General Commands

1) To view version & serial no of firewall

Ans: get system status
2) To see Mode of operation
Ans: get system settings
3) To see fortiguard updates
Ans: get system autoupdate schedule
4) To see current login users
Ans: get system info admin status
5) To view Configuration files
Ans: show full-configuration
4) To view date & time
#get system status
5) To view Logs
# Execute log display
6) To view Interfaces
# get system interface physical
7) To See Route table
# get router info routing-table all
8) To view Forwarding Table
#get router info kernel
9) To view NAT Table
#get sys session list
10)
To view NAT table of a source ip
# diag sys session filter src <ip>
# diag sys session list
To clear nat entries
# diag sys session clear
11)
To see ARP table
#get system arp
12)
To see detail ARP table
# diagnose ip arp list

13)
To view firewall Policies
#show firewall policy
14)
To sniff packets @ interface
# diag sniffer packet <interface name>
to see only @ verbose level 4
# diag sniffer packet interface <int.Name> none 4 3
15)

Filtering sniffing packet

To see what's going on between two PCs

# diag sniffer packet interface <int name> src host
10.0.0.100 and dst
host 4.2.2.2 1
In this example we're sniffing for ICMP only, to and from
10.0.0.100
# diag sniffer packet internal 'host 10.0.0.100 and icmp' 1
To capture Only TCP traffic between a source and destination
# diag sniffer packet internal 'host 10.0.0.100 and 4.2.2.2
and tcp port 80' 1
16)

Packet flow trace

diagnose debug reset

diagnose debug flow filter ?
diagnose debug flow filter saddr 172.16.27.148
diagnose debug flow filter daddr 8.8.8.8
diagnose debug flow show console enable
diagnose debug enable
diagnose debug flow trace start 10 #display the next 10
packets, after that, disable the flow:
diagnose debug disable
17)
To see VPN configuration
# get vpn ike gateway <name>
# get vpn ipsec tunnel name <name>
# get vpn ipsec tunnel details
# diagnose vpn tunnel list
# diagnose vpn ipsec status
#shows all crypto devices
with counters that are used by the VPN
get router info routing-table all
18)
VPN Debugging

diagnose debug reset

diagnose vpn ike log-filter clear
diagnose vpn ike log-filter ?
diagnose vpn ike log-filter dst-addr4 1.2.3.4
diagnose debug app ike 255
diagnose debug enable

#shows phase 1 and phase 2 output

#after enough output, disable the debug:

