Tools
This section describes the following troubleshooting tools:
execute commands
You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.
Execute Commands |
Description |
---|---|
|
Backup:
to a tftp server |
|
Backup FortiDDoS information to external USB disk |
|
Enable or Disable internal bypass data traffic |
|
Find and correct errors on the log disk |
|
Cleanup database transaction log files |
|
Set system date and time |
|
Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset |
|
Reset system to factory default |
|
Format external USB disk |
|
Format log disk to enhance performance |
|
Update fortiguard-database |
|
SPP generate traffic statistics |
|
Reset global RRDs in case of Interface and other global related chart mismatch |
|
IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset |
|
Mount external USB disk |
|
Test DNS server to obtain domain name or IP address mapping |
|
Generate backend password |
|
Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name | host ipv4> |
|
ping option settings |
|
Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6> |
|
ping6 option settings |
|
Reboot the system |
|
Reload appliance |
|
Repair database tables |
|
Clear/delete:
|
|
Restore image or configuration from tftp or ftp server |
|
Restore from external USB disk |
|
Reset all global and SPP RRDs |
|
Shutdown appliance |
|
Reset the threshold configuration and clear traffic history for an SPP |
|
Reset RRDs of a specific SPP in case of SPP related chart mismatch |
|
Simple telnet client |
|
Test if we can telnet to a server |
|
SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge |
|
Reset the threshold configuration for an SPP |
|
Display possible routes (paths) to destination host |
|
Unmount external USB disk |
|
Upload license file from tftp server only for VM |
diagnose commands
You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.
The following examples show the lists of diagnose commands:
FIVM08TM20090022 # diagnose
blocklisted blocklisted
dataplane dataplane
debug debug
hardware hardware
netlink netlink
sniffer sniffer
system system
FIVM08TM20090022 # diagnose debug
rrd_cmd_check Perform RRD commands check
rrd_cmd_recreate Re-create RRD commands
FIVM08TM20090022 # diagnose hardware get
deviceinfo list device status and information
FIVM08TM20090022 # diagnose sniffer packet any
interfaces=[any]
filters=[none]
pcap_lookupnet: any: no IPv4 address assigned
0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556045916
0.000000 172.30.144.11.62729 -> 172.30.153.113.22: ack 1556046032
0.000000 172.30.153.17.68 -> 255.255.255.255.67: udp 300
Special Fortinet Support commands
The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.
execute backup diag_info
This command exports diagnostic information to a remote TFTP server. The following information is exported:
- System status
- Current configuration
- Hardware register values
- Event and DDoS attack log database
Use the following command syntax:
# execute backup diag_info tftp <tftp_server_ipaddress>
The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz
.
The archive includes four files with filenames similar to the following:
back_status-FIVM08TM20090022-2015-03-07-16-57
back_cfg-FIVM08TM20090022-2015-03-07-16-57
back_hw_reg-FIVM08TM20090022-2015-03-07-16-57
back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz
The logs archive includes four files with filenames similar to the following:
elog@002e0000000001.MAI
elog@002e0000000001.MAD
dlog.MAI
dlog.MAD