Fortinet black logo

Handbook

Tools

Copy Link
Copy Doc ID 603e8323-b78c-11ec-9fd1-fa163e15d75b:376707
Download PDF

Tools

This section describes the following troubleshooting tools:

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands

Description

backup

Backup:

  • system configuration
  • Domain Blocklist
  • IPv4 Blocklist
  • diagnostics information
  • mysql database

to a tftp server

backupextdisk

Backup FortiDDoS information to external USB disk

bypass-traffic

Enable or Disable internal bypass data traffic

checklogdisk

Find and correct errors on the log disk

cleanup-db-transaction-log

Cleanup database transaction log files

date

Set system date and time

domain-blocklist (6.2.0)

Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset

factoryreset

Reset system to factory default

formatextdisk

Format external USB disk

formatlogdisk

Format log disk to fix specific logging issues. The requirement to formatlogdisk should be a very rare occurrence unless suggested by FortiCare TAC or a Release Note after upgrade.

formatlogdisk deletes all the data, including MySQL database (attack log, event log) and RRDs (graphs) as well as the Boot Alternate Firmware partition. This does not delete the system configuration.

Before using formatlogdisk, use the RRD (Round-Robin-Database) diagnostic and repair commands in this section to check and repair the RRDs. These commands will not cause a reboot.

Note: formatlogdisk can take a significant amount of time — up to 15 minutes, depending on the model. While executing formatlogdisk the system will fail-open/bypass supported traffic ports.

fortiguard-database-update

Update fortiguard-database

generate-traffic-stats

SPP generate traffic statistics

global-rrd-reset

Reset global RRDs in case of Interface and other global related chart mismatch

ipv4-blocklist (6.2.0)

IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset

mountextdisk

Mount external USB disk

nslookup

Test DNS server to obtain domain name or IP address mapping

passphrase

Generate backend password

ping

Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name | host ipv4>

ping-option

ping option settings

ping6

Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>

ping6-option

ping6 option settings

reboot

Reboot the system

reload

Reload appliance

repair-database-tables

Repair database tables

reset (6.1.1) Replaced with domain-blocklist in 6.2.0

Clear/delete:

  • IPv4 Blocklist
  • Domain Blocklist

restore

Restore image or configuration from tftp or ftp server

restoreextdisk

Restore from external USB disk

rrd-reset

Reset all global and SPP RRDs

shutdown

Shutdown appliance

spp-factory-reset

Reset the threshold configuration and clear

traffic history for an SPP

spp-rrd-reset

Reset RRDs of a specific SPP in case of SPP related chart mismatch

telnet

Simple telnet client

telnettest

Test if we can telnet to a server

thresholds-emergency-setup

SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge

thresholds-factory-defaults

Reset the threshold configuration for an SPP

traceroute

Display possible routes (paths) to destination host

unmountextdisk

Unmount external USB disk

vmware

Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

Diagnose Commands

Description

blocklisted ip list Displays the entire list of uploaded IP addresses for Global Protection > Blocklist > Blocklisted IPv4 tab
blocklisted domain list Displays the entire list of uploaded domains for Global Protection > Blocklist > Blocklisted Domains tab
dataplane

Additional options:

blocklisted-domain

blocklisted-ip

dns-cache-table {summary | filter}

dns-dqrm-table {summary | filter}

dns-lq-table {summary | filter}

dns-profile

dns-ttl-table {summary | filter}

domain-reputation

dst-table {summary | filter}

dtls-profile

geo-ip {null | ip address}

http-profile

icmp-profile

interface

interface-hardware

interface-inline-status

ip-profile

ip-reputation

lip-table {summary | filter}

ntp-profile

occupancy

session {summary | filter}

spp {spp name}

src-table

ssltls-profile

tcp-profile

Blocklisted Domains

Blocklisted IPv4 addresses

Detailed information about contents of DNS cache

Detailed information about contents of DNS DQRM table

Detailed information about contents of DNS LQ table

Configuration information for each DNS profile (listed in order)

