diagnose endpoint
Endpoint compliance diagnostics.
This topic includes the following commands:
- diagnose endpoint avatar
- diagnose endpoint avatar allow-nodisk
- diagnose endpoint avatar cleanup
- diagnose endpoint avatar find
- diagnose endpoint avatar find fingerprint
- diagnose endpoint avatar find uid
- diagnose endpoint avatar list
- diagnose endpoint avatar list active
- diagnose endpoint avatar list all
- diagnose endpoint avatar list inactive
- diagnose endpoint avatar purge-all
- diagnose endpoint debug-zone
- diagnose endpoint debug-zone background-debug
- diagnose endpoint debug-zone dump
- diagnose endpoint debug-zone set-lls-quota
- diagnose endpoint ec-shm
- diagnose endpoint ec-shm delete
- diagnose endpoint ec-shm find-by-ipvd
- diagnose endpoint ec-shm find-by-uid
- diagnose endpoint ec-shm list
- diagnose endpoint ec-shm summary
- diagnose endpoint ec-shm update-by-json
- diagnose endpoint fctems
- diagnose endpoint fctems api-status
- diagnose endpoint fctems api-status clear
- diagnose endpoint fctems cloud-server
- diagnose endpoint fctems custom
- diagnose endpoint fctems ec-shm-dump
- diagnose endpoint fctems get-pub-addr
- diagnose endpoint fctems info
- diagnose endpoint fctems info pause
- diagnose endpoint fctems info pre-master-key
- diagnose endpoint fctems info protocol
- diagnose endpoint fctems info repeat
- diagnose endpoint fctems info repeat data-in
- diagnose endpoint fctems info repeat data-out
- diagnose endpoint fctems info repeat header-in
- diagnose endpoint fctems info repeat header-out
- diagnose endpoint fctems info repeat ssl-data-in
- diagnose endpoint fctems info repeat ssl-data-out
- diagnose endpoint fctems info repeat textinfo
- diagnose endpoint fctems info reset
- diagnose endpoint fctems info resume
- diagnose endpoint fctems json
- diagnose endpoint fctems json deep-inspect-cert-sync
- diagnose endpoint fctems json gateway-mac-request
- diagnose endpoint fctems queue-complete-calls
- diagnose endpoint fctems test-authorization
- diagnose endpoint fctems test-connectivity
- diagnose endpoint fctems wss-cert-skip-check
- diagnose endpoint filter
- diagnose endpoint filter avatar-fingerprint
- diagnose endpoint filter clear
- diagnose endpoint filter ems-sn
- diagnose endpoint filter ftcl-uid
- diagnose endpoint filter list
- diagnose endpoint filter record-debug-log
- diagnose endpoint filter show-large-data
- diagnose endpoint lls-comm
- diagnose endpoint lls-comm connect
- diagnose endpoint lls-comm disconnect
- diagnose endpoint lls-comm recv
- diagnose endpoint lls-comm send
- diagnose endpoint lls-comm send echo
- diagnose endpoint lls-comm send general
- diagnose endpoint lls-comm send general get-index
- diagnose endpoint lls-comm send general register
- diagnose endpoint lls-comm send general unregister
- diagnose endpoint lls-comm send ping
- diagnose endpoint lls-comm send ping set-interval
- diagnose endpoint lls-comm send ztna
- diagnose endpoint lls-comm send ztna find-ip-vdom
- diagnose endpoint lls-comm send ztna find-uid
- diagnose endpoint lls-comm send ztna message-format
- diagnose endpoint lls-comm send ztna subscribe-all
- diagnose endpoint lls-comm send ztna unsubscribe-all
- diagnose endpoint lls-comm send ztna unsubscribe-uid
- diagnose endpoint lls-comm status
- diagnose endpoint tags
- diagnose endpoint tags remove-by-id
- diagnose endpoint tags remove-by-name
- diagnose endpoint tags remove-by-name-legacy
- diagnose endpoint tags remove-by-sn
- diagnose endpoint tags test-common-tag-update
diagnose endpoint avatar
FortiClient avatar.
