Basic Fortigate Health Check – CLI Command

I. Check System Status

get system status

Use this command to display system status information including:

  • Firmware version, build number and date
  • License and registration status
  • Serial number
  • WAF database version
  • IP Reputation database version
  • Log disk availability
  • Hostname
  • Current HA mode
  • Uptime
  • System time

IGS-FW-FG100D # get system status
Version: FortiGate-100D v6.0.0,build0076,180329 (GA)
Virus-DB: 76.00258(2020-03-26 22:19)
Extended DB: 76.00258(2020-03-26 22:19)
IPS-DB: 15.00770(2020-02-04 02:44)
IPS-ETDB: 15.00770(2020-02-04 02:44)
APP-DB: 15.00770(2020-02-04 02:44)
INDUSTRIAL-DB: 13.00407(2018-07-06 01:54)
Serial-Number: FG100D3G14815591
IPS Malicious URL Database: 2.00594(2020-03-26 04:32)
Botnet DB: 4.00628(2020-01-27 18:36)
BIOS version: 05000004
System Part-Number: P11510-04
Log hard disk: Not available
Hostname: IGS-FW-FG100D
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 0076
Release Version Information: GA
FortiOS x86-64: Yes
System time: Wed May 13 14:22:59 2020

II. Display Fortigate Hardware info

get hardware status

  • Display forigate hardware info – FortiASIC version, CPU type, amount of memory, flash drive size, hard disk size (if present), USB flash size (if present), network card chipset, and WiFi chipset (FortiWifi models).

IGS-FW-FG100D # get hardware status
Model name: FortiGate-100D
ASIC version: CP8
ASIC SRAM: 64M
CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz
Number of CPUs: 4
RAM: 3955 MB
Compact Flash: 15331 MB /dev/sda
Hard disk: not available
USB Flash: not available
Network Card chipset: Fortinet 100D Ethernet Driver (rev.)

III. Display information about all of the CPUs in your FortiGate unit.

get hardware cpu

IGS-FW-FG100D # get hardware cpu
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 28
model name : Intel(R) Atom(TM) CPU D525 @ 1.80GHz
stepping : 10
microcode : 0x107
cpu MHz : 1799.809
cache size : 512 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips : 3599.61
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 28
model name : Intel(R) Atom(TM) CPU D525 @ 1.80GHz
stepping : 10
microcode : 0x107
cpu MHz : 1799.809
cache size : 512 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips : 3600.03
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 28
model name : Intel(R) Atom(TM) CPU D525 @ 1.80GHz
stepping : 10
microcode : 0x107
cpu MHz : 1799.809
cache size : 512 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 2
apicid : 2
initial apicid : 2
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips : 3600.09
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 28
model name : Intel(R) Atom(TM) CPU D525 @ 1.80GHz
stepping : 10
microcode : 0x107
cpu MHz : 1799.809
cache size : 512 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 2
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips : 3600.09
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

IV. Display information about FortiGate unit memory use including the total, used, and free memory.

get hardware memory

IGS-FW-FG100D # get hardware memory
MemTotal: 4050332 kB
MemFree: 2474840 kB
Buffers: 4952 kB
Cached: 316604 kB
SwapCached: 0 kB
Active: 1064652 kB
Inactive: 135624 kB
Active(anon): 957080 kB
Inactive(anon): 51736 kB
Active(file): 107572 kB
Inactive(file): 83888 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 878720 kB
Mapped: 142740 kB
Shmem: 130096 kB
Slab: 74924 kB
SReclaimable: 13524 kB
SUnreclaim: 61400 kB
KernelStack: 2224 kB
PageTables: 26796 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 2025164 kB
Committed_AS: 26704352 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 72032 kB
VmallocChunk: 34359664260 kB
DirectMap4k: 6144 kB
DirectMap2M: 4188160 kB

