CheatSheet FortiOS 6.2
CheatSheet FortiOS 6.2
service <rule-id>
1
BGP VDOMs Packet sniffer
get router info bgp summary sudo global/ vdom-name diag sniffer packet [if]
diag / execute / show / get ‘[filter]’ [verbose] [count]
get router info bgp neighbors [ts]
diag ip router bgp all enable
diag ip router bgp level info FQDN Flow Trace
diagnose test application diag debug flow show iprop en
exec router clear bgp all dnsproxy 6 diag debug flow show fun en
diagnose firewall fqdn list diag debug flow trace start
OSPF [packet count]
get router info ospf status diag debug flow filter
Internet Service database (ISDB) [filter]
get router info ospf diag internet-service
interface info vdom proto port ip
get router info ospf neighbor Firewall session troubleshooting
diag internet-service info …
get router info ospf database diag sys session filter
brief / router lsa diag sys session list[expect]
diag internet-service match
get router info ospf database <vdom> <ip> <netmask> diag sys session clear
self-originate
diag sys session stat
diag ip router ospf all Traffic Shaper
enable diag firewall shaper traffic-
diag ip router ospf level diag firewall iprope clear
shaper list / stats 100004 [<id>]
info
diag firewall shaper per-ip-
exec router clear ospf shaper list / stats
process
UTM Services
Logging FortiGuard Distibution Network (FDN)
System diag log test update.fortiguard.net
Process information exec log list service.fortiguard.net
get system performance status support.fortinet.com
diag debug cli 8
diag sys top [sec] [number]
Firmware Update Signature update
diag sys top-summary [sec] diag debug rating
diag debug config-error-log
read
diag autoupdate versions
diag debug crashlog read
Factory reset diag debug appl update -1
High availability exec factoryreset exec update-now
execute ha manage [index] exec factoryreset2
[admin] IPS
get sys ha status diag ips anomaly list
diag ips packet status
diag sys ha dump-by vcluster Traffic Processing
diag sys ha reset-uptime diag test appl ipsmonitor 2
General debugging
diag sys ha checksum cluster diag test appl ipsmonitor 5
diag debug appl [appl-name]
[debug_level diag test appl ipsmonitor 99
diag sys ha checksum
show [vdom] diag test appl [appl-name] Emailfilter
[test_level]
diag sys ha checksum diag emailfilter fortishield
recalculate diag debug console timestamp servers
enable
diag debug appl hatalk -1 diag debug appl emailfilter
diag debug appl hasync -1 diag debug enable 255
diag debug disable
exec ha ignore-hardware-
revision diag debug reset
status / enable / disable
2
Webfilter
VPN Wireless, FortiExtender, Modem
diag webfilter fortiguard
statistics list IPSEC VPN Wireless Controller
diag debug appl ike 63 exec wireless-controller
diag test appl urlfilter 1 restart-acd
diag vpn ike log filter
exec wireless-controller
SIP diag vpn ike gateway list reset-wtp
diag system sip status diag vpn ike gateway flush diag wireless-controller
diagnose sys sip-proxy stats diag vpn tunnel list wlac -c ap-rogue
list
diag vpn tunnel flush
Access point (CLI commands on Access point)
get vpn ipsec tunnel details
Authentication get vpn ipsec state tunnel
cfg –a ADDR_MODE=DHCP|STATIC