Cheatography
https://cheatography.com
Fortigate Firewalls Cheatsheet
Process Information
get system performance status |
General performance Information |
diag sys top [sec] {number] |
Process list Sort with P (CPU) /M(Memory) |
diag sys top-summary [sec] |
Process list with grouped proccesses and shared memory |
diag debug crashlog read |
Crash log |
High availability
execute ha manage [index] [admin] |
Jump to cluster member |
get sys ha status |
Information about current HA status |
diag sys ha dump-by vcluster |
Show cluster member uptime |
diag sys ha reset-uptime |
Reset cluster member uptime, triggers failover!!!!!!!! |
diag sys ha checksum cluster |
show config checksums of all cluster members |
diag debug appl hatalk -1 |
Debugging of HA-Talk protocols |
diag debug appl hasync -1 |
Debugging of HA-Sync protocols |
FQDN
diagnose test application dnsproxy 6 |
Dump FQDN cache |
diagnose firewall fqdn list |
List all FQDN |
Traffic Shaper
diag firewall shaper traffic-shaper list / stats |
Traffic shaper list / statistics |
diag firewall shaper per-ip-shaper list / stats |
Per IP traffic-shaper list / statistics |
VDOM
config vdom / edit <vdom-name> |
change to vdom <vdom-name> |
sudo global / vdom-name diag / execute / show / get |
Sudo-command to access global / VDOM Settings directly |
|
|
General debugging
diag debug appl [appl-name] [debug_level] |
Realtime debugger for several applications |
diax test appl [appl-name] [test_level] |
Monitor proxy operations |
diag debug console timestamp enable |
Enables timestamp in console |
diag debug enable diag debug disable |
Enable/disable output for "diag debug" and "diag ip" commands |
diag debug reset |
Reset debug levels |
Packet Sniffer
diag snivver packet [if] '[filter]' [verbose] [count] [ts] |
Packet sniffer. Use Filters! Verbose levels 1-6 for different output |
Flow Trace
diag debug flow show iprop en diag debug flow show fun en diag debug flow trace start [packet count] |
Debug command for traffic flow |
diag debug flow filter [filter] |
Use filters to narrow down search results |
Firewall session troubleshooting
diag sys session filter |
Filter for session list |
diag sys session list[expect] |
Lists all (or expected) sessions |
diag sys session clear |
Clear all / filtered sessions |
diag sys session stat |
Sessions statistics, memory memory tension, ephemral drops |
diag firewall iprope clear 100004 [<id>] |
Resets counter for all or specific firewall policy id |
Fortiguard Distribution Network (FDN)
update.fortiguard.net service.fortiguard.net support.fortinet.com |
**URLs to access the FortiGuard Distribution Netowrk (FDN) |
Signature Update
diag debug rating |
Webfilter / AntiSpan Server information |
diag autoupdate versions |
Detailed versions of packages |
diag debug appl update -1 exec update-now |
Troubleshooting update process |
IPS
diag ips anomaly list |
Lists statistics of DoS-Policies |
diag ips packet status |
IPS packet statistics |
diag test appl ipsmonitor 2 |
Enable / disable IPS engine |
diag test appl ipsmonitor 5 |
Toggle bypass status |
diag test appl ipsmonitor 99 |
Restart all ipsengine and monitor |
|
Created By
Metadata
Comments
No comments yet. Add yours below!
Add a Comment