Fortigate

# Checar atualizações no FortiGuard

get system fortiguard-services status

diagnose autoupdate <status | version>

# Forçar comunicação com FortiGuard

execute update-now


# verificar warning depois de upgrade

diagnose debug config-error-log read


# Ativar timestamp e filtro, iniciar o trace e debug

diagnose debug console timestamp enable

diagnose debug flow filter saddr <ip_origem>

diagnose debug flow filter daddr <ip_destino>

diagnose debug flow filter proto <numero_protocolo_transporte>

diagnose debug flow filter port <numero_porta_destino>

diagnose debug flow trace start <qtd_filtrada_1_a_999>

diagnose debug enable

# Desativar filtro e parar debug após uso


# Parar trace, limpar filtro e desabilitar o Debug

diagnose debug flow trace stop

diagnose debug flow filter clear

diagnose debug reset

diagnose debug disable


# Limpar as sessões de uma política filtrada

diagnose sys session filter clear

diagnose sys session filter policy <numero_da_regra>

diagnose sys session clear


# Verificar trafego

diag sniff pack any 'host <ip_do_host> and <protocolo_exemplo_icmp>' 4


# Testar acesso aos Serviços Fortiguard

exec ping service.fortiguard.net

exec ping update.fortiguard.net

exec ping guard.fortinet.net


#

diagnose debug application update -1

diagnose debug enable

execute update-now


# trabalhando com sessões

 show system session-helper

diagnose sys session <stat | list | filter | clear>

get system session <status|list>

show system <session-helper|session-ttl>

show full-configuration system global | grep timer

diagnose firewall ippool-all <list [ip_pool_name] | stats]


# Captura 10 pacotes de qualquer interface filtrado pelo protocolo ICMP e host 10.0.1.10, con nível de verbose 4 (print header of packets with interface name)

 diagnose sniffer packet any "icmp and host 10.0.1.10" 4 10


# Checando endereço IP

diagnose ip address list

show system interface ?

get system interface physical

show firewall vip


# Rotas ativas

get router info routing-table <all | ospf | static | connected | rip | isis | bgp >

# Todas as Rotas na base de dados (ativas aparecem com sinal *>

get router info routing-table database

# Policy Route

diagnose firewall proute list


# LDAP Authentication

diagnose test authserver ldap <obj_ldap_name> <user> <password>


# Logging and Monitoring

diagnose sys logdisk <status|usage|quota>

diagnose test application miglogd 6

diagnose log kernel-stats

diagnose log test

execute log filter ....

execute log display


# Checar comunicação com Fortiguard e status do Webfilter

diagnose debug rating

get webfilter status


# Estatísticas Fortiguard e Webfilter

diagnose webfilter fortiguard statistics list


#Atualizar base através do Fortiguard

#Checar versão de assinaturas

diagnose autoupdate status

diagnose autoupdate version


#Real time update debug

diagnose debug application update -1

diagnose deb unable

execute update-av


# mostra estatística de vírus no último minuto

get system performance status


#mostra informações da base de dados atual do antivírus

diagnose antivirus database-info


#Mostra versão atual do antivirus e assinaturas

diagnose autoupdate versions


#Mostra o tempo de scan em arquivos infectados

diagnome antivirus test "get scantime"


#Força checagem de atualização do antivirus

execute update-av


#SSL VPN

diagnose debug enable

diagnose vpn ssl <list | info | statistics | debug-filter | hw-acceleration-status>

diagnose debug application sslvpn -1

# para visualizar o status da aceleração por hardware

get vpn status ssl hw-acceleration-status

# para visualizar os usuários autenticados, seus grupos e IPs

get vpn ssl monitor


# Checar a saúde do link SD-WAN

diagnose sys virtual-wan-link health-check


# Executar comandos globais e por VDOM de qualquer contexto

sudo <global | vdom-name> <diagnose | execute | show | get>


# VPN Phase 1 Status

get vpn ike gateway <nomeTunel>


# Checar IPsec VPN hardware acceleration

diagnose vpn tunnel list

# Real time debug VPN (phase 1 e 2)

diagnose vpn ike log filter dst-addr <remote_peer_IP>

diagnose debug application ike -1

diagnose debug enable

.....

diagnose debug reset

diagnose debug disable


# Checar usuários FSSO logados

diagnose firewall auth < list | filter | clear...>

diagnose debug authd fsso <filter | list | regresh-groups | summary | clear-logons | refresh-logons | server-status>

diagnose debug authd fsso list

execute fsso refresh


# Checar conectividade entre collector agent e Fortigate

diagnose debug enable

diagnose debug authd fsso server-status


# Polling Mode

# Status do polls do Fortigate para o DC

diagnose debug fsso-polling detail

#Active FSSO users

diagnose debug fsso-polling refresh-user

#Sniff polls

diagnose sniffer packet any ‘host ipAddress and tcp port 445’

diagnose debug application fssod -1


#HA

get system ha status

diagnose sys ha status

diagnose sys ha checksum < cluster | show | recalculate >

get system ha status

execute ha manage ?

execute ha manage <HA_device_index>

Reset uptime

diag sys ha reset-uptime


diagnose debug enable

diagnose debug application hatalk 0

diagnose debug application hatalk 255

,....

diagnose debug application hatalk 0

diagnose debug disable


# Diagnostics

get system status

get hardware nic <interface_name>

get system arp

execute ping-options

execute ping [ipv4_address | host_fqdn]

execute traceroute [ipv4_address | host_fqdn]

 get system performance status

diagnose sys top 1

diagnose hardware sysinfo conserve

diagnose debug crashlog history

diagnose debug crashlog read


https://docs.fortinet.com/document/fortigate/7.4.0/fortios-log-message-reference/2/2-log-id-traffic-allow