Fortinet black logo

Handbook

Home FortiADC 7.4.3 Handbook
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Advanced Bot Protection troubleshooting and debugging

Advanced Bot Protection troubleshooting and debugging

The following tools are available to troubleshoot and debug Advanced Bot Protection issues.

Event logs that record the interactions between FortiADC and FortiGuard Advanced Bot Protection when system events occur

You can check the system event logs to see the communication between FortiADC and FortiGuard ABP.

The following system events are logged:

  • Configuration changes to the Advanced Bot Protection policy.
  • When FortiADC has successfully reports Advanced Bot Protection policy configurations to FortiGuard ABP.
  • When FortiADC fails and retries to report Advanced Bot Protection policy configurations to FortiGuard ABP.
Attack Logs that record interactions between FortiADC and FortiGuard ABP when suspicious behavior is detected

You can check the attack logs to see the WAF action triggered by the response received from FortiGuard ABP.

In the example below, the attack logged a block WAF action that was triggered by FortiGuard ABP detecting suspicious user behavior.

Some interactions may not trigger an attack log.

  • When the WAF action for the Advanced Bot Protection policy is set to allow, triggered attacks will not be logged.
  • When FortiADC receives an "empty" response from FortiGuard ABP.
  • When FortiADC receives a 401 Authentication error (or another error) from FortiGuard ABP.
  • When FortiADC does not receive a response from FortiGuard ABP until timeout (10 seconds).
CLI commands to view debug logs relating to Advanced Bot Protection

Command

Guidelines

diagnose debug module wafmonitor all

diagnose debug enable

To view the debug information for interactions between the wafmonitor daemon and the FortiGuard ABP. Interactions include fetching the Advanced Bot Protection policy entries from FortiGuard ABP and reporting FortiADC configurations to FortiGuard ABP.

Note: The diagnose debug module wafmonitor all command prints the debug information for all WAF modules that use the daemon wafmonitor. You will need to manually check for the debug information regarding the Advanced Bot Protection module.

diagnose debug module waf advanced_bot

 To view the debug information for traffic processed by the Advanced Bot Protection policy.

diagnose debug module framework_http

To view the debug information for HTTP packet processing by WAF modules.

Note: The diagnose debug module framework_http command prints the debug information for all WAF modules. You will need to manually check for the debug information regarding the Advanced Bot Protection module.
Previous
Next

Advanced Bot Protection troubleshooting and debugging

The following tools are available to troubleshoot and debug Advanced Bot Protection issues.

Event logs that record the interactions between FortiADC and FortiGuard Advanced Bot Protection when system events occur

You can check the system event logs to see the communication between FortiADC and FortiGuard ABP.

The following system events are logged:

  • Configuration changes to the Advanced Bot Protection policy.
  • When FortiADC has successfully reports Advanced Bot Protection policy configurations to FortiGuard ABP.
  • When FortiADC fails and retries to report Advanced Bot Protection policy configurations to FortiGuard ABP.
Attack Logs that record interactions between FortiADC and FortiGuard ABP when suspicious behavior is detected

You can check the attack logs to see the WAF action triggered by the response received from FortiGuard ABP.

In the example below, the attack logged a block WAF action that was triggered by FortiGuard ABP detecting suspicious user behavior.

Some interactions may not trigger an attack log.

  • When the WAF action for the Advanced Bot Protection policy is set to allow, triggered attacks will not be logged.
  • When FortiADC receives an "empty" response from FortiGuard ABP.
  • When FortiADC receives a 401 Authentication error (or another error) from FortiGuard ABP.
  • When FortiADC does not receive a response from FortiGuard ABP until timeout (10 seconds).
CLI commands to view debug logs relating to Advanced Bot Protection

Command

Guidelines

diagnose debug module wafmonitor all

diagnose debug enable

To view the debug information for interactions between the wafmonitor daemon and the FortiGuard ABP. Interactions include fetching the Advanced Bot Protection policy entries from FortiGuard ABP and reporting FortiADC configurations to FortiGuard ABP.

Note: The diagnose debug module wafmonitor all command prints the debug information for all WAF modules that use the daemon wafmonitor. You will need to manually check for the debug information regarding the Advanced Bot Protection module.

diagnose debug module waf advanced_bot

 To view the debug information for traffic processed by the Advanced Bot Protection policy.

diagnose debug module framework_http

To view the debug information for HTTP packet processing by WAF modules.

Note: The diagnose debug module framework_http command prints the debug information for all WAF modules. You will need to manually check for the debug information regarding the Advanced Bot Protection module.
Previous
Next