Tools

This section describes the following troubleshooting tools:

execute commands
diagnose commands
Special Fortinet Support commands
get commands

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands	Description
`backup`	Backup: system configuration Domain Blocklist IPv4 Blocklist diagnostics information mysql database to a tftp server
`backupextdisk`	Backup FortiDDoS information to external USB disk
`bypass-traffic`	Enable or Disable internal bypass data traffic
`checklogdisk`	Find and correct errors on the log disk
`cleanup-db-transaction-log`	Cleanup database transaction log files
`date`	Set system date and time
`domain-blocklist` (6.2.0)	Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset
`factoryreset`	Reset system to factory default
`formatextdisk`	Format external USB disk
`formatlogdisk`	Format log disk to enhance performance Note: `formatlogdisk` can take a significant amount of time — up to 15 minutes, depending on the model. While executing `formatlogdisk` the system will fail-open/bypass.
`fortiguard-database-update`	Update fortiguard-database
`generate-traffic-stats`	SPP generate traffic statistics
`global-rrd-reset`	Reset global RRDs in case of Interface and other global related chart mismatch
`ipv4-blocklist` (6.2.0)	IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset
`mountextdisk`	Mount external USB disk
`nslookup`	Test DNS server to obtain domain name or IP address mapping
`passphrase`	Generate backend password
`ping`	Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name \| host ipv4>
`ping-option`	ping option settings
`ping6`	Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>
`ping6-option`	ping6 option settings
`reboot`	Reboot the system
`reload`	Reload appliance
`repair-database-tables`	Repair database tables
`reset` (6.1.1) Replaced with `domain-blocklist` in 6.2.0	Clear/delete: IPv4 Blocklist Domain Blocklist
`restore`	Restore image or configuration from tftp or ftp server
`restoreextdisk`	Restore from external USB disk
`rrd-reset`	Reset all global and SPP RRDs
`shutdown`	Shutdown appliance
`spp-factory-reset`	Reset the threshold configuration and clear traffic history for an SPP
`spp-rrd-reset`	Reset RRDs of a specific SPP in case of SPP related chart mismatch
`telnet`	Simple telnet client
`telnettest`	Test if we can telnet to a server
`thresholds-emergency-setup`	SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge
`thresholds-factory-defaults`	Reset the threshold configuration for an SPP
`traceroute`	Display possible routes (paths) to destination host
`unmountextdisk`	Unmount external USB disk
`vmware`	Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

Diagnose Commands	Description
`blocklisted ip list`	Displays the entire list of uploaded IP addresses for Global Protection > Blocklist > Blocklisted IPv4 tab
`blocklisted domain list`	Displays the entire list of uploaded domains for Global Protection > Blocklist > Blocklisted Domains tab
`dataplane` Additional options:
`blocklisted-domain` `blocklisted-ip` `dns-cache-table {summary \| filter}` `dns-dqrm-table {summary \| filter}` `dns-lq-table {summary \| filter}` `dns-profile` `dns-ttl-table {summary \| filter}` `domain-reputation` `dst-table {summary \| filter}` `dtls-profile` `geo-ip {null \| ip address}` `http-profile` `icmp-profile` `interface` `interface-hardware` `interface-inline-status` `ip-profile` `ip-reputation` `lip-table {summary \| filter}` `ntp-profile` `occupancy` `session {summary \| filter}` `spp {spp name}` `src-table` `ssltls-profile` `tcp-profile`	Blocklisted Domains Blocklisted IPv4 addresses Detailed information about contents of DNS cache Detailed information about contents of DNS DQRM table Detailed information about contents of DNS LQ table Configuration information for each DNS profile (listed in order) Detailed information about contents of DNS TTL table Memory and usage of FortiGuard Domain Reputation table Detailed information about contents of the system Destination table Configuration information for each DTLS profile (listed in order) Detailed information about the capacity and usage of the Geo-IP table \| Geo-IP information for an IP address Configuration information for each HTTP profile (listed in order) Configuration information for each ICMP profile (listed in order) Status of all system interfaces Detailed information on configuration and traffic for all system interfaces Operational status of each system port (not inline/bypass status which is `get system bypass-status`) Configuration information for each IP profile (listed in order) Memory and usage of FortiGuard IP Reputation table Detailed information about contents of the system Legitimate (non-spoofed) IP table Configuration information for each NTP profile (listed in order) Real-time numeric and % occupancy of many system tables Detailed information about contents of the system session table Detailed configuration, traffic and drop information for the named SPP Detailed information about contents of the system source table Configuration information for each SSL/TLS profile (listed in order) Configuration information for each TCP profile (listed in order)
`debug` Additional options:
`application` (EXPERT USE ONLY) `cli` (EXPERT USE ONLY) `crashlog {clear \| get}` (Use with care) `dataplane` (EXPERT USE ONLY) `disable` (EXPERT USE ONLY) `enable` (EXPERT USE ONLY) `kernel` (EXPERT USE ONLY) `mysql-log {get}` (EXPERT USE ONLY) `nginx-log {get}` (EXPERT USE ONLY) `rrd_cmd_check` `rrd_cmd_recreate` `rrd_creation_status` `rrd_files_check` `rrd_tune` (not implemented)	set/get debug level for daemons set/get debug level for CLI and CMDB clear/get crashlog dataplane disable debug output enable debug output set/get debug level for kernel get mysql error log get nginx error log Perform RRD commands check. Will show errors only. Re-create RRD commands – used for graphing Check RRD status for each SPP Check RRD files count for each SPP Tune RRD database to eliminate drop count limit.
`hardware` Additional options:
`{get \| set}` (EXPERT USE ONLY) `Deviceinfo {nic \| nic-detail}` `ioport` (EXPERT USE ONLY) `pciconfig` (EXPERT USE ONLY) `sysinfo {cpu \| interrupts \| iomem \| ioports \| memory \| mtrr \| slab \| stream \| df}` (EXPERT USE ONLY)	Fortinet use only List information for management ports Read data from a management port List information on PCI buses and connected devices List system hardware information
`netlink`	Provides various lists of primarily management port routing information
`sniffer`	Sniffer commands for management ports
`system` Additional options:
`(top}` `{disk}` (EXPERT USE ONLY)	Lists top FortiDDoS processes – not the same as Linus top which should not be used – see above. Fortinet use only