V. Show network interface info

show system interface

IGS-FW-FG100D # show sys interface
config system interface
edit “wan1”
set vdom “root”
set allowaccess ping https http
set type physical
set role wan
set snmp-index 1
next
edit “dmz”
set vdom “root”
set ip 10.10.10.1 255.255.255.0
set allowaccess ping https http
set status down
set type physical
set role dmz
set snmp-index 2
next
edit “modem”
set vdom “root”
set mode pppoe
set type physical
set snmp-index 3
next
edit “ssl.root”
set vdom “root”
set type tunnel
set alias “SSL VPN interface”
set snmp-index 4
next
edit “wan2”
set vdom “root”
set mode pppoe
set allowaccess ping
set type physical
set alias “TIME 100Mbps”
set role wan
set snmp-index 5
set username “techkaki@timebb”
set password ENC CiyCGI7S26LRV5ApfdvRAE/REpUxL3DdrnxsrbGMrGO4Ti0WNxDkSITY/wtwXknv0grw==
next
edit “mgmt”
set vdom “root”
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 6
next
edit “ha1”
set vdom “root”
set type physical
set snmp-index 7
next
edit “ha2”
set vdom “root”
set type physical
set snmp-index 8
next
edit “port16”
set vdom “root”
set type physical
set alias “Switch Uplink”
set snmp-index 10
next
edit “lan”
set vdom “root”
set ip 192.168.200.254 255.255.255.0
set allowaccess ping https
set type hard-switch
set stp enable
set device-identification enable
set role lan
set snmp-index 9
next
edit “Maxis”
set vdom “root”
set mode pppoe
set allowaccess ping https
set alias “32Mbps”
set role wan
set snmp-index 12
set username “110794@sme.maxis.com.my”
set password ENC jMO5rfD7ruOQ25ug/Z4VrsPieJnE+Jt/JrkUv4ytWIG3j1SxAhv3aXMYpeC4FUPxGQUhfYdZIYQrQ==
set interface “wan1”
set vlanid 621
next
edit “Server Farm”
set vdom “root”
set ip 192.168.2.1 255.255.255.0
set allowaccess ping https ssh snmp http
set device-identification enable
set role lan
set snmp-index 13
set interface “port16”
set vlanid 2
next
edit “IGS Segment”
set vdom “root”
set ip 192.168.100.254 255.255.254.0
set allowaccess ping https http fgfm capwap
set device-identification enable
set role lan
set snmp-index 14
set interface “port16”
set vlanid 100
next
edit “IGS to Z3”
set vdom “root”
set type tunnel
set snmp-index 11
set interface “wan2”
next
edit “IGS to Z1”
set vdom “root”
set type tunnel
set snmp-index 16
set interface “wan2”
next
edit “Support Segment”
set vdom “root”
set ip 192.168.3.254 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 17
set interface “port16”
set vlanid 3
next
edit “IGS to Z1 RES”
set vdom “root”
set type tunnel
set snmp-index 18
set interface “Maxis”
next
edit “Guest-Wifi”
set vdom “root”
set ip 192.168.120.1 255.255.254.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 19
set interface “port16”
set vlanid 120
next
edit “To DemoZ1”
set vdom “root”
set type tunnel
set snmp-index 20
set interface “Maxis”
next
edit “IGS-Z3ZeusMgmt”
set vdom “root”
set type tunnel
set snmp-index 21
set interface “wan2”
next
edit “IGS-Z1ZeusMgmt”
set vdom “root”
set type tunnel
set snmp-index 22
set interface “wan2”
next
edit “To Demo Z3”
set vdom “root”
set type tunnel
set snmp-index 23
set interface “Maxis”
next
edit “CIMB_Streteq”
set vdom “root”
set type tunnel
set snmp-index 24
set interface “Maxis”
next
edit “AVM Segment”
set vdom “root”
set ip 192.168.110.254 255.255.255.0
set allowaccess ping
set alias “AVM Office Segment”
set device-identification enable
set role lan
set snmp-index 15
set interface “port16”
set vlanid 110
next
edit “port15”
set vdom “root”
set type physical
set snmp-index 25
next
edit “PKS_Lab”
set vdom “root”
set ip 10.228.97.1 255.255.255.0
set allowaccess ping snmp
set device-identification enable
set role lan
set snmp-index 26
set interface “port15”
set vlanid 3889
next
end

VI. Display specific physical NIC Port details

get hardware nic <portnumber>

IGS-FW-FG100D # get hardware nic port15
Description Fortinet 100D Ethernet Driver
System_Device_Name port15
Current_HWaddr 08:5b:0e:83:95:1e
Permanent_HWaddr 08:5b:0e:83:95:1e
State up
Link up
PHY Link up
Speed 1000
Duplex full
port: 18
def vid 4077
cur_vid 4077
netdev_running 1
stp: 3
mac_bypass 0
pci_rx 0
Rx_Packets 66642089
Tx_Packets 65895787
Rx_Bytes 11738677030
Tx_Bytes 67912778803

VII. Check interface statistic and error

fnsysctl ifconfig <nic name>

IGS-FW-FG100D # fnsysctl ifconfig port15
port15 Link encap:Ethernet HWaddr 08:5B:0E:83:95:1E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66647818 errors:0 dropped:0 overruns:0 frame:0
TX packets:65900876 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11739291687 (10.9 GB) TX bytes:67917695310 (63.3 GB)

IGS-FW-FG100D # fnsysctl ifconfig Maxis
Maxis Link encap:Ethernet HWaddr 08:5B:0E:83:95:0A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1889466783 errors:0 dropped:0 overruns:0 frame:0
TX packets:1727716279 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1038579327826 (967.3 GB) TX bytes:808203529909 (752.7 GB)

