Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiADC 8.0.3 CLI Reference
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    diagnose debug module fnginx

    diagnose debug module fnginx

    Use the fnginx command to view and filter debug information.

    • To view the debug info, run:

      diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|app-publish|av|scripting}

    • To filter the debug output, run:

      diagnose debug module fnginx {set-filter|unset-filter|show-filter}

    The diagnose debug module fnginx and set-filter commands can be executed on the root and non-root VDOMs. However, even though you can run the command inside a specific VDOM, the debug output is not limited to that VDOM.

    Viewing debug information

    Syntax

    diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|app-publish|av|scripting}

    This command prints the debug information for:

    • show: Show the debug status.

    • all: View the debug information for all modules.

    • conf: View the debug information for the configuration.

    • ssl_ae_info: View the debug information for the SSL Authenticated Encryption (AE) cryptography.

    • stat: View the statistic debug information.

    • rtsp/mysql/smtp/rtmp/diameter/ftp/radius/iso8583/mssql: View the load balancing debug information for the respective protocols.

    • app-publish: View the AAG-related debug information.

    • av: View the Antivirus debug information.

    • scripting: View the stream scripting debug information.

    Filtering debug information

    You can set filters to specify the type of information to view to more easily troubleshoot and locate bugs.

    Syntax

    diagnose debug module fnginx {set-filter|unset-filter|show-filter}

    You can use the following keywords and operators to specify the debug filter. The maximum length of a filter expression is 1023 characters.

    • Keywords:

      • vsname — Virtual Server name
      • rsname — Real Server name
      • srcip — Source IP. Both IPv4 and IPv6 are supported.
      • dstip — Destination IP. Both IPv4 and IPv6 are supported.
      • srcport — Source port
      • dstport — Destination port

      The maximum length of a vsname or rsname is 63 characters.

    • Conditional operator

      =, !=, in

    • Logical operator

      &, |, ()

      The maximum total number of logical operators and brackets is 32.

    Filter Limitations

    • Debug filters do not apply to RTSP, RTMP, and Diameter traffic.

      For these protocols, all debug output is printed regardless of the filter conditions.

    • Debug filters do not apply to configuration-related debug information.

      The output is not evaluated against the filter expression, even if it appears to be partially restricted.

    Filter Behavior Notes

    Filter changes apply only to new traffic. Existing connections continue to print logs even if they no longer match

    Suggested Usage

    To better focus the debug log to only print the specified debug information, it is recommended to first enable debug for the specific fnginx module and set the debug filter, and then enable the debug output.

    For example:

    FADC # diagnose debug module fnginx smtp

    FADC # diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"

    FADC # diagnose debug enable

    Example

    FortiADC-VM # diagnose debug module fnginx mysql set
profile type is mysql.
addr type 1.
make pool member conf, ip addr 20.6.2.1, port 80.
make pool member conf, ip addr 20.6.2.2, port 80.
make pool member conf, ip addr 20.6.2.3, port 80.
add vdom rlimit, vdom id: 1, ip: 1.1.1.1, port: 80, ssl: 0
test temp config success
dump configure data:
adc {
upstream mysql {
server 20.6.2.1:80 weight=1 up group_id=0 rs_name=pool1-1 id=3200;
server 20.6.2.2:80 weight=1 up group_id=0 rs_name=pool1-2 id=3201;
server 20.6.2.3:80 weight=1 up group_id=0 rs_name=pool1-3 id=3202;
mysql;
}
server mysql {
listen 1.1.1.1:80;
proxy_pass mysql;
fngx_log off;
persistence none;
source_address off;
mysql;
proxy_mode transaction;
mysql_mode 0;
}
}


    diagnose debug module fnginx set-filter "srcip=10.65.1.62 & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip=10.65.1.62 | srcip=2001:1234::a41:3e) & (vsname=vs-smtp-25 | vsname=vs-smtp-IPv6) “
diagnose debug module fnginx set-filter "((srcip in 10.65.1.0/24) & vsname=vs-smtp-25) | (srcip=10.65.1.62 & vsname=vs-radius)"
diagnose debug module fnginx set-filter "srcip=10.65.1.62 & srcport=20001 & vsname=vs-smtp-25 & rsname=rs66 & dstport=25"
    Previous
    Next

    diagnose debug module fnginx

    diagnose debug module fnginx

    Use the fnginx command to view and filter debug information.