diagnose endpoint avatar
diagnose endpoint avatar allow-nodisk
Allow no disk for avatar
diagnose endpoint avatar allow-nodisk [enable|disable]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[enable|disable] |
Allow saving avatars on non-harddisk storage. |
string |
|
diagnose endpoint avatar cleanup
Purge all inactive avatars
diagnose endpoint avatar cleanup
diagnose endpoint avatar find
Find avatar location
diagnose endpoint avatar find
diagnose endpoint avatar find fingerprint
Find avatar by fingerprint
diagnose endpoint avatar find fingerprint <fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fingerprint> |
Avatar fingerprint |
string |
|
diagnose endpoint avatar find uid
Find avatar by uid/user/domain
diagnose endpoint avatar find uid <ftcl-uid> <user-name> <domain>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftcl-uid> |
FortiClient UID |
string |
|
|
<user-name> |
User name |
string |
|
|
<domain> |
User domain |
string |
|
diagnose endpoint avatar list
Display avatars
diagnose endpoint avatar list
diagnose endpoint avatar list active
Display active avatars
diagnose endpoint avatar list active <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar list all
Display all avatars
diagnose endpoint avatar list all <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar list inactive
Display inactive avatars
diagnose endpoint avatar list inactive <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar purge-all
Purge ALL avatars
diagnose endpoint avatar purge-all
diagnose endpoint debug-zone
Debug Zone.
diagnose endpoint debug-zone
diagnose endpoint debug-zone background-debug
Background Debugs.
diagnose endpoint debug-zone background-debug <val>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<val> |
Value (enable|disable) |
string |
|
diagnose endpoint debug-zone dump
Dump all debug zone info.
diagnose endpoint debug-zone dump
diagnose endpoint debug-zone set-lls-quota
Set send quota for each socket
diagnose endpoint debug-zone set-lls-quota <quota>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<quota> |
Quota in bytes |
string |
|
diagnose endpoint ec-shm
Endpoint record.
diagnose endpoint ec-shm
diagnose endpoint ec-shm delete
Delete endpoint records.
diagnose endpoint ec-shm delete <ipv4-address>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Source IPv4 address. |
string |
|
diagnose endpoint ec-shm find-by-ipvd
Display record by IP and vdom.
diagnose endpoint ec-shm find-by-ipvd <ipv4-address> <vdom-name>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Endpoint IPv4 address. |
string |
|
|
<vdom-name> |
VDOM name of the client. |
string |
|
diagnose endpoint ec-shm find-by-uid
Display record by Client UID.
diagnose endpoint ec-shm find-by-uid <ftct-uid> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftct-uid> |
Client UID |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS Tenant ID |
string |
|
diagnose endpoint ec-shm list
Display all records for one EMS.
diagnose endpoint ec-shm list <ipv4-address> <mac-address> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Source IPv4 address ("" for all IP addresses). |
string |
|
|
<mac-address> |
Source MAC address ("" for all MAC addresses). |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS Tenant ID |
string |
|
diagnose endpoint ec-shm summary
List summary of endpoint records.
diagnose endpoint ec-shm summary
diagnose endpoint ec-shm update-by-json
Add endpoint record by JSON.
diagnose endpoint ec-shm update-by-json <uid> <ems-sn> <ems-tenant-id> <json>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<uid> |
FortiClient UID. |
string |
|
|
<ems-sn> |
FortiClient EMS serial number. |
string |
|
|
<ems-tenant-id> |
FortiClient EMS tenant ID. |
string |
|
|
<json> |
JSON string. |
string |
|
diagnose endpoint fctems
FortiClient EMS.
diagnose endpoint fctems
diagnose endpoint fctems api-status
Tools to diagnose EMS API status.
diagnose endpoint fctems api-status
diagnose endpoint fctems api-status clear
Clear EMS API status.
diagnose endpoint fctems api-status clear <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry name in CMDB. |
string |
|
diagnose endpoint fctems cloud-server
cloud server type.
diagnose endpoint fctems cloud-server <type>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<type> |
FortiClient EMS cloud server type(0, 1 or 2), 0-Production, 1-Development and 2-Beta. |
string |
|
diagnose endpoint fctems custom
Custom API.
diagnose endpoint fctems custom <ems-id> <entry-point> <method> <data-param-type> <data>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ems-id> |
ems id. |
string |
|
|
<entry-point> |
entry point. |
string |
|
|
<method> |
HTTP method. |
string |
|
|
<data-param-type> |
data parameter type. |
string |
|
|
<data> |
data |
string |
|
diagnose endpoint fctems ec-shm-dump
Dump endpoint record shm.