Detailed information about contents of DNS TTL table

Memory and usage of FortiGuard Domain Reputation table

Detailed information about contents of the system Destination table

Configuration information for each DTLS profile (listed in order)

Detailed information about the capacity and usage of the Geo-IP table | Geo-IP information for an IP address

Configuration information for each HTTP profile (listed in order)

Configuration information for each ICMP profile (listed in order)

Status of all system interfaces

Detailed information on configuration and traffic for all system interfaces

Operational status of each system port (not inline/bypass status which is get system bypass-status)

Configuration information for each IP profile (listed in order)

Memory and usage of FortiGuard IP Reputation table

Detailed information about contents of the system Legitimate (non-spoofed) IP table

Configuration information for each NTP profile (listed in order)

Real-time numeric and % occupancy of many system tables

Detailed information about contents of the system session table

Detailed configuration, traffic and drop information for the named SPP

Detailed information about contents of the system source table

Configuration information for each SSL/TLS profile (listed in order)

Configuration information for each TCP profile (listed in order)

debug

Additional options:

application (EXPERT USE ONLY)

cli (EXPERT USE ONLY)

crashlog {clear | get} (Use with care)

dataplane (EXPERT USE ONLY)

disable (EXPERT USE ONLY)

enable (EXPERT USE ONLY)

kernel (EXPERT USE ONLY)

mysql-log {get} (EXPERT USE ONLY)

nginx-log {get} (EXPERT USE ONLY)

rrd_cmd_check

rrd_cmd_recreate

rrd_creation_status

rrd_files_check

rrd_tune (not implemented)

set/get debug level for daemons

set/get debug level for CLI and CMDB

clear/get crashlog

dataplane

disable debug output

enable debug output

set/get debug level for kernel

get mysql error log

get nginx error log

Perform RRD commands check. Will show errors only.

Re-create RRD commands – used for graphing

Check RRD status for each SPP

Check RRD files count for each SPP

Tune RRD database to eliminate drop count limit.

hardware

Additional options:

{get | set} (EXPERT USE ONLY)

Deviceinfo {nic | nic-detail}

ioport (EXPERT USE ONLY)

pciconfig (EXPERT USE ONLY)

sysinfo {cpu | interrupts | iomem | ioports | memory | mtrr | slab | stream | df} (EXPERT USE ONLY)

Fortinet use only

List information for management ports

Read data from a management port

List information on PCI buses and connected devices

List system hardware information

netlink

Provides various lists of primarily management port routing information

sniffer

Sniffer commands for management ports

system

Additional options:

(top}

{disk} (EXPERT USE ONLY)

Lists top FortiDDoS processes – not the same as Linus top which should not be used – see above.

Fortinet use only

Special Fortinet Support commands

The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

  • System status
  • Current configuration
  • Hardware register values
  • Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

get commands

Get Commands

Description

system performance

Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel.

Note: Standard Linux “top” command will not display correct system usage with DPDK processors.

Tools

This section describes the following troubleshooting tools:

execute commands

You can use the command-line interface (CLI) execute commands to run diagnostic utilities, such as nslookup, ping, and traceroute.

Execute Commands

Description

backup

Backup:

  • system configuration
  • Domain Blocklist
  • IPv4 Blocklist
  • diagnostics information
  • mysql database

to a tftp server

backupextdisk

Backup FortiDDoS information to external USB disk

bypass-traffic

Enable or Disable internal bypass data traffic

checklogdisk

Find and correct errors on the log disk

cleanup-db-transaction-log

Cleanup database transaction log files

date

Set system date and time

domain-blocklist (6.2.0)

Domain-blocklist related operations such as upload/download domain-blocklist file, append/delete/search/merge domain-blocklist, and reset

factoryreset

Reset system to factory default

formatextdisk

Format external USB disk

formatlogdisk

Format log disk to fix specific logging issues. The requirement to formatlogdisk should be a very rare occurrence unless suggested by FortiCare TAC or a Release Note after upgrade.

formatlogdisk deletes all the data, including MySQL database (attack log, event log) and RRDs (graphs) as well as the Boot Alternate Firmware partition. This does not delete the system configuration.

