Fortigate Tips and Tricks

Fortigate Tips and Tricks

This article presents some useful commands/tricks that you can do to your Fortigate.

 

Debug Addresses:
Many times it happens that we have a lot of firewall policies for one address defined in our address Pool.
Let’s take an example:
We have “WWW_Server” defined with the IP of 172.18.1.10. To see what policies are using this Address we can use the following:

#diag sys checkused firewall.address:name ‘WWW_Server’
[singlepic id=8 w=320 h=240 float=]

From the output you clearly see that the policy that is using this address is policy "14"

In case our address is in an address group, we can find out where that address group is used by executing the following commands:

#diag sys checkused firewall.addgrp:name ‘Server_Groups’

 

The firewall from Fortinet has also sniffing capabilities(take that Wireshark ūüėÄ ):

#diag debug packet Interface_Name ‘host IP_Host’ 3 test

If we would like to sniff all the interfaces on port 67 or 68 UDP we can try the following.

#diag sniff packet any ‘udp port 67 or udp port 68’ 6

To stop the sniffing issue CTRL+C. Do not use twice or your putty session will die ūüėČ

 

 

Fortigate CPU or Memory at 100% 

From time to time we discover bugs, or the CPU/Memory goes to 100% usage. Then we are left with a reboot and if that does not fix it we need to check what process is using all the memory.

To do this we can use the following:

#diag debug en

#get sys status

#get sys perf status

#diag sys top 1 100

-> let it run for 10-15 seconds and then stop it by pressing “Q”.

#diag hard sys mem

[singlepic id=9 w=320 h=240 float=]

Let’s say we found out that the process “authd” is using 100% of the process. To reboot it we can use the following:

#diag sys kill 11 proccess_id

In our case we will perform the following command:

#diag sys kill 11 51

This command will re-spawn the authd process.
Some other Signal_IDs:
9 ca SIGKILL
15 ca SIGTERM

 

 

Problems with Authentication?

To test the authentication we can use the following commands:

#diag test auth <type> <server_name> <chap | pap | mschap | mschap2> <username> <pwd>

Lets say we want to test an users’ LDAP username and PASSWORD we will test with the following:

#diag test authserver ldap server <server_name> <username> <pwd>

If the authentication is succesful then that means that we are good to go! The problem is somewhere else.

 

 

BASIC COMMANDS
To show the ARP table:

#diag ip arp list

To show the routing table:

#diag ip route list

To check the NIC status on the Fortigate:

#diag hard dev nic port

PPPoE:

#diag debug en
#diag debug app ppp 3

 

Hope this helps!
Happy firewalling and please comment if you have any questions. Thanks!

13 Responses to “ “Fortigate Tips and Tricks”

  1. Luis says:

    Very useful tip! Thank you for sharing.

  2. kumar says:

    very nice and use full

  3. shyam meena says:

    last 1 year working in fortigate very good working

  4. I was looking for this certain info for a long time. Thank you and good luck.

  5. 720p says:

    Highly energetic post, I liked that bit. Will there be a part
    2?

  6. My spouse and i point out in case you’re looking for an excellent attorney at law within Miami, your Aronfeld corporation will be where by I would start. Really feel free to check around, but this option did any hammer upwards employment for individuals – they determine what they are doing.

  7. Keli Klint says:

    There are so many dumb rules that apply to the region lock, HMA allows you to get rid of that BS. Try it out and you’ll be hooked.

  8. Kate Moss Longchamps Longchamp Prix BmiTj Come ostriche e formaggio blu e cioccolato.
    Di tanto in tanto, mi marinare il pollo in Guinness e incollo e grill.