diagnose endpoint fctems ec-shm-dump <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems get-pub-addr
Get FortiClient EMS public address.
diagnose endpoint fctems get-pub-addr <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems info
Get info from FortiClient EMS calls.
diagnose endpoint fctems info
diagnose endpoint fctems info pause
Pause getting info.
diagnose endpoint fctems info pause
diagnose endpoint fctems info pre-master-key
Pre-master Key.
diagnose endpoint fctems info pre-master-key [enable|disable]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[enable|disable] |
enable/disable |
string |
|
diagnose endpoint fctems info protocol
Protocol.
diagnose endpoint fctems info protocol [none|https|wss|all]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[none|https|wss|all] |
none/https/wss/all |
string |
|
diagnose endpoint fctems info repeat
Get/Set repetitions for each infotype.
diagnose endpoint fctems info repeat
diagnose endpoint fctems info repeat data-in
data in.
diagnose endpoint fctems info repeat data-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat data-out
data out.
diagnose endpoint fctems info repeat data-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat header-in
header in.
diagnose endpoint fctems info repeat header-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat header-out
header out.
diagnose endpoint fctems info repeat header-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat ssl-data-in
SSL data in.
diagnose endpoint fctems info repeat ssl-data-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat ssl-data-out
SSL data out.
diagnose endpoint fctems info repeat ssl-data-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat textinfo
text info.
diagnose endpoint fctems info repeat textinfo <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info reset
Reset fctems info.
diagnose endpoint fctems info reset
diagnose endpoint fctems info resume
Resume/Start getting info.
diagnose endpoint fctems info resume
diagnose endpoint fctems json
FortiClient EMS REST-API JSON test.
diagnose endpoint fctems json
diagnose endpoint fctems json deep-inspect-cert-sync
Print deep inspection certificate sync json.
diagnose endpoint fctems json deep-inspect-cert-sync
diagnose endpoint fctems json gateway-mac-request
Print gateway-info json.
diagnose endpoint fctems json gateway-mac-request
diagnose endpoint fctems queue-complete-calls
Add complete (un)quarantine call(s) to FCEMSD queue.
diagnose endpoint fctems queue-complete-calls <call>[,<call>[,...]]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<call>[,<call>[,...]] |
Comma separated list of calls. Run without the argument for more help. |
string |
|
diagnose endpoint fctems test-authorization
Authorization test for FortiClient EMS.
diagnose endpoint fctems test-authorization <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems test-connectivity
Connectivity test for FortiClient EMS.
diagnose endpoint fctems test-connectivity <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems wss-cert-skip-check
Skip WebSocketSecure server certificate check.
diagnose endpoint fctems wss-cert-skip-check [yes|no]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[yes|no] |
yes/no |
string |
|
diagnose endpoint filter
Debug filter for fcnacd.
diagnose endpoint filter
diagnose endpoint filter avatar-fingerprint
Avatar fingerprint to filter by.
diagnose endpoint filter avatar-fingerprint <avatar-fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<avatar-fingerprint> |
Avatar fingerprint. |
string |
|
diagnose endpoint filter clear
Erase the current filter.
diagnose endpoint filter clear
diagnose endpoint filter ems-sn
FortiClient EMS serial-number to filter by.
diagnose endpoint filter ems-sn <ems-sn>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ems-sn> |
EMS serial-number. |
string |
|
diagnose endpoint filter ftcl-uid
FortiClient UID to filter by.
diagnose endpoint filter ftcl-uid <ftcl-uid>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftcl-uid> |
FortiClient UID. |
string |
|
diagnose endpoint filter list
Display the current filter.
diagnose endpoint filter list
diagnose endpoint filter record-debug-log
Record debug log.
diagnose endpoint filter record-debug-log [enable/disable]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[enable/disable] |
Enable or disable. |
string |
|
diagnose endpoint filter show-large-data
Show large data.
diagnose endpoint filter show-large-data [yes/no]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[yes/no] |
Yes or no. |
string |
|
diagnose endpoint lls-comm
Long-Lived Socket Communication.
diagnose endpoint lls-comm
diagnose endpoint lls-comm connect
Connect.
diagnose endpoint lls-comm connect
diagnose endpoint lls-comm disconnect
Disconnect.
diagnose endpoint lls-comm disconnect
diagnose endpoint lls-comm recv
Receive Messages.