Before using formatlogdisk, use the RRD (Round-Robin-Database) diagnostic and repair commands in this section to check and repair the RRDs. These commands will not cause a reboot.

Note: formatlogdisk can take a significant amount of time — up to 15 minutes, depending on the model. While executing formatlogdisk the system will fail-open/bypass supported traffic ports.

fortiguard-database-update

Update fortiguard-database

generate-traffic-stats

SPP generate traffic statistics

global-rrd-reset

Reset global RRDs in case of Interface and other global related chart mismatch

ipv4-blocklist (6.2.0)

IPv4-blocklist related operations such as upload/download IPv4-blocklist file, append/delete/search/merge IPv4-blocklist, and reset

mountextdisk

Mount external USB disk

nslookup

Test DNS server to obtain domain name or IP address mapping

passphrase

Generate backend password

ping

Send ICMP ECHO_REQUEST to network hosts with IPv4 address: ping <host name | host ipv4>

ping-option

ping option settings

ping6

Send ICMP6_ECHO_REQUEST to network hosts with IPv6 address: ping6 <host ipv6>

ping6-option

ping6 option settings

reboot

Reboot the system

reload

Reload appliance

repair-database-tables

Repair database tables

reset (6.1.1) Replaced with domain-blocklist in 6.2.0

Clear/delete:

  • IPv4 Blocklist
  • Domain Blocklist

restore

Restore image or configuration from tftp or ftp server

restoreextdisk

Restore from external USB disk

rrd-reset

Reset all global and SPP RRDs

shutdown

Shutdown appliance

spp-factory-reset

Reset the threshold configuration and clear

traffic history for an SPP

spp-rrd-reset

Reset RRDs of a specific SPP in case of SPP related chart mismatch

telnet

Simple telnet client

telnettest

Test if we can telnet to a server

thresholds-emergency-setup

SPP emergency setup thresholds to adjust only certain key thresholds based on empirical knowledge

thresholds-factory-defaults

Reset the threshold configuration for an SPP

traceroute

Display possible routes (paths) to destination host

unmountextdisk

Unmount external USB disk

vmware

Upload license file from tftp server only for VM

diagnose commands

You can use the CLI diagnose commands to gather diagnostic information that can be useful to Fortinet Customer Care when diagnosing any issues with your system.

Diagnose Commands

Description

blocklisted ip list Displays the entire list of uploaded IP addresses for Global Protection > Blocklist > Blocklisted IPv4 tab
blocklisted domain list Displays the entire list of uploaded domains for Global Protection > Blocklist > Blocklisted Domains tab
dataplane

Additional options:

blocklisted-domain

blocklisted-ip

dns-cache-table {summary | filter}

dns-dqrm-table {summary | filter}

dns-lq-table {summary | filter}

dns-profile

dns-ttl-table {summary | filter}

domain-reputation

dst-table {summary | filter}

dtls-profile

geo-ip {null | ip address}

http-profile

icmp-profile

interface

interface-hardware

interface-inline-status

ip-profile

ip-reputation

lip-table {summary | filter}

ntp-profile

occupancy

session {summary | filter}

spp {spp name}

src-table

ssltls-profile

tcp-profile

Blocklisted Domains

Blocklisted IPv4 addresses

Detailed information about contents of DNS cache

Detailed information about contents of DNS DQRM table

Detailed information about contents of DNS LQ table

Configuration information for each DNS profile (listed in order)

Detailed information about contents of DNS TTL table

Memory and usage of FortiGuard Domain Reputation table

Detailed information about contents of the system Destination table

Configuration information for each DTLS profile (listed in order)