Special Fortinet Support commands

The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

System status
Current configuration
Hardware register values
Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

get commands

Get Commands	Description
`system performance`	Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel. Note: Standard Linux “top” command will not display correct system usage with DPDK processors.

Get Commands

Description

system performance

Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel.

Note: Standard Linux “top” command will not display correct system usage with DPDK processors.

Tools

This section describes the following troubleshooting tools:

execute commands
diagnose commands
Special Fortinet Support commands
get commands

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands	Description
`backup`	Backup: system configuration Domain Blocklist IPv4 Blocklist diagnostics information mysql database to a tftp server
`backupextdisk`	Backup FortiDDoS information to external USB disk
`bypass-traffic`	Enable or Disable internal bypass data traffic
`checklogdisk`	Find and correct errors on the log disk
`cleanup-db-transaction-log`	Cleanup database transaction log files
`date`	Set system date and time
`domain-blocklist` (6.2.0)	Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset
`factoryreset`	Reset system to factory default
`formatextdisk`	Format external USB disk
`formatlogdisk`	Format log disk to enhance performance Note: `formatlogdisk` can take a significant amount of time — up to 15 minutes, depending on the model. While executing `formatlogdisk` the system will fail-open/bypass.
`fortiguard-database-update`	Update fortiguard-database
`generate-traffic-stats`	SPP generate traffic statistics
`global-rrd-reset`	Reset global RRDs in case of Interface and other global related chart mismatch
`ipv4-blocklist` (6.2.0)	IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset
`mountextdisk`	Mount external USB disk
`nslookup`	Test DNS server to obtain domain name or IP address mapping
`passphrase`	Generate backend password
`ping`	Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name \| host ipv4>
`ping-option`	ping option settings
`ping6`	Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>
`ping6-option`	ping6 option settings
`reboot`	Reboot the system
`reload`	Reload appliance
`repair-database-tables`	Repair database tables
`reset` (6.1.1) Replaced with `domain-blocklist` in 6.2.0	Clear/delete: IPv4 Blocklist Domain Blocklist
`restore`	Restore image or configuration from tftp or ftp server
`restoreextdisk`	Restore from external USB disk
`rrd-reset`	Reset all global and SPP RRDs
`shutdown`	Shutdown appliance
`spp-factory-reset`	Reset the threshold configuration and clear traffic history for an SPP
`spp-rrd-reset`	Reset RRDs of a specific SPP in case of SPP related chart mismatch
`telnet`	Simple telnet client
`telnettest`	Test if we can telnet to a server
`thresholds-emergency-setup`	SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge
`thresholds-factory-defaults`	Reset the threshold configuration for an SPP
`traceroute`	Display possible routes (paths) to destination host
`unmountextdisk`	Unmount external USB disk
`vmware`	Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