IGS-FW-FG100D # fnsysctl ifconfig ‘Server Farm’
Server Farm Link encap:Ethernet HWaddr 08:5B:0E:83:95:1F
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4852682251 errors:0 dropped:0 overruns:0 frame:0
TX packets:5498991479 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3815233061800 (3553.2 GB) TX bytes:4848826392469 (4515.8 GB)

VIII. Show status of the FortiGuard service including the name, version late update, method used for the last update and when the update expires.

get system fortiguard-service status

IGS-FW-FG100D # get sys fortiguard-service status
NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 6.006 2018-03-13 16:39:00 manual 2016-05-29 08:00:00
Virus Definitions 76.258 2020-03-27 14:51:34 push 2016-05-29 08:00:00
Extended set 76.258 2020-03-27 14:51:34 push 2016-05-29 08:00:00
Flow-based Virus Definitions 1.000 2018-01-31 17:02:00 manual 2016-05-29 08:00:00
Attack Definitions 15.770 2020-02-05 12:54:50 manual 2016-05-29 08:00:00
Attack Extended Definitions 15.770 2020-02-05 12:54:50 manual 2016-05-29 08:00:00
IPS Malicious URL Database 2.594 2020-03-27 14:51:34 push 2016-05-29 08:00:00
Botnet Definitions 4.628 2020-02-05 12:55:54 manual 2016-05-29 08:00:00
IPS/FlowAV Engine 4.012 2018-03-23 22:55:00 manual 2016-05-29 08:00:00
Application Definitions 15.770 2020-02-05 12:54:08 manual 2016-05-29 08:00:00
Industrial Attack Definitions 13.407 2018-07-06 01:54:00 manual n/a

IX. Check NTP status

diagnose system ntp status

IGS-FW-FG100D # diagnose sys ntp status
synchronized: yes, ntpsync: enabled, server-mode: disabled

ipv4 server(ntp2.fortiguard.com) 208.91.113.71 — reachable(0x9f) S:2 T:2
server-version=4, stratum=2
reference time is e26631ac.56b3ff39 — UTC Wed May 13 08:43:24 2020
clock offset is -0.005117 sec, root delay is 0.000107 sec
root dispersion is 0.011658 sec, peer dispersion is 118 msec

ipv4 server(ntp1.fortiguard.com) 208.91.114.98 — reachable(0xff) S:3 T:11 selected
server-version=4, stratum=2
reference time is e26631b8.b33eabd2 — UTC Wed May 13 08:43:36 2020
clock offset is -0.004009 sec, root delay is 0.000137 sec
root dispersion is 0.011490 sec, peer dispersion is 109 msec

ipv4 server(ntp2.fortiguard.com) 208.91.114.23 — reachable(0xff) S:3 T:5
server-version=4, stratum=2
reference time is e2663057.ead91086 — UTC Wed May 13 08:37:43 2020
clock offset is -0.011972 sec, root delay is 0.000275 sec
root dispersion is 0.033829 sec, peer dispersion is 128 msec

ipv4 server(ntp1.fortiguard.com) 208.91.113.70 — reachable(0xe4) S:0 T:0
server-version=4, stratum=2
reference time is e2663174.93485a45 — UTC Wed May 13 08:42:28 2020
clock offset is -0.021151 sec, root delay is 0.000168 sec
root dispersion is 0.011978 sec, peer dispersion is 531 msec

X. Display FortiGate CPU usage, memory usage, network usage, sessions, virus, IPS attacks, and system up time.

IGS-FW-FG100D # get system performance status
CPU states: 8% user 2% system 0% nice 88% idle 0% iowait 0% irq 2% softirq
CPU0 states: 11% user 3% system 0% nice 79% idle 0% iowait 0% irq 7% softirq
CPU1 states: 18% user 5% system 0% nice 77% idle 0% iowait 0% irq 0% softirq
CPU2 states: 4% user 2% system 0% nice 94% idle 0% iowait 0% irq 0% softirq
CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 4050332k total, 1418948k used (35%), 2478216k free (61%), 153168k freeable (3%)
Average network usage: 52342 / 52112 kbps in 1 minute, 28349 / 27802 kbps in 10 minutes, 22868 / 22544 kbps in 30 minutes
Average sessions: 5887 sessions in 1 minute, 6723 sessions in 10 minutes, 6209 sessions in 30 minutes
Average session setup rate: 36 sessions per second in last 1 minute, 39 sessions per second in last 10 minutes, 39 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 82 days, 16 hours, 21 minutes

First line show CPU currently 2% used by system process and the CPU is 88% idle, mean the firewall is not overloaded.

If your CPU sates like following example, means the CPU is overloaded.

