.xxx.xxx.xx”
    diag firewall auth list
    Hardware cfg –a AP_NET-
    MASK=”255.255.255.0”
    diag test authserver
    [auth-protocol] [server] Disk operation
    cfg –a IPGW=”yyy.yyy.yyy.yyy”
    [user] [password] diag hardware deviceinfo disk
    cfg –a
    diag debug appl auth -1 exec disk list AC_IPADDR_1=”zzz.zzz.zzz.zzz”
    exec disk scan [ref_int]
    cfg –c
    diag debug appl fnbamd -1
    exec disk format [ref_int]
    cfg –s
    cfg -x
    Explicit proxy
    exec formatlogdisk
    diag wad user list/clear FortiExtender
    diag wad filter get extender sys-info
    [FXT SN]
    diag wad session list
    Hardware acceleration
    get extender modem-status
    diag test appl wad 104 set auto-asic-offload disable [FXT SN]
    diag test appl wad 110
    diag debug application
    diag test appl wad 112 set npu-offload disable extender -1

    diag test appl wad 2200 Hardware information


    exec extender reset-
    diag hardware sysinfo cpu fortiextender
    FortiToken diag hardware sysinfo memory exec extender restart-
    diag fortitoken info diag hardware sysinfo fortiextender-daemon
    exec fortitoken activate conserve
    [FortiTokenSN] Modem
    diag hardware test suite all
    diag deb appl forticldd 255 diag sys modem detect
    exec fortitoken-mobile import get hardware nic [port] diag debug appl modemd 3
    0000-0000-0000-0000
    get system interface
    physical / transceiver
    FSSO
    diag debug authd fsso filter
    HQIP hardware check
    diag debug authd fsso list
    https://support.fortinet.com
    diag debug authd fsso → Download → HQIP
    server-status
    diag debug fsso-polling …
    diag debug appl fssod -1

    You might also like