diagnose endpoint
Endpoint compliance diagnostics.
This topic includes the following commands:
- diagnose endpoint avatar
- diagnose endpoint avatar allow-nodisk
- diagnose endpoint avatar delete-archived
- diagnose endpoint avatar find
- diagnose endpoint avatar find fingerprint
- diagnose endpoint avatar find link
- diagnose endpoint avatar list
- diagnose endpoint avatar list active
- diagnose endpoint avatar list archived
- diagnose endpoint avatar list fingerprint
- diagnose endpoint avatar purge-all
- diagnose endpoint avatar purge-archived
- diagnose endpoint debug-zone
- diagnose endpoint debug-zone background-debug
- diagnose endpoint debug-zone dump
- diagnose endpoint debug-zone set-lls-quota
- diagnose endpoint ec-shared
- diagnose endpoint ec-shared find
- diagnose endpoint ec-shared list
- diagnose endpoint fctems
- diagnose endpoint fctems api-status
- diagnose endpoint fctems api-status clear
- diagnose endpoint fctems get-pub-addr
- diagnose endpoint fctems info
- diagnose endpoint fctems info pause
- diagnose endpoint fctems info pre-master-key
- diagnose endpoint fctems info protocol
- diagnose endpoint fctems info repeat
- diagnose endpoint fctems info repeat data-in
- diagnose endpoint fctems info repeat data-out
- diagnose endpoint fctems info repeat header-in
- diagnose endpoint fctems info repeat header-out
- diagnose endpoint fctems info repeat ssl-data-in
- diagnose endpoint fctems info repeat ssl-data-out
- diagnose endpoint fctems info repeat textinfo
- diagnose endpoint fctems info reset
- diagnose endpoint fctems info resume
- diagnose endpoint fctems json
- diagnose endpoint fctems json deep-inspect-cert-sync
- diagnose endpoint fctems json gateway-mac-request
- diagnose endpoint fctems queue-complete-calls
- diagnose endpoint fctems test-authorization
- diagnose endpoint fctems test-connectivity
- diagnose endpoint fctems wss-cert-skip-check
- diagnose endpoint filter
- diagnose endpoint filter avatar-fingerprint
- diagnose endpoint filter clear
- diagnose endpoint filter ems-sn
- diagnose endpoint filter ftcl-uid
- diagnose endpoint filter list
- diagnose endpoint filter show-large-data
- diagnose endpoint lls-comm
- diagnose endpoint lls-comm connect
- diagnose endpoint lls-comm disconnect
- diagnose endpoint lls-comm recv
- diagnose endpoint lls-comm send
- diagnose endpoint lls-comm send echo
- diagnose endpoint lls-comm send general
- diagnose endpoint lls-comm send general get-index
- diagnose endpoint lls-comm send general register
- diagnose endpoint lls-comm send general unregister
- diagnose endpoint lls-comm send ping
- diagnose endpoint lls-comm send ping set-interval
- diagnose endpoint lls-comm send ztna
- diagnose endpoint lls-comm send ztna find-ip-vdom
- diagnose endpoint lls-comm send ztna find-uid
- diagnose endpoint lls-comm send ztna message-format
- diagnose endpoint lls-comm send ztna subscribe-all
- diagnose endpoint lls-comm send ztna unsubscribe-all
- diagnose endpoint lls-comm send ztna unsubscribe-uid
- diagnose endpoint lls-comm status
- diagnose endpoint record
- diagnose endpoint record delete
- diagnose endpoint record list
- diagnose endpoint record summary
- diagnose endpoint record update-by-json
- diagnose endpoint tags
- diagnose endpoint tags remove-by-id
- diagnose endpoint tags remove-by-name
- diagnose endpoint tags remove-by-name-legacy
- diagnose endpoint tags remove-by-sn
- diagnose endpoint tags test-common-tag-update
- diagnose endpoint tags test-update
diagnose endpoint avatar
FortiClient avatar.