Detailed information about the capacity and usage of the Geo-IP table | Geo-IP information for an IP address

Configuration information for each HTTP profile (listed in order)

Configuration information for each ICMP profile (listed in order)

Status of all system interfaces

Detailed information on configuration and traffic for all system interfaces

Operational status of each system port (not inline/bypass status which is get system bypass-status)

Configuration information for each IP profile (listed in order)

Memory and usage of FortiGuard IP Reputation table

Detailed information about contents of the system Legitimate (non-spoofed) IP table

Configuration information for each NTP profile (listed in order)

Real-time numeric and % occupancy of many system tables

Detailed information about contents of the system session table

Detailed configuration, traffic and drop information for the named SPP

Detailed information about contents of the system source table

Configuration information for each SSL/TLS profile (listed in order)

Configuration information for each TCP profile (listed in order)

debug

Additional options:

application (EXPERT USE ONLY)

cli (EXPERT USE ONLY)

crashlog {clear | get} (Use with care)

dataplane (EXPERT USE ONLY)

disable (EXPERT USE ONLY)

enable (EXPERT USE ONLY)

kernel (EXPERT USE ONLY)

mysql-log {get} (EXPERT USE ONLY)

nginx-log {get} (EXPERT USE ONLY)

rrd_cmd_check

rrd_cmd_recreate

rrd_creation_status

rrd_files_check

rrd_tune (not implemented)

set/get debug level for daemons

set/get debug level for CLI and CMDB

clear/get crashlog

dataplane

disable debug output

enable debug output

set/get debug level for kernel

get mysql error log

get nginx error log

Perform RRD commands check. Will show errors only.

Re-create RRD commands – used for graphing

Check RRD status for each SPP

Check RRD files count for each SPP

Tune RRD database to eliminate drop count limit.

hardware

Additional options:

{get | set} (EXPERT USE ONLY)

Deviceinfo {nic | nic-detail}

ioport (EXPERT USE ONLY)

pciconfig (EXPERT USE ONLY)

sysinfo {cpu | interrupts | iomem | ioports | memory | mtrr | slab | stream | df} (EXPERT USE ONLY)

Fortinet use only

List information for management ports

Read data from a management port

List information on PCI buses and connected devices

List system hardware information

netlink

Provides various lists of primarily management port routing information

sniffer

Sniffer commands for management ports

system

Additional options:

(top}

{disk} (EXPERT USE ONLY)

Lists top FortiDDoS processes – not the same as Linus top which should not be used – see above.

Fortinet use only

Special Fortinet Support commands

The commands described in this section are useful when you are troubleshooting an issue with the help of Fortinet Technical Support. Your Fortinet contact might ask you to run these commands to gather data they need to troubleshoot system issues.

execute backup diag_info

This command exports diagnostic information to a remote TFTP server. The following information is exported:

  • System status
  • Current configuration
  • Hardware register values
  • Event and DDoS attack log database

Use the following command syntax:

# execute backup diag_info tftp <tftp_server_ipaddress>

The filename generated stems from the appliance serial number and date. For example, diag_info-FIVM08TM20090022-2015-03-07-16-57.tgz.

The archive includes four files with filenames similar to the following:

back_status-FIVM08TM20090022-2015-03-07-16-57

back_cfg-FIVM08TM20090022-2015-03-07-16-57

back_hw_reg-FIVM08TM20090022-2015-03-07-16-57

back_logs-FIVM08TM20090022-2015-03-07-16-57.tgz

The logs archive includes four files with filenames similar to the following:

elog@002e0000000001.MAI

elog@002e0000000001.MAD

dlog.MAI

dlog.MAD

get commands

Get Commands

Description

system performance

Displays real-time CPU and Memory % usage, matching GUI Dashboard > Status: System Resources panel.

Note: Standard Linux “top” command will not display correct system usage with DPDK processors.