Fortigate Monitoring commands

Monitoring commands:

show

• Show global or vdom config

sh system interface

• Equivalent to show run interface

diagnose hardware deviceinfo nic

• Equivalent to show interface

get system status

• show version information

sh firewall policy 6

• show firewall rule numer 6

sh router policy

• Show Policy Routing rules

diagnose system session list

• Show the excisting translations

diagnose system session clear

• Clears all xlate/translations
  

diagnose ip arp list

• Shows the arp table of connected hosts

get router info routing-table all

• Equivalent to ‘show ip route’

diagnose system top

• Show System Processes running with PIDs

diagnose system kill 9 <id>

• Kill the specific PID

diag test auth ldap <server_name> <username> <password>

• Ldap test query from the Forti to the AD

In order to see a tcp dump of information flowing through a fortigate, the diagnose sniffer command can be used from cli.   The command syntax:

diagnose sniffer packet {interface | all}  ‘net z.z.z.z/p and/or host x.x.x.x and/or port yyy’  [options]

You can narrow your search by filtering on any or the following:

net/prefix : print a whole netblock
host          : print only one host
port          : print only a specific port number
and/or      : allows additional options

The Options field at the end are as follow:
1: print header of packets
2: print header and data from ip of packets
3: print header and data from ethernet of packets (if available)
4: print header of packets with interface name
5: print header and data from ip of packets with interface name
6: print header and data from ethernet of packets (if available) with intf name

Option ‘4’ is particularly useful, in that it shows the associated interface for the directional traffic

Examples:

diagnose sniffer packet any ‘net 10.0.0.0/8 and host 172.16.16.14 and port 3389’