Diagnose Commands	Description
`blocklisted ip list`	Displays the entire list of uploaded IP addresses for Global Protection > Blocklist > Blocklisted IPv4 tab
`blocklisted domain list`	Displays the entire list of uploaded domains for Global Protection > Blocklist > Blocklisted Domains tab
`dataplane` Additional options:
`blocklisted-domain` `blocklisted-ip` `dns-cache-table {summary \| filter}` `dns-dqrm-table {summary \| filter}` `dns-lq-table {summary \| filter}` `dns-profile` `dns-ttl-table {summary \| filter}` `domain-reputation` `dst-table {summary \| filter}` `dtls-profile` `geo-ip {null \| ip address}` `http-profile` `icmp-profile` `interface` `interface-hardware` `interface-inline-status` `ip-profile` `ip-reputation` `lip-table {summary \| filter}` `ntp-profile` `occupancy` `session {summary \| filter}` `spp {spp name}` `src-table` `ssltls-profile` `tcp-profile`	Blocklisted Domains Blocklisted IPv4 addresses Detailed information about contents of DNS cache Detailed information about contents of DNS DQRM table Detailed information about contents of DNS LQ table Configuration information for each DNS profile (listed in order) Detailed information about contents of DNS TTL table Memory and usage of FortiGuard Domain Reputation table Detailed information about contents of the system Destination table Configuration information for each DTLS profile (listed in order) Detailed information about the capacity and usage of the Geo-IP table \| Geo-IP information for an IP address Configuration information for each HTTP profile (listed in order) Configuration information for each ICMP profile (listed in order) Status of all system interfaces Detailed information on configuration and traffic for all system interfaces Operational status of each system port (not inline/bypass status which is `get system bypass-status`) Configuration information for each IP profile (listed in order) Memory and usage of FortiGuard IP Reputation table Detailed information about contents of the system Legitimate (non-spoofed) IP table Configuration information for each NTP profile (listed in order) Real-time numeric and % occupancy of many system tables Detailed information about contents of the system session table Detailed configuration, traffic and drop information for the named SPP Detailed information about contents of the system source table Configuration information for each SSL/TLS profile (listed in order) Configuration information for each TCP profile (listed in order)
`debug` Additional options:
`application` (EXPERT USE ONLY) `cli` (EXPERT USE ONLY) `crashlog {clear \| get}` (Use with care) `dataplane` (EXPERT USE ONLY) `disable` (EXPERT USE ONLY) `enable` (EXPERT USE ONLY) `kernel` (EXPERT USE ONLY) `mysql-log {get}` (EXPERT USE ONLY) `nginx-log {get}` (EXPERT USE ONLY) `rrd_cmd_check` `rrd_cmd_recreate` `rrd_creation_status` `rrd_files_check` `rrd_tune` (not implemented)	set/get debug level for daemons set/get debug level for CLI and CMDB clear/get crashlog dataplane disable debug output enable debug output set/get debug level for kernel get mysql error log get nginx error log Perform RRD commands check. Will show errors only. Re-create RRD commands – used for graphing Check RRD status for each SPP Check RRD files count for each SPP Tune RRD database to eliminate drop count limit.
`hardware` Additional options:
`{get \| set}` (EXPERT USE ONLY) `Deviceinfo {nic \| nic-detail}` `ioport` (EXPERT USE ONLY) `pciconfig` (EXPERT USE ONLY) `sysinfo {cpu \| interrupts \| iomem \| ioports \| memory \| mtrr \| slab \| stream \| df}` (EXPERT USE ONLY)	Fortinet use only List information for management ports Read data from a management port List information on PCI buses and connected devices List system hardware information
`netlink`	Provides various lists of primarily management port routing information
`sniffer`	Sniffer commands for management ports
`system` Additional options:
`(top}` `{disk}` (EXPERT USE ONLY)	Lists top FortiDDoS processes – not the same as Linus top which should not be used – see above. Fortinet use only

Special Fortinet Support commands

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

System status
Current configuration
Hardware register values
Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

get commands

Get Commands	Description
`system performance`	Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel. Note: Standard Linux “top” command will not display correct system usage with DPDK processors.

Get Commands

Description

system performance

Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel.

Note: Standard Linux “top” command will not display correct system usage with DPDK processors.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Handbook

Tools

Tools

execute commands

diagnose commands

Special Fortinet Support commands

execute backup diag_info

get commands

Tools

Tools

execute commands

diagnose commands

Special Fortinet Support commands

execute backup diag_info