    • To view the debug info, run:

      diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|app-publish|av|scripting}

    • To filter the debug output, run:

      diagnose debug module fnginx {set-filter|unset-filter|show-filter}

    The diagnose debug module fnginx and set-filter commands can be executed on the root and non-root VDOMs. However, even though you can run the command inside a specific VDOM, the debug output is not limited to that VDOM.

    Viewing debug information

    Syntax

    diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|app-publish|av|scripting}

    This command prints the debug information for:

    • show: Show the debug status.

    • all: View the debug information for all modules.

    • conf: View the debug information for the configuration.

    • ssl_ae_info: View the debug information for the SSL Authenticated Encryption (AE) cryptography.

    • stat: View the statistic debug information.

    • rtsp/mysql/smtp/rtmp/diameter/ftp/radius/iso8583/mssql: View the load balancing debug information for the respective protocols.

    • app-publish: View the AAG-related debug information.

    • av: View the Antivirus debug information.

    • scripting: View the stream scripting debug information.

    Filtering debug information

    You can set filters to specify the type of information to view to more easily troubleshoot and locate bugs.

    Syntax

    diagnose debug module fnginx {set-filter|unset-filter|show-filter}

    You can use the following keywords and operators to specify the debug filter. The maximum length of a filter expression is 1023 characters.

    • Keywords:

      • vsname — Virtual Server name
      • rsname — Real Server name
      • srcip — Source IP. Both IPv4 and IPv6 are supported.
      • dstip — Destination IP. Both IPv4 and IPv6 are supported.
      • srcport — Source port
      • dstport — Destination port

      The maximum length of a vsname or rsname is 63 characters.

    • Conditional operator

      =, !=, in

    • Logical operator

      &, |, ()

      The maximum total number of logical operators and brackets is 32.

    Filter Limitations

    • Debug filters do not apply to RTSP, RTMP, and Diameter traffic.

      For these protocols, all debug output is printed regardless of the filter conditions.

    • Debug filters do not apply to configuration-related debug information.

      The output is not evaluated against the filter expression, even if it appears to be partially restricted.

    Filter Behavior Notes

    Filter changes apply only to new traffic. Existing connections continue to print logs even if they no longer match

    Suggested Usage

    To better focus the debug log to only print the specified debug information, it is recommended to first enable debug for the specific fnginx module and set the debug filter, and then enable the debug output.

    For example:

    FADC # diagnose debug module fnginx smtp

    FADC # diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"

    FADC # diagnose debug enable

    Example

    FortiADC-VM # diagnose debug module fnginx mysql set
profile type is mysql.
addr type 1.
make pool member conf, ip addr 20.6.2.1, port 80.
make pool member conf, ip addr 20.6.2.2, port 80.
make pool member conf, ip addr 20.6.2.3, port 80.
add vdom rlimit, vdom id: 1, ip: 1.1.1.1, port: 80, ssl: 0
test temp config success
dump configure data:
adc {
upstream mysql {
server 20.6.2.1:80 weight=1 up group_id=0 rs_name=pool1-1 id=3200;
server 20.6.2.2:80 weight=1 up group_id=0 rs_name=pool1-2 id=3201;
server 20.6.2.3:80 weight=1 up group_id=0 rs_name=pool1-3 id=3202;
mysql;
}
server mysql {
listen 1.1.1.1:80;
proxy_pass mysql;
fngx_log off;
persistence none;
source_address off;
mysql;
proxy_mode transaction;
mysql_mode 0;
}
}


    diagnose debug module fnginx set-filter "srcip=10.65.1.62 & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip=10.65.1.62 | srcip=2001:1234::a41:3e) & (vsname=vs-smtp-25 | vsname=vs-smtp-IPv6) “
diagnose debug module fnginx set-filter "((srcip in 10.65.1.0/24) & vsname=vs-smtp-25) | (srcip=10.65.1.62 & vsname=vs-radius)"
diagnose debug module fnginx set-filter "srcip=10.65.1.62 & srcport=20001 & vsname=vs-smtp-25 & rsname=rs66 & dstport=25"
    Previous
    Next