Fortinet Network Troubleshooting
Fortinet NIC Details
| Command | Description | Good vs Bad Result |
|---|---|---|
get system interface | Lists interfaces and their statuses, useful for verifying BGP source interfaces. | Good: Expected interfaces are up. Bad: BGP source interface is down. |
get hardware nic <interface-name> | Provides detailed information about a specific interface, such as packet statistics. | Good: Interface is up with normal traffic. Bad: High error rates or down status. |
General Fortinet Routing
| Command | Description |
|---|---|
get router info routing-table all | Displays the entire routing table. |
get router info routing-table details | Shows detailed information about routes in the routing table. |
get router info routing-table database | Provides information from the routing table database. |
diag ip route list | Shows the current IP routing table with more details. |
Network Troubleshooting Commands
| Command | Description | Dangerous |
|---|---|---|
diag sniffer packet any 'host <IP> and port <PORT>' 4 | Captures and displays packet flow from/to the specified IP and port. | Safe |
diag debug flow show function-name enable | Enables detailed flow debugging with function names. | Safe |
diag debug flow trace start 100 | Starts a debug flow trace for the next 100 packets. | Safe |
diag debug flow filter addr <IP> | Sets a filter for debugging flows to/from a specific IP address. | Safe |
diag debug enable | Enables debug messages. | Safe |
diag debug disable | Disables debug messages. | Safe |
get system interface | Lists all interfaces with their statuses and IP addresses. | Safe |
diag hardware deviceinfo nic <interface-name> | Shows detailed information about a specific network interface. | Safe |
exec ping <IP-address> | Performs a ping test from the FortiGate unit to the specified IP address. | Safe |
exec traceroute <IP-address> | Performs a traceroute from the FortiGate unit to the specified IP address. | Safe |
get hardware nic <interface-name> | Displays statistics for a specific interface, including RX/TX packets and errors. | Safe |
diag netlink interface list | Lists all interfaces with detailed netlink information. | Safe |
diag sys top | Displays system processes and resource usage, helpful for identifying high CPU or memory usage impacting networking. | Safe |
get system arp | Displays the ARP table, showing mappings of IP addresses to MAC addresses. | Safe |
get router info mpls | Check MPLS status and configurations. | Safe |
Dangerous Fortinet Network Commands
| Command | Description | Dangerous |
|---|---|---|
config system interface | Enters interface configuration mode. | Dangerous |
edit <interface-name> | Selects an interface to configure. | Dangerous |
set ip <IP-address> | (Under interface config) Sets the IP address for the interface. | Dangerous |
set allowaccess ping http https ssh telnet | (Under interface config) Configures the management access allowed on the interface. | Dangerous |
set status up | (Under interface config) Enables the interface. | Dangerous |
set status down | (Under interface config) Disables the interface. | Dangerous |
Fortinet BGP/Routing Show Commands
| Command | Description | Good vs Bad Result |
|---|---|---|
show router bgp | Displays the current BGP configuration. | |
config router bgp | Enters the BGP configuration mode. | |
get router info bgp summary | Displays a summary of BGP sessions, including state, number of prefixes received, and uptime. | Good: State is “Established” with expected number of prefixes. Bad: State is not “Established”. |
get router info bgp networks | Lists networks advertised by the BGP router. | Good: Expected networks are listed. Bad: Missing networks or unexpected networks are present. |
get router info bgp routes | Displays BGP routes in the routing table, showing paths, next hops, and metrics. | Good: Routes and next hops are as expected. Bad: Missing routes or incorrect next hops. |
get router info bgp neighbors | Shows detailed information about BGP neighbors/peers, including their AS numbers and session state. | Good: State is “Established”. Bad: Frequent state changes or non-established state. |
get router info bgp neighbors <neighbor-ip> advertised-routes | Lists the routes being advertised to a specific BGP neighbor. | |
get router info bgp neighbors <neighbor-ip> received-routes | Lists the routes received from a specific BGP neighbor. | |
diag ip bgp neighbors <peer-ip> advertised-routes | Shows routes advertised to a specific BGP neighbor. | Good: Advertises correct routes to neighbor. Bad: Missing routes or advertising unexpected routes. |
diag ip bgp neighbors <peer-ip> received-routes | Shows routes received from a specific BGP neighbor. | Good: Receives expected routes from neighbor. Bad: Missing expected routes or receiving incorrect routes. |
diag ip bgp neighbors <peer-ip> | Provides detailed diagnostics for a specific BGP neighbor. | Good: Stable connection with neighbor. Bad: Errors or unstable connection indicators. |
Fortinet BGP/Routing Set Commands
| Command | Description |
|---|---|
set network | (Under BGP config) Specifies a network to advertise via BGP. |
set neighbor | (Under BGP config) Configures a BGP neighbor. |