diagnose endpoint avatar
diagnose endpoint avatar allow-nodisk
Allow no disk for avatar
diagnose endpoint avatar allow-nodisk [enable|disable]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[enable|disable] |
Allow saving avatars on non-harddisk storage. |
string |
|
diagnose endpoint avatar delete-archived
Delete an archived avatar
diagnose endpoint avatar delete-archived <ftcl-uid> <user-name>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftcl-uid> |
FortiClient UID |
string |
|
|
<user-name> |
User name |
string |
|
diagnose endpoint avatar find
Find avatar location
diagnose endpoint avatar find
diagnose endpoint avatar find fingerprint
Find avatar fingerprint location
diagnose endpoint avatar find fingerprint <fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fingerprint> |
Avatar fingerprint |
string |
|
diagnose endpoint avatar find link
Find avatar link location
diagnose endpoint avatar find link <ftcl-uid> <user-name>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftcl-uid> |
FortiClient UID |
string |
|
|
<user-name> |
User name |
string |
|
diagnose endpoint avatar list
Display avatars
diagnose endpoint avatar list
diagnose endpoint avatar list active
Display active avatars
diagnose endpoint avatar list active <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar list archived
Display archived avatars
diagnose endpoint avatar list archived <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar list fingerprint
Display fingerprint avatars
diagnose endpoint avatar list fingerprint <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of files to display per page. |
string |
|
diagnose endpoint avatar purge-all
Purge ALL avatars
diagnose endpoint avatar purge-all
diagnose endpoint avatar purge-archived
Purge all archived avatars
diagnose endpoint avatar purge-archived
diagnose endpoint debug-zone
Debug Zone.
diagnose endpoint debug-zone
diagnose endpoint debug-zone background-debug
Background Debugs.
diagnose endpoint debug-zone background-debug <val>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<val> |
Value (enable|disable) |
string |
|
diagnose endpoint debug-zone dump
Dump all debug zone info.
diagnose endpoint debug-zone dump
diagnose endpoint debug-zone set-lls-quota
Set send quota for each socket
diagnose endpoint debug-zone set-lls-quota <quota>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<quota> |
Quota in bytes |
string |
|
diagnose endpoint ec-shared
FortiClient shared record.
diagnose endpoint ec-shared
diagnose endpoint ec-shared find
Find shared record.
diagnose endpoint ec-shared find <ipv4-address> <ENTER|vfid>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Endpoint IPv4 address. |
string |
|
|
<ENTER|vfid> |
VDOM ID of the client. |
string |
|
diagnose endpoint ec-shared list
List shared records.
diagnose endpoint ec-shared list <number>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<number> |
Number of records to display per page. |
string |
|
diagnose endpoint fctems
FortiClient EMS.
diagnose endpoint fctems
diagnose endpoint fctems api-status
Tools to diagnose EMS API status.
diagnose endpoint fctems api-status
diagnose endpoint fctems api-status clear
Clear EMS API status.
diagnose endpoint fctems api-status clear <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry name in CMDB. |
string |
|
diagnose endpoint fctems get-pub-addr
Get FortiClient EMS public address.
diagnose endpoint fctems get-pub-addr <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems info
Get info from FortiClient EMS calls.
diagnose endpoint fctems info
diagnose endpoint fctems info pause
Pause getting info.
diagnose endpoint fctems info pause
diagnose endpoint fctems info pre-master-key
Pre-master Key.
diagnose endpoint fctems info pre-master-key [enable|disable]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[enable|disable] |
enable/disable |
string |
|
diagnose endpoint fctems info protocol
Protocol.
diagnose endpoint fctems info protocol [none|https|wss|all]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[none|https|wss|all] |
none/https/wss/all |
string |
|
diagnose endpoint fctems info repeat
Get/Set repetitions for each infotype.
diagnose endpoint fctems info repeat
diagnose endpoint fctems info repeat data-in
data in.
diagnose endpoint fctems info repeat data-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat data-out
data out.
diagnose endpoint fctems info repeat data-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat header-in
header in.
diagnose endpoint fctems info repeat header-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat header-out
header out.
diagnose endpoint fctems info repeat header-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat ssl-data-in
SSL data in.
diagnose endpoint fctems info repeat ssl-data-in <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat ssl-data-out
SSL data out.
diagnose endpoint fctems info repeat ssl-data-out <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info repeat textinfo
text info.
diagnose endpoint fctems info repeat textinfo <num>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<num> |
Integer in the range of [0, 255]. |
string |
|
diagnose endpoint fctems info reset
Reset fctems info.
diagnose endpoint fctems info reset
diagnose endpoint fctems info resume
Resume/Start getting info.
diagnose endpoint fctems info resume
diagnose endpoint fctems json
FortiClient EMS REST-API JSON test.
