Fortinet black logo

Handbook

6.2.0
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Tools

Tools

This section describes the following troubleshooting tools:

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands

Description

backup

Backup:

  • system configuration
  • Domain Blocklist
  • IPv4 Blocklist
  • diagnostics information
  • mysql database

to a tftp server

backupextdisk

Backup FortiDDoS information to external USB disk

bypass-traffic

Enable or Disable internal bypass data traffic

checklogdisk

Find and correct errors on the log disk

cleanup-db-transaction-log

Cleanup database transaction log files

date

Set system date and time

domain-blocklist (6.2.0)

Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset

factoryreset

Reset system to factory default

formatextdisk

Format external USB disk

formatlogdisk

Format log disk to enhance performance

fortiguard-database-update

Update fortiguard-database

generate-traffic-stats

SPP generate traffic statistics

global-rrd-reset

Reset global RRDs in case of Interface and other global related chart mismatch

ipv4-blocklist (6.2.0)

IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset

mountextdisk

Mount external USB disk

nslookup

Test DNS server to obtain domain name or IP address mapping

passphrase

Generate backend password

ping

Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name | host ipv4>

ping-option

ping option settings

ping6

Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>

ping6-option

ping6 option settings

reboot

Reboot the system

reload

Reload appliance

repair-database-tables

Repair database tables

reset (6.1.1) Replaced with domain-blocklist in 6.2.0

Clear/delete:

  • IPv4 Blocklist
  • Domain Blocklist

restore

Restore image or configuration from tftp or ftp server

restoreextdisk

Restore from external USB disk

rrd-reset

Reset all global and SPP RRDs

shutdown

Shutdown appliance

spp-factory-reset

Reset the threshold configuration and clear

traffic history for an SPP

spp-rrd-reset

Reset RRDs of a specific SPP in case of SPP related chart mismatch

telnet

Simple telnet client

telnettest

Test if we can telnet to a server

thresholds-emergency-setup

SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge

thresholds-factory-defaults

Reset the threshold configuration for an SPP

traceroute

Display possible routes (paths) to destination host

unmountextdisk

Unmount external USB disk

vmware

Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

The following examples show the lists of diagnose commands:

FIVM08TM20090022 # diagnose

blocklisted blocklisted

dataplane dataplane

debug debug

hardware hardware

netlink netlink

sniffer sniffer

system system

FIVM08TM20090022 # diagnose debug

rrd_cmd_check Perform RRD commands check

rrd_cmd_recreate Re-create RRD commands

FIVM08TM20090022 # diagnose hardware get

deviceinfo list device status and information

FIVM08TM20090022 # diagnose sniffer packet any

interfaces=[any]

filters=[none]

pcap_lookupnet: any: no IPv4 address assigned

0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556045916

0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556046032

0.000000 172.30.153.17.68 -> 255.255.255.255.67: udp 300

Special Fortinet Support commands

The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

  • System status
  • Current configuration
  • Hardware register values
  • Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

Previous
Next

Tools

This section describes the following troubleshooting tools:

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands

Description

backup

Backup:

  • system configuration
  • Domain Blocklist
  • IPv4 Blocklist
  • diagnostics information
  • mysql database

to a tftp server

backupextdisk

Backup FortiDDoS information to external USB disk

bypass-traffic

Enable or Disable internal bypass data traffic

checklogdisk

Find and correct errors on the log disk

cleanup-db-transaction-log

Cleanup database transaction log files

date

Set system date and time

domain-blocklist (6.2.0)

Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset

factoryreset

Reset system to factory default

formatextdisk

Format external USB disk

formatlogdisk

Format log disk to enhance performance

fortiguard-database-update

Update fortiguard-database

generate-traffic-stats

SPP generate traffic statistics

global-rrd-reset

Reset global RRDs in case of Interface and other global related chart mismatch

ipv4-blocklist (6.2.0)

IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset

mountextdisk

Mount external USB disk

nslookup

Test DNS server to obtain domain name or IP address mapping

passphrase

Generate backend password

ping

Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name | host ipv4>

ping-option

ping option settings

ping6

Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>

ping6-option

ping6 option settings

reboot

Reboot the system

reload

Reload appliance

repair-database-tables

Repair database tables

reset (6.1.1) Replaced with domain-blocklist in 6.2.0

Clear/delete:

  • IPv4 Blocklist
  • Domain Blocklist

restore

Restore image or configuration from tftp or ftp server

restoreextdisk

Restore from external USB disk

rrd-reset

Reset all global and SPP RRDs

shutdown

Shutdown appliance

spp-factory-reset

Reset the threshold configuration and clear

traffic history for an SPP

spp-rrd-reset

Reset RRDs of a specific SPP in case of SPP related chart mismatch

telnet

Simple telnet client

telnettest

Test if we can telnet to a server

thresholds-emergency-setup

SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge

thresholds-factory-defaults

Reset the threshold configuration for an SPP

traceroute

Display possible routes (paths) to destination host

unmountextdisk

Unmount external USB disk

vmware

Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

The following examples show the lists of diagnose commands:

FIVM08TM20090022 # diagnose

blocklisted blocklisted

dataplane dataplane

debug debug

hardware hardware

netlink netlink

sniffer sniffer

system system

FIVM08TM20090022 # diagnose debug

rrd_cmd_check Perform RRD commands check

rrd_cmd_recreate Re-create RRD commands

FIVM08TM20090022 # diagnose hardware get

deviceinfo list device status and information

FIVM08TM20090022 # diagnose sniffer packet any

interfaces=[any]

filters=[none]

pcap_lookupnet: any: no IPv4 address assigned

0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556045916

0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556046032

0.000000 172.30.153.17.68 -> 255.255.255.255.67: udp 300

Special Fortinet Support commands

The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

  • System status
  • Current configuration
  • Hardware register values
  • Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

Previous
Next