Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

Resources

Upgrade Path Tool
6.0.1
Download PDF
Copy Link

Troubleshooting

CLI commands are useful for troubleshooting.

Log into the FortiOS SVM using SSH or via the GUI, then use the command line widget.

You can see a detailed list of available CLI commands in the FortiOS CLI Reference.

You can see command options by entering ?.

For example,

execute nsx ?
    group       NSX Security Group Management
    instance    NSX instance management
    service     NSX service management

To show current settings, run:

config global
    execute nsx group list
    execute nsx instance list
    execute nsx status/get

Command

Description

execute nsx group list

Show list of group/clusters and VMX instances that belong to them.

execute nsx instance list

Show detailed running status of all VMX instances.

execute nsx service status/get

Show the status of NSX service and its ID.

The FortiGate-VMX SVM requires an Internet connection to validate its license and receive updates from FDN. Besides locating this status in the Web UI, you may also open the console and run the following command to see license status as well as all stats of the system:

get system status

To force a license validation from the FortiGate-VMX SVM to FDN, you can run the following command:

config global
    execute update-now

To collect logs on the FortiGate-VMX SVM, run:

config global
    diagnose debug enable/disable
    diagnose debug application <name> <level>
    diagnose debug flow trace start/stop

Command

Description

diagnose debug enable/disable

Enable/disable debugging output.

diagnose debug application <name> <level>

Start debugging the named application with the specified debug level.

diagnose debug flow trace start/stop

Start/stop packet trace debugging information for allowed/dropped traffic by rules.

For more detail, refer to https://kb.fortinet.com and search by keywords.

To check network connectivity and run ping on SVM or VMX, run the following commands:

config vdom
    edit ns/nsx/root
        execute ping &lt;host&gt;

To collecting NetX logs from SVM / VMX, run the following commands:

config vdom
    edit ns/nsx/root
        exec log filter category 1
        exec log filter category &lt;Enter&gt;
        exec log display

Command

Description

exec log filter category 1

Here "1" means event log.

exec log filter category <Enter>

Shows the list of category numbers/names.

exec log display

Display the log.

To show all rules on the specified VDOM, run the following commands:

config vdom
    edit ns/nsx/root
    show

The connection settings to NSX service, Username, password, VMX image URL, etc. can be seen in the output. (Entering the SDN config mode first and then running show will produce the same result as running show from within the global mode)

config global
    show system sdn-connector
config global
    config system sdn-connector
        edit nsx
            show/get

To exit from a mode/save and exit, run the following command:

end

Resources

Troubleshooting

CLI commands are useful for troubleshooting.

Log into the FortiOS SVM using SSH or via the GUI, then use the command line widget.

You can see a detailed list of available CLI commands in the FortiOS CLI Reference.

You can see command options by entering ?.

For example,

execute nsx ?
    group       NSX Security Group Management
    instance    NSX instance management
    service     NSX service management

To show current settings, run:

config global
    execute nsx group list
    execute nsx instance list
    execute nsx status/get

Command

Description

execute nsx group list

Show list of group/clusters and VMX instances that belong to them.

execute nsx instance list

Show detailed running status of all VMX instances.

execute nsx service status/get

Show the status of NSX service and its ID.

The FortiGate-VMX SVM requires an Internet connection to validate its license and receive updates from FDN. Besides locating this status in the Web UI, you may also open the console and run the following command to see license status as well as all stats of the system:

get system status

To force a license validation from the FortiGate-VMX SVM to FDN, you can run the following command:

config global
    execute update-now

To collect logs on the FortiGate-VMX SVM, run:

config global
    diagnose debug enable/disable
    diagnose debug application &lt;name&gt; &lt;level&gt;
    diagnose debug flow trace start/stop

Command

Description

diagnose debug enable/disable

Enable/disable debugging output.

diagnose debug application <name> <level>

Start debugging the named application with the specified debug level.

diagnose debug flow trace start/stop

Start/stop packet trace debugging information for allowed/dropped traffic by rules.

For more detail, refer to https://kb.fortinet.com and search by keywords.

To check network connectivity and run ping on SVM or VMX, run the following commands:

config vdom
    edit ns/nsx/root
        execute ping &lt;host&gt;

To collecting NetX logs from SVM / VMX, run the following commands:

config vdom
    edit ns/nsx/root
        exec log filter category 1
        exec log filter category &lt;Enter&gt;
        exec log display

Command

Description

exec log filter category 1

Here "1" means event log.

exec log filter category <Enter>

Shows the list of category numbers/names.

exec log display

Display the log.

To show all rules on the specified VDOM, run the following commands:

config vdom
    edit ns/nsx/root
    show

The connection settings to NSX service, Username, password, VMX image URL, etc. can be seen in the output. (Entering the SDN config mode first and then running show will produce the same result as running show from within the global mode)

config global
    show system sdn-connector
config global
    config system sdn-connector
        edit nsx
            show/get

To exit from a mode/save and exit, run the following command:

end