diagnose endpoint fctems json
diagnose endpoint fctems json deep-inspect-cert-sync
Print deep inspection certificate sync json.
diagnose endpoint fctems json deep-inspect-cert-sync
diagnose endpoint fctems json gateway-mac-request
Print gateway-info json.
diagnose endpoint fctems json gateway-mac-request
diagnose endpoint fctems queue-complete-calls
Add complete (un)quarantine call(s) to FCEMSD queue.
diagnose endpoint fctems queue-complete-calls <call>[,<call>[,...]]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<call>[,<call>[,...]] |
Comma separated list of calls. Run without the argument for more help. |
string |
|
diagnose endpoint fctems test-authorization
Authorization test for FortiClient EMS.
diagnose endpoint fctems test-authorization <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems test-connectivity
Connectivity test for FortiClient EMS.
diagnose endpoint fctems test-connectivity <fctems>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<fctems> |
FortiClient EMS table entry id in CMDB. |
string |
|
diagnose endpoint fctems wss-cert-skip-check
Skip WebSocketSecure server certificate check.
diagnose endpoint fctems wss-cert-skip-check [yes|no]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[yes|no] |
yes/no |
string |
|
diagnose endpoint filter
Debug filter for fcnacd.
diagnose endpoint filter
diagnose endpoint filter avatar-fingerprint
Avatar fingerprint to filter by.
diagnose endpoint filter avatar-fingerprint <avatar-fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<avatar-fingerprint> |
Avatar fingerprint. |
string |
|
diagnose endpoint filter clear
Erase the current filter.
diagnose endpoint filter clear
diagnose endpoint filter ems-sn
FortiClient EMS serial-number to filter by.
diagnose endpoint filter ems-sn <ems-sn>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ems-sn> |
EMS serial-number. |
string |
|
diagnose endpoint filter ftcl-uid
FortiClient UID to filter by.
diagnose endpoint filter ftcl-uid <ftcl-uid>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftcl-uid> |
FortiClient UID. |
string |
|
diagnose endpoint filter list
Display the current filter.
diagnose endpoint filter list
diagnose endpoint filter show-large-data
Show large data.
diagnose endpoint filter show-large-data [yes/no]
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
[yes/no] |
Yes or no. |
string |
|
diagnose endpoint lls-comm
Long-Lived Socket Communication.
diagnose endpoint lls-comm
diagnose endpoint lls-comm connect
Connect.
diagnose endpoint lls-comm connect
diagnose endpoint lls-comm disconnect
Disconnect.
diagnose endpoint lls-comm disconnect
diagnose endpoint lls-comm recv
Receive Messages.
diagnose endpoint lls-comm recv <repeat>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<repeat> |
Repeat number of receives |
string |
|
diagnose endpoint lls-comm send
Send Message.
diagnose endpoint lls-comm send
diagnose endpoint lls-comm send echo
Echo long-lived socket channel
diagnose endpoint lls-comm send echo
diagnose endpoint lls-comm send general
General long-lived socket channel
diagnose endpoint lls-comm send general
diagnose endpoint lls-comm send general get-index
Get Long-lived socket channel index.