CPU states: 2% user 96% system 0% nice 2% idle 0% iowait 0% irq 2% softirq

If memory is more than 80%, means the Fortigate unit might overloaded or memory leak in some process/kernel or there is a lot of cached memory.

Memory: 4050332k total, 1418948k used (35%), 2478216k free (61%), 153168k freeable (3%)

XI. Dislay information about FortiGate session table

IGS-FW-FG100D # get system session-info full-stat
session table: table_size=1048576 max_depth=2 used=3211
misc info: session_count=1234 exp_count=15 clash=1 memory_tension_drop=0 ephemeral=0/327680 removeable=0
delete=7, flush=0, dev_down=0/0
TCP sessions:
15 in NONE state
521 in ESTABLISHED state
26 in SYN_SENT state
1 in SYN_RECV state
14 in FIN_WAIT state
54 in TIME_WAIT state
11 in CLOSE state
2 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000001
error3=00000000
error4=00000000
tt=00000000
cont=000049b5
ids_recv=5c331772
url_recv=00000000
av_recv=00004cac
fqdn_count=00000004
fqdn6_count=00000000

session table:
table_size = maximum of session entries in the session table
used = number of session entries in the session table

misc info:
session_count = number of session in the kernal
clash = count of the collisions that occuured during the creation of new session
memory_tention_drop=number of the dropped sessions due to the system running out of memory
ephemeral = The ephemeral buffer is used to protect against DoS attacks. It is a type of input buffer so the real session table doesn’t get overloaded if a DoS attack does happen. The first number is how many sessions are in use, and the second number is the maximum number allowed. If the two numbers are close, it is a good chance there is a DoS attack underway, such as a DDoS using UDP packets.

XII. Monitor CPU/Memory usage of the internal processess

get system performance top <delay_in_second> <max_line_show>

IGS-FW-FG100D # get system performance top 1 25
Run Time: 83 days, 6 hours and 21 minutes
3U, 0N, 2S, 95I, 0WA, 0HI, 0SI, 0ST; 3955T, 2420F
ipsengine 243 R < 1.4 3.6
ipsengine 244 S < 0.9 3.7
ipsengine 245 S < 0.9 3.6
ipsengine 246 S < 0.4 3.7
src-vis 180 S 0.4 1.0
forticron 163 S 0.4 0.4
dnsproxy 194 S 0.4 0.3
newcli 5345 R 0.4 0.2
stpd 205 S 0.4 0.1
miglogd 25118 S 0.0 2.1
miglogd 30931 S 0.0 2.0
fnbamd 161 S 0.0 1.8
scanunitd 5016 S < 0.0 1.2
miglogd 154 S 0.0 1.0
cmdbsvr 134 S 0.0 0.9
scanunitd 5162 S < 0.0 0.8
scanunitd 5294 S < 0.0 0.8
scanunitd 5320 S < 0.0 0.8
pyfcgid 32093 S 0.0 0.8
scanunitd 174 S < 0.0 0.8
updated 177 S 0.0 0.7
httpsd 22016 S 0.0 0.7
ipshelper 190 S < 0.0 0.7
httpsd 25847 S 0.0 0.7
pyfcgid 32097 S 0.0 0.6

XIII. Display packet distribution and traffic statistics information for the FortiGate firewall.

IGS-FW-FG100D # get system performance firewall statistics
getting traffic statistics…
Browsing: 9316329329 packets, 7964737028177 bytes
DNS: 92543551 packets, 11648979982 bytes
E-Mail: 1870960 packets, 1774287544 bytes
FTP: 1508454 packets, 1526080821 bytes
Gaming: 42 packets, 5290 bytes
IM: 8 packets, 356 bytes
Newsgroups: 2 packets, 84 bytes
P2P: 1707 packets, 102330 bytes
Streaming: 16235 packets, 1874868 bytes
TFTP: 0 packets, 0 bytes
VoIP: 15 packets, 776 bytes
Generic TCP: 9115523276 packets, 6018985622518 bytes
Generic UDP: 449576198 packets, 240803166795 bytes
Generic ICMP: 117827078 packets, 5588145210 bytes
Generic IP: 294225 packets, 23308680 bytes

IGS-FW-FG100D # get system performance firewall packet-distribution
getting packet distribution statistics…
0 bytes – 63 bytes: 8941347932 packets
64 bytes – 127 bytes: 3032834145 packets
128 bytes – 255 bytes: 2239125144 packets
256 bytes – 383 bytes: 704574555 packets
384 bytes – 511 bytes: 420561301 packets
512 bytes – 767 bytes: 1384580753 packets
768 bytes – 1023 bytes: 253866061 packets
1024 bytes – 1279 bytes: 463180176 packets
1280 bytes – 1500 bytes: 15681035663 packets

Leave a Reply

Your email address will not be published. Required fields are marked *