Fortigate Troubleshooting Notes

on

 

Define a baseline 
  • CPU usage
  • Memory usage
  • Traffic levels

# get system status

# get system performance status

# diagnose sys top

# diagnose debug crashlog read     
! check if a demon has been crashing frequently, intrusive  for FG under performance issues.

# execute tac report                          
intrusive  for FG under performance issues.

# diagnose hardware sys conserve   
! aid in conserve mode issue

# get hardware memory

# diagnose hardware deviceinfo disk

# print tabblesize
!Per-child-table limit *  Per-VDOM limit * System-wide (global) limit * Current usage





# diag debug application ike





# diagnose test application 

diagnose test application ipsmonitor 1
diagnose test application ipsmonitor
!display or toggle IPS engine

# diag sniffer packet <interface> <Filter> <verbose> <cout> <a>
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sniffer/ta-p/194222











System Resources

Fortigate can offload and accelerate many processes in hardware

Network processors (NP6 or NP7) offload traffic doesn't not require UTM or NFDW processing
Content processors (CP8/9/10) offload some UTM and NGFW processing and cryptographic operations.




An offloaded session cannot be view using Sniffer or Debug Flow.  And by default are logged only for policy accepted traffic.
To log all offloaded sessions, must enable per-session accounting









Analyzing Memory Usage











or get hardware memory














Analyzing CPU usage






Conserve Mode

     No configuration change
     No quarantine action





  • Category numbers (common defaults in FortiOS):
    • 0: traffic 1: event 2: utm-virus 3: utm-webfilter 4: utm-ips 5: utm-emailfilter 7: utm-anomaly 8: utm-voip 9: utm-dlp 10: utm-app-ctrl 12: utm-waf 15: utm-dns 16: utm-ssh 17: utm-ssl 19: utm-file-filter 20: utm-icap 22: utm-sctp-filter 23: forti-switch 24: utm-virtual-patch 25: utm-casb 26: debug














System Crashes








# diagnose debug crashlog read









Sessions:


# get system session status
# get system session list

Session detail

# diagnose sys session filter clear
# diagnose sys session filter ...
# diagnose sys session list

# diagnose sys session clear
! clear the sessions matching the filter.































Comments

Post a Comment