Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.4.2 Handbook
    7.4.2
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Advanced Bot Protection troubleshooting and debugging

    Advanced Bot Protection troubleshooting and debugging

    The following tools are available to troubleshoot and debug Advanced Bot Protection issues.

    Event logs that record the interactions between FortiADC and FortiGuard Advanced Bot Protection when system events occur

    You can check the system event logs to see the communication between FortiADC and FortiGuard ABP.

    The following system events are logged:

    • Configuration changes to the Advanced Bot Protection policy.
    • When FortiADC has successfully reports Advanced Bot Protection policy configurations to FortiGuard ABP.
    • When FortiADC fails and retries to report Advanced Bot Protection policy configurations to FortiGuard ABP.
    Attack Logs that record interactions between FortiADC and FortiGuard ABP when suspicious behavior is detected

    You can check the attack logs to see the WAF action triggered by the response received from FortiGuard ABP.

    In the example below, the attack logged a block WAF action that was triggered by FortiGuard ABP detecting suspicious user behavior.

    Some interactions may not trigger an attack log.

    • When the WAF action for the Advanced Bot Protection policy is set to allow, triggered attacks will not be logged.
    • When FortiADC receives an "empty" response from FortiGuard ABP.
    • When FortiADC receives a 401 Authentication error (or another error) from FortiGuard ABP.
    • When FortiADC does not receive a response from FortiGuard ABP until timeout (10 seconds).
    CLI commands to view debug logs relating to Advanced Bot Protection

    Command

    Guidelines

    diagnose debug module wafmonitor all

    diagnose debug enable

    To view the debug information for interactions between the wafmonitor daemon and the FortiGuard ABP. Interactions include fetching the Advanced Bot Protection policy entries from FortiGuard ABP and reporting FortiADC configurations to FortiGuard ABP.

    Note: The diagnose debug module wafmonitor all command prints the debug information for all WAF modules that use the daemon wafmonitor. You will need to manually check for the debug information regarding the Advanced Bot Protection module.

    diagnose debug module waf advanced_bot

    		 To view the debug information for traffic processed by the Advanced Bot Protection policy.

    diagnose debug module framework_http

    To view the debug information for HTTP packet processing by WAF modules.

    Note: The diagnose debug module framework_http command prints the debug information for all WAF modules. You will need to manually check for the debug information regarding the Advanced Bot Protection module.
    Previous
    Next

    Advanced Bot Protection troubleshooting and debugging

    Advanced Bot Protection troubleshooting and debugging

    The following tools are available to troubleshoot and debug Advanced Bot Protection issues.

    Event logs that record the interactions between FortiADC and FortiGuard Advanced Bot Protection when system events occur

    You can check the system event logs to see the communication between FortiADC and FortiGuard ABP.

    The following system events are logged:

    • Configuration changes to the Advanced Bot Protection policy.
    • When FortiADC has successfully reports Advanced Bot Protection policy configurations to FortiGuard ABP.
    • When FortiADC fails and retries to report Advanced Bot Protection policy configurations to FortiGuard ABP.
    Attack Logs that record interactions between FortiADC and FortiGuard ABP when suspicious behavior is detected

    You can check the attack logs to see the WAF action triggered by the response received from FortiGuard ABP.

    In the example below, the attack logged a block WAF action that was triggered by FortiGuard ABP detecting suspicious user behavior.

    Some interactions may not trigger an attack log.

    • When the WAF action for the Advanced Bot Protection policy is set to allow, triggered attacks will not be logged.
    • When FortiADC receives an "empty" response from FortiGuard ABP.
    • When FortiADC receives a 401 Authentication error (or another error) from FortiGuard ABP.
    • When FortiADC does not receive a response from FortiGuard ABP until timeout (10 seconds).
    CLI commands to view debug logs relating to Advanced Bot Protection

    Command

    Guidelines

    diagnose debug module wafmonitor all

    diagnose debug enable

    To view the debug information for interactions between the wafmonitor daemon and the FortiGuard ABP. Interactions include fetching the Advanced Bot Protection policy entries from FortiGuard ABP and reporting FortiADC configurations to FortiGuard ABP.

    Note: The diagnose debug module wafmonitor all command prints the debug information for all WAF modules that use the daemon wafmonitor. You will need to manually check for the debug information regarding the Advanced Bot Protection module.

    diagnose debug module waf advanced_bot

    		 To view the debug information for traffic processed by the Advanced Bot Protection policy.

    diagnose debug module framework_http

    To view the debug information for HTTP packet processing by WAF modules.

    Note: The diagnose debug module framework_http command prints the debug information for all WAF modules. You will need to manually check for the debug information regarding the Advanced Bot Protection module.
    Previous
    Next