Fortigate

# Checar atualizações no FortiGuard

get system fortiguard-services status

diagnose autoupdate <status | version>

# Forçar comunicação com FortiGuard

execute update-now

# verificar warning depois de upgrade

diagnose debug config-error-log read

# Ativar timestamp e filtro, iniciar o trace e debug

diagnose debug console timestamp enable

diagnose debug flow filter saddr <ip_origem>

diagnose debug flow filter daddr <ip_destino>

diagnose debug flow filter proto <numero_protocolo_transporte>

diagnose debug flow filter port <numero_porta_destino>

diagnose debug flow trace start <qtd_filtrada_1_a_999>

diagnose debug enable

# Desativar filtro e parar debug após uso

# Parar trace, limpar filtro e desabilitar o Debug

diagnose debug flow trace stop

diagnose debug flow filter clear

diagnose debug reset

diagnose debug disable

# Limpar as sessões de uma política filtrada

diagnose sys session filter clear

diagnose sys session filter policy <numero_da_regra>

diagnose sys session clear

# Verificar trafego

diag sniff pack any 'host <ip_do_host> and <protocolo_exemplo_icmp>' 4

# Testar acesso aos Serviços Fortiguard

exec ping service.fortiguard.net

exec ping update.fortiguard.net

exec ping guard.fortinet.net

#

diagnose debug application update -1

diagnose debug enable

execute update-now

# trabalhando com sessões

 show system session-helper

diagnose sys session <stat | list | filter | clear>

get system session <status|list>

show system <session-helper|session-ttl>

show full-configuration system global | grep timer

diagnose firewall ippool-all <list [ip_pool_name] | stats]

# Captura 10 pacotes de qualquer interface filtrado pelo protocolo ICMP e host 10.0.1.10, con nível de verbose 4 (print header of packets with interface name)

 diagnose sniffer packet any "icmp and host 10.0.1.10" 4 10

# Checando endereço IP

diagnose ip address list

show system interface ?

get system interface physical

show firewall vip

# Rotas ativas

get router info routing-table <all | ospf | static | connected | rip | isis | bgp >

# Todas as Rotas na base de dados (ativas aparecem com sinal *>

get router info routing-table database

# Policy Route

diagnose firewall proute list

# LDAP Authentication

diagnose test authserver ldap <obj_ldap_name> <user> <password>

# Logging and Monitoring

diagnose sys logdisk <status|usage|quota>

diagnose test application miglogd 6

diagnose log kernel-stats

diagnose log test

execute log filter ....

execute log display

# Checar comunicação com Fortiguard e status do Webfilter

diagnose debug rating

get webfilter status

# Estatísticas Fortiguard e Webfilter

diagnose webfilter fortiguard statistics list

#Atualizar base através do Fortiguard

• checar se Fortigate é capaz de resolver update.fortiguard.net (porta 443)

• execute update-now

#Checar versão de assinaturas

diagnose autoupdate status

diagnose autoupdate version

#Real time update debug

diagnose debug application update -1

diagnose deb unable

execute update-av

# mostra estatística de vírus no último minuto

get system performance status

#mostra informações da base de dados atual do antivírus

diagnose antivirus database-info

#Mostra versão atual do antivirus e assinaturas

diagnose autoupdate versions

#Mostra o tempo de scan em arquivos infectados

diagnome antivirus test "get scantime"

#Força checagem de atualização do antivirus

execute update-av

#SSL VPN

diagnose debug enable

diagnose vpn ssl <list | info | statistics | debug-filter | hw-acceleration-status>

diagnose debug application sslvpn -1

# para visualizar o status da aceleração por hardware

get vpn status ssl hw-acceleration-status

# para visualizar os usuários autenticados, seus grupos e IPs

get vpn ssl monitor

# Checar a saúde do link SD-WAN

diagnose sys virtual-wan-link health-check

# Executar comandos globais e por VDOM de qualquer contexto

sudo <global | vdom-name> <diagnose | execute | show | get>

# VPN Phase 1 Status

get vpn ike gateway <nomeTunel>

# Checar IPsec VPN hardware acceleration

diagnose vpn tunnel list

# Real time debug VPN (phase 1 e 2)

diagnose vpn ike log filter dst-addr <remote_peer_IP>

diagnose debug application ike -1

diagnose debug enable

.....

diagnose debug reset

diagnose debug disable

# Checar usuários FSSO logados

diagnose firewall auth < list | filter | clear...>

diagnose debug authd fsso <filter | list | regresh-groups | summary | clear-logons | refresh-logons | server-status>

diagnose debug authd fsso list

execute fsso refresh

# Checar conectividade entre collector agent e Fortigate

diagnose debug enable

diagnose debug authd fsso server-status

# Polling Mode

# Status do polls do Fortigate para o DC

diagnose debug fsso-polling detail

#Active FSSO users

diagnose debug fsso-polling refresh-user

#Sniff polls

diagnose sniffer packet any ‘host ipAddress and tcp port 445’

diagnose debug application fssod -1

#HA

get system ha status

diagnose sys ha status

diagnose sys ha checksum < cluster | show | recalculate >

get system ha status

execute ha manage ?

execute ha manage <HA_device_index>

Reset uptime

diag sys ha reset-uptime

diagnose debug enable

diagnose debug application hatalk 0

diagnose debug application hatalk 255

,....

diagnose debug application hatalk 0

diagnose debug disable

# Diagnostics

get system status

get hardware nic <interface_name>

get system arp

execute ping-options

execute ping [ipv4_address | host_fqdn]

execute traceroute [ipv4_address | host_fqdn]

 get system performance status

diagnose sys top 1

diagnose hardware sysinfo conserve

diagnose debug crashlog history

diagnose debug crashlog read

https://docs.fortinet.com/document/fortigate/7.4.0/fortios-log-message-reference/2/2-log-id-traffic-allow