Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

Resources

Upgrade Path Tool
5.6.3
Download PDF
Copy Link

Troubleshooting

CLI commands are useful for conducting troubleshooting.

Log into the FortiGate-VMX SVM using SSH or via the GUI, then use the command line widget.

You can see a detailed list of available CLI commands in the FortiOS CLI Reference.

You can see command options by entering ?.

For example,

exec nsx ?

group NSX Security Group Management.

instance NSX instance management.

service NSX service management.

To show current settings, run:

Config global

exec nsx group list

exec nsx instance list

exec nsx status/get

The following table explains the commands above.

Command

Description

exec nsx group list

Show list of group/clusters and VMX instances that belong to them.

exec nsx instance list

Show detailed running status of all VMX instances.

exec nsx service status/get

Show the status of NSX service and its ID.

The FortiGate-VMX SVM requires an Internet connection to validate its license and receive updates from FDN. Besides locating this status in the Web UI, you may also open the console and run the following command to see license status as well as all stats of the system:

get system status

To force a license validation from the FortiGate-VMX SVM to FDN, you can run the following command:

config global

exec update-now

To collect logs on the FortiGate-VMX SVM, run:

config global

diag debug enable/disable

diag debug application <name> <level>

diag debug flow trace start/stop

The following table explains the commands above.

Command

Description

diag debug enable/disable

Enable/disable debugging output.

diag debug application <name> <level>

Start debugging the named application with the specified debug level.

diag debug flow trace start/stop

Start/stop packet trace debugging information for allowed/dropped traffic by rules.

For more detail, refer to the Fortinet Knowledge Base and search by keywords.

To check network connectivity and run ping on SVM or VMX, run the following commands:

config vdom

edit ns/nsx/root

exec ping <host>

To collecting NetX logs from SVM / VMX, run the following commands:

config vdom

edit ns/nsx/root

>exec log filter category 1

exec log filter category <Enter>

exec log display

The following table explains the commands above.

Command

Description

exec log filter category 1

Here "1" means event log.

exec log filter category <Enter>

Shows the list of category numbers/names.

exec log display

Display the log.

To show all rules on the specified VDOM, run the following commands:

config vdom

edit ns/nsx/root

show

Connection settings to NSX service. Username, password, VMX image URL, etc. can be seen. (Enter the SDN config mode first and then running show will denote the same result as running show from the global mode)

config global

show system sdn-connector

config global

config system sdn-connector

edit nsx

show/get

To exit from a mode/save and exit, run the following command:

end

Resources

Troubleshooting

CLI commands are useful for conducting troubleshooting.

Log into the FortiGate-VMX SVM using SSH or via the GUI, then use the command line widget.

You can see a detailed list of available CLI commands in the FortiOS CLI Reference.

You can see command options by entering ?.

For example,

exec nsx ?

group NSX Security Group Management.

instance NSX instance management.

service NSX service management.

To show current settings, run:

Config global

exec nsx group list

exec nsx instance list

exec nsx status/get

The following table explains the commands above.

Command

Description

exec nsx group list

Show list of group/clusters and VMX instances that belong to them.

exec nsx instance list

Show detailed running status of all VMX instances.

exec nsx service status/get

Show the status of NSX service and its ID.

The FortiGate-VMX SVM requires an Internet connection to validate its license and receive updates from FDN. Besides locating this status in the Web UI, you may also open the console and run the following command to see license status as well as all stats of the system:

get system status

To force a license validation from the FortiGate-VMX SVM to FDN, you can run the following command:

config global

exec update-now

To collect logs on the FortiGate-VMX SVM, run:

config global

diag debug enable/disable

diag debug application <name> <level>

diag debug flow trace start/stop

The following table explains the commands above.

Command

Description

diag debug enable/disable

Enable/disable debugging output.

diag debug application <name> <level>

Start debugging the named application with the specified debug level.

diag debug flow trace start/stop

Start/stop packet trace debugging information for allowed/dropped traffic by rules.

For more detail, refer to the Fortinet Knowledge Base and search by keywords.

To check network connectivity and run ping on SVM or VMX, run the following commands:

config vdom

edit ns/nsx/root

exec ping <host>

To collecting NetX logs from SVM / VMX, run the following commands:

config vdom

edit ns/nsx/root

>exec log filter category 1

exec log filter category <Enter>

exec log display

The following table explains the commands above.

Command

Description

exec log filter category 1

Here "1" means event log.

exec log filter category <Enter>

Shows the list of category numbers/names.

exec log display

Display the log.

To show all rules on the specified VDOM, run the following commands:

config vdom

edit ns/nsx/root

show

Connection settings to NSX service. Username, password, VMX image URL, etc. can be seen. (Enter the SDN config mode first and then running show will denote the same result as running show from the global mode)

config global

show system sdn-connector

config global

config system sdn-connector

edit nsx

show/get

To exit from a mode/save and exit, run the following command:

end