diagnose endpoint lls-comm send general get-index
diagnose endpoint lls-comm send general register
Register to Long-lived Socket channel(s)
diagnose endpoint lls-comm send general register <channel-mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<channel-mask> |
Channel Mask in decimal, octal or hexadecimal |
string |
|
diagnose endpoint lls-comm send general unregister
Unregister from Long-lived Socket channel(s)
diagnose endpoint lls-comm send general unregister <channel-mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<channel-mask> |
Channel Mask in decimal, octal or hexadecimal |
string |
|
diagnose endpoint lls-comm send ping
Ping long-lived socket channel
diagnose endpoint lls-comm send ping
diagnose endpoint lls-comm send ping set-interval
Set interval
diagnose endpoint lls-comm send ping set-interval <interval>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<interval> |
Period in units of 1/100 seconds |
string |
|
diagnose endpoint lls-comm send ztna
ZTNA long-lived socket channel
diagnose endpoint lls-comm send ztna
diagnose endpoint lls-comm send ztna find-ip-vdom
Find by IP and VDOM
diagnose endpoint lls-comm send ztna find-ip-vdom <ip> <vdom>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ip> |
IPv4 or IPv6 address of client |
string |
|
|
<vdom> |
VDOM name |
string |
|
diagnose endpoint lls-comm send ztna find-uid
Find by FortiClient UID and EMS SN
diagnose endpoint lls-comm send ztna find-uid <ftct-uid> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftct-uid> |
Client UID |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS Tenant ID |
string |
|
diagnose endpoint lls-comm send ztna message-format
Select if wad header is sent
diagnose endpoint lls-comm send ztna message-format <index>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<index> |
0: standard 1: wad informer |
string |
|
diagnose endpoint lls-comm send ztna subscribe-all
Subscribe to all FortiClients on selected LLS bits
diagnose endpoint lls-comm send ztna subscribe-all <mask>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<mask> |
Bit mask |
string |
|
diagnose endpoint lls-comm send ztna unsubscribe-all
Unsubscribe to all FortiClients on issuing LLS
diagnose endpoint lls-comm send ztna unsubscribe-all
diagnose endpoint lls-comm send ztna unsubscribe-uid
Unsubscribe from FortiClient UID
diagnose endpoint lls-comm send ztna unsubscribe-uid <ftct-uid> <emssn> <ems-tenant-id>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ftct-uid> |
Client UID |
string |
|
|
<emssn> |
EMS Serial Number |
string |
|
|
<ems-tenant-id> |
EMS_Tenant ID |
string |
|
diagnose endpoint lls-comm status
Status.
diagnose endpoint lls-comm status
diagnose endpoint record
Endpoint records.
diagnose endpoint record
diagnose endpoint record delete
Delete endpoint records.
diagnose endpoint record delete <ipv4-address>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Source IPv4 address. |
string |
|
diagnose endpoint record list
List endpoint records.
diagnose endpoint record list <ipv4-address> <mac-address> <forticlient-uid>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<ipv4-address> |
Source IPv4 address ("any" for all IP addresses). |
string |
|
|
<mac-address> |
Source MAC address ("any" for all MAC addresses). |
string |
|
|
<forticlient-uid> |
FortiClient UID ("any" for all UID's). |
string |
|
diagnose endpoint record summary
List summary of endpoint records.
diagnose endpoint record summary
diagnose endpoint record update-by-json
Add endpoint record by JSON.
diagnose endpoint record update-by-json <uid> <ems-sn> <ems-tenant-id> <json>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<uid> |
FortiClient UID. |
string |
|
|
<ems-sn> |
FortiClient EMS serial number. |
string |
|
|
<ems-tenant-id> |
FortiClient EMS tenant ID. |
string |
|
|
<json> |
JSON string. |
string |
|
diagnose endpoint tags
Tags.
diagnose endpoint tags
diagnose endpoint tags remove-by-id
Remove Dynamic address tags by EMS ID.
diagnose endpoint tags remove-by-id <EMS-ID>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<EMS-ID> |
EMS ID. |
string |
|
diagnose endpoint tags remove-by-name
Remove specific tag by EMS ID and name.
diagnose endpoint tags remove-by-name <TAG-Name> <EMS-ID>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-Name> |
Tag name. |
string |
|
|
<EMS-ID> |
EMS ID. |
string |
|
diagnose endpoint tags remove-by-name-legacy
Remove specific tag by Serial Number and name (LEGACY).
diagnose endpoint tags remove-by-name-legacy <TAG-Name> <SN>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-Name> |
Tag name. |
string |
|
|
<SN> |
Serial Number. |
string |
|
diagnose endpoint tags remove-by-sn
Remove Dynamic address tags by Serial Number (LEGACY).
diagnose endpoint tags remove-by-sn <SN>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<SN> |
Serial Number. |
string |
|
diagnose endpoint tags test-common-tag-update
Test update tags for FortiClient EMS
diagnose endpoint tags test-common-tag-update <TAG-INFO-JSON>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<TAG-INFO-JSON> |
JSON string for commands. |
string |
|
diagnose endpoint tags test-update
Test update tags.
diagnose endpoint tags test-update <EMS-SN> <TAG-INFO-JSON> <TAG-MEMBERS-JSON>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<EMS-SN> |
FortiClient EMS Serial Number. |
string |
|
|
<TAG-INFO-JSON> |
JSON string for tag_info. |
string |
|
|
<TAG-MEMBERS-JSON> |
JSON string for tag_members. |
string |
|