    Location Ski Saint Francois Longchamp Pliage Longchamps MnxWS Stivali da pioggia per uomini e
    donne, con un aumento del 120 per cento, con abiti per bambini fino a 70 per cento.
    Per l’abbigliamento, le vendite di jeggings 103 per cento, per
    lo pi√Ļ donne di et√† compresa tra i 12 ei 29 anni.
    Longchamps.Fr Collection Sacs Longchamp xGUpv Triss Budoff di Houston ha speso
    circa 1.000 dollari su 25 borse Rafe che erano il bersaglio per un tempo limitato.
    Ma non Budoff borse. Sac A Main Longchamp Pas Cher Magasin Sac Longchamp gomWo Quando ha finito una gara ai Campionati
    Nazionali del Sud Africa lo scorso anno, ha rapidamente scomparve
    in una zona appartata della pista di scambiare le loro foglie per gamba artificiale, completa di scarpe da ginnastica sponsorizzate
    come suo agente detenute per lui. Era la sua solita routine di post gara.
    Sacs Longchamp Pliage Longchamps Pliable kIsuZ
    Sabato 26 giugno, pag Maine Fiberarts a Topsham. Sabato e
    Domenica 5 6 giugno, pag Windsor messeomrde.

    Sac Planete Longchamp Station Saint Francois Longchamp BclAz
    Risparmia il 20 per cento (fino a 9 dollari in risparmio) sulla pulizia e il condizionamento di un file cappotto del 25 per cento (fino a 22,50 dollari nel risparmio), e il 30
    per cento su tre elementi (fino a 40 dollari di risparmio).

    SPR ADO lavaggio a secco quando l’utente indossa la pelle e
    per l’estate impegnati in attivit√† di riduzione del f 30.
    kate Moss longchamps Longchamp Prix LkDZI ‘Guai giocato un sacco di partite sulla terra in relazione a me, ha detto Federer.
    Sapeva che sarebbe stato difficile per me mantenere un certo
    livello di gioco e una certa aggressività
    e preso forse in scambi lunghi, forse sta cercando. Sac Cuir Longchamp Prix Sac A
    Main Longchamp DPdiE Caduto, però, la metà di loro piano e suonava
    goffamente cuciti insieme. S ‘picco √® stato Brit melodico e rocciosa per un pazzo, hanno salvato per la fine del
    set 80 minuti prima della chiusura o lasciare essa, [imprecazione] bella, con edifici,
    la luna, dice Casablancas dopo tornare fuori
    per un bis.

  9. This site was… how do you say it? Relevant!! Finally I have
    found something which helped me. Kudos!

  10. I always used to study post in news papers but now as I am a user of web thus
    from now I am using net for content, thanks to web.

  11. Toss-The-Key says:

    I have been looking around for a way too better protect my self, and I am
    confident that I have finally found the key. It was delivered in the {form|shape|build| of a {good|great|awesome|great|amazing|uncanny|large|small}
    safe for {my house|home|my family}. I am {very|really}
    {excited|estactic|hyped|fired up|wide eyed} about
    finally being able to {lock|bolt|tie|rope} down my {valuables|belongings} and keep anyone and everyone out.
    You {should|should probably|definitely|without
    a doubt|should not hesitate to} all check
    it out and make the {investment|buy}. {It’s|It is|
    It can be|It will be} a life saver!

  12. fred says:

    It’s perfect time to make a few plans for the longer term and it
    is time to be happy. I’ve learn this put up and if I may I wish to
    counsel you few attention-grabbing things or suggestions.

    Perhaps you could write next articles referring to this article.
    I want to read even more issues about it!

  13. They support your web in marketing your site to potential customers.
    Ensure that the headings on your page relate directly to
    the images and text content of your page. If you think that you have
    to spend a lot of money for making these page flipping publications,
    then you are not right. Copyright (c) 2013 Justas Kanskis –
    Article Source: more secrets on SEO, internet marketing, online
    business and how to dominate google, bing, yahoo, youtube,
    please click here and if you are looking for most powerful backlinking tool in 2013 then click here
    today. The Content should be relevant and updated on a regular basis to generate
    traffic to your site. * Budget РUsually do not hire the extremely very first business that you encounter throughout your search.

Leave a Reply

Your email address will not be published. Required fields are marked *