diagnose endpoint lls-comm recv <repeat>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<repeat> |
Repeat number of receives |
string |
|
diagnose endpoint lls-comm send
Send Message.
diagnose endpoint lls-comm send
diagnose endpoint lls-comm send echo
Echo long-lived socket channel
diagnose endpoint lls-comm send echo
diagnose endpoint lls-comm send general
General long-lived socket channel
diagnose endpoint lls-comm send general
diagnose endpoint lls-comm send general get-index
Get Long-lived socket channel index.
diagnose endpoint lls-comm send general get-index
diagnose endpoint lls-comm send general register
Register to Long-lived Socket channel(s)
diagnose endpoint lls-comm send general register <channel-mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<channel-mask> |
Channel Mask in decimal, octal or hexadecimal |
string |
|
diagnose endpoint lls-comm send general unregister
Unregister from Long-lived Socket channel(s)
diagnose endpoint lls-comm send general unregister <channel-mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<channel-mask> |
Channel Mask in decimal, octal or hexadecimal |
string |
|
diagnose endpoint lls-comm send ping
Ping long-lived socket channel
diagnose endpoint lls-comm send ping
diagnose endpoint lls-comm send ping set-interval
Set interval
diagnose endpoint lls-comm send ping set-interval <interval>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<interval> |
Period in units of 1/100 seconds |
string |
|
diagnose endpoint lls-comm send ztna
ZTNA long-lived socket channel
diagnose endpoint lls-comm send ztna
diagnose endpoint lls-comm send ztna find-ip-vdom
Find by IP and VDOM
diagnose endpoint lls-comm send ztna find-ip-vdom <ip> <vdom>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ip> |
IPv4 or IPv6 address of client |
string |
|
|
<vdom> |
VDOM name |
string |
|
diagnose endpoint lls-comm send ztna find-uid
Find by FortiClient UID and EMS SN
diagnose endpoint lls-comm send ztna find-uid <ftct-uid> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftct-uid> |
Client UID |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS Tenant ID |
string |
|
diagnose endpoint lls-comm send ztna message-format
Select if wad header is sent
diagnose endpoint lls-comm send ztna message-format <index>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<index> |
0: standard 1: wad informer 2: diag wad informer |
string |
|
diagnose endpoint lls-comm send ztna subscribe-all
Subscribe to all FortiClients on selected LLS bits
diagnose endpoint lls-comm send ztna subscribe-all <mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<mask> |
Bit mask |
string |
|
diagnose endpoint lls-comm send ztna unsubscribe-all
Unsubscribe to all FortiClients on issuing LLS
diagnose endpoint lls-comm send ztna unsubscribe-all
diagnose endpoint lls-comm send ztna unsubscribe-uid
Unsubscribe from FortiClient UID
diagnose endpoint lls-comm send ztna unsubscribe-uid <ftct-uid> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftct-uid> |
Client UID |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS_Tenant ID |
string |
|
diagnose endpoint lls-comm status
Status.
diagnose endpoint lls-comm status
diagnose endpoint tags
Tags.
diagnose endpoint tags
diagnose endpoint tags remove-by-id
Remove Dynamic address tags by EMS ID.
diagnose endpoint tags remove-by-id <EMS-ID>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<EMS-ID> |
EMS ID. |
string |
|
diagnose endpoint tags remove-by-name
Remove specific tag by EMS ID and name.
diagnose endpoint tags remove-by-name <TAG-Name> <EMS-ID>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-Name> |
Tag name. |
string |
|
|
<EMS-ID> |
EMS ID. |
string |
|
diagnose endpoint tags remove-by-name-legacy
Remove specific tag by Serial Number and name (LEGACY).
diagnose endpoint tags remove-by-name-legacy <TAG-Name> <SN>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-Name> |
Tag name. |
string |
|
|
<SN> |
Serial Number. |
string |
|
diagnose endpoint tags remove-by-sn
Remove Dynamic address tags by Serial Number (LEGACY).
diagnose endpoint tags remove-by-sn <SN>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<SN> |
Serial Number. |
string |
|
diagnose endpoint tags test-common-tag-update
Test update tags for FortiClient EMS
diagnose endpoint tags test-common-tag-update <TAG-INFO-JSON>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-INFO-JSON> |
JSON string for commands. |
string |
|