Professional Documents
Culture Documents
Kumon Fortigate
Kumon Fortigate
Front View
Rear View
For CPU utilization issues, we use “get system performance status” command which will give
overall information of CPU, Memory and Uptime.
You can use the “diagnose sys top” command from the FortiOS CLI to list the processes
running on your FortiGate unit. The command also displays information about each process.
Example output:
Where the codes displayed on the second output line mean the following:
Each additional line of the command output displays information for each of the processes
running on the FortiGate unit. For example, the third line of the output is:
newcli 903 R 0.5 5.5
Where:
newcli is the process name. Other process names can include ipsengine, sshd,
cmdbsrv, httpsd, scanunitd, and miglogd.
903 is the process ID. The process ID can be any number.
R is the state that the process is running in. The process state can be:
o R running.
o S sleep.
o Z zombie.
o D disk sleep.
0.5 is the amount of CPU that the process is using. CPU usage can range from 0.0 for
a process that is sleeping to higher values for a process that is taking a lot of CPU
time.
5.5 is the amount of memory that the process is using. Memory usage can range
from 0.1 to 5.5 and higher.
You can enter the following single-key commands when diagnose sys top is running.
Press q to quit.
Press c to sort the processes by the amount of CPU that the processes are using.
Press m to sort the processes by the amount of memory that the processes are
using.
Please be cautious at below steps as below information serve as information to GSD team. Once find
out which process hogging more CPU, forward the information to on-site support team or NTTS
Engineer for further assistance.
Where:
<signal> can be any number but 11 is preferred because this signal sends output to the
crashlog which can be used by Fortinet Support to troubleshoot problems.
<process id> is the process ID listed by the diagnose sys top command.
For example, to stop the process with process ID 903, enter the following command:
FortiOS has a finite set of hardware resources such as memory and all the running processes
share that memory. Depending on their workload, each process will use more or less as
needed, usually more in high traffic situations. If some processes use all the available
memory, other processes will have no memory available and not be able to function.
When high memory usage happens, you may experience services that appear to freeze up
and connections are lost or new connections are refused.
If you are seeing high memory usage in the System Resources widget, it could mean that the
unit is dealing with high traffic volume, which may be causing the problem, or it could be
when the unit is dealing with connection pool limits affecting a single proxy. If the unit is
receiving large volumes of traffic on a specific proxy, it is possible that the unit will exceed
the connection pool limit. If the number of free connections within a proxy connection pool
reaches zero, problems may occur.
Use the following CLI command to gather memory utilization on the device.
3. Interface errors
If receive interface errors on Fortigate firewalls, please execute following CLI commands to
gather error information.
o diagnose hardware deviceinfo nic (This will display all interfaces on the device)
o diagnose hardware deviceinfo nic <port name> eg: diagnose hardware deviceinfo
nic Svr_VLAN
o The above information is useful to check duplex mismatch, collisions and errors.
The counters and their meaning describe what you may see when using the
CLI command diag hardware deviceinfo nic interface.
To clear interface counters, please execute following CLI commands
o diagnose netlink interface list <port name> eg: diagnose netlink interface list
Svr_VLAN
4. PING
The ping command sends a very small packet to the destination, and waits for a response.
The response has a timer that may expire, indicating the destination is unreachable. The
behavior of ping is very much like a sonar ping from a submarine, where the command gets
its name.
Ping is part of Layer-3 on the OSI Networking Model. Ping sends Internet Control Message
Protocol (ICMP) “echo request” packets to the destination, and listens for “echo response”
packets in reply. However, many public networks block ICMP packets because ping can be used
in a denial of service (DoS) attack (such as Ping of Death or a smurf attack), or by an attacker to
find active locations on the network. By default, FortiGate units have ping enabled while
broadcast-forward is disabled on the external interface.
Beyond the basic connectivity information, ping can tell you the amount of packet loss (if
any), how long it takes the packet to make the round trip, and the variation in that time from
packet to packet.
If there is some packet loss detected, you should investigate the following:
Possible ECMP, split horizon, or network loops.
Verify which security policy was used (use the packet count column on the Policy & Objects >
Policy page).
Addresses and routes — ensure all IP addresses and routing information along the route
is configured as expected.
Firewalls — ensure all firewalls, including FortiGate unit security policies allow PING to pass
through.
How to use ping
Ping syntax is the same for nearly every type of system on a network.
To ping from a FortiGate unit
1. Connect to the CLI either through telnet or through the CLI widget on the web-based manager
dashboard.
2. Enter exec ping 10.11.101.101 to send 5 ping packets to the destination IP address. There are
no options for this command.
Sample output:
o In Windows XP, select Start > Run, enter cmd, and select OK.
o In Windows 7, select the Start icon, enter cmd in the search box, and select cmd.exe
from the list.
2. Enter ping 10.11.101.100 to ping the default internal interface of the FortiGate unit with
four packets. Other options include:
Sample output:
C:\>ping 10.11.101.101
In the event of Fortigate firewall “host down alert”, please execute the following
troubleshooting steps.
o Try to access the device via telnet or SSH
o Try to PING the device from jump server
Site Location Device Name Interface Vendor Circuit ID Contact Information
Kumon Asia & Oceania SGFWRSO001 Port1 NTT Singapore 5873153000 helpdesk@ntt.com.sg
Tel: (65)-68715400
PT KIE Indonesia IDFWJKT001 Port1 NTT Indonesia n/a noc@ntt.co.id
Tel: (62)-215727777
Thailand ECL THFWNDC001 Port3 NTT Thailand AI-2015-161 support@ntt.co.th
Tel: (66)2-751-5519
Kumon Education MYFWKMY001 Ether0/0 NTT MSC Sdn Bhd NTT0494-ISP-001-947 it-sc@arc.net.my
Tel: (60)-383190000
Kumon Australia AUSWSYD001 Gi0/24 NTT Austalia W151001148-CBSWG goc@ntt.com
Tel: 1-720-475-4200
o If the following sites firewalls down, please engage the vendors as per below listed
contacts. Custom template required to use when engaging vendors according to sites.
o Please send e-mail to local support team for following Fortigate firewalls location to
verify power & maintenance.
o For following locations, if Fortigate / Juniper firewalls are down please engage local
support team to verify the status as these sites internet connections being managed
locally.
o Once the device is up, please execute following CLI command to collect logs and verify
device status.
get system performance status
diagnose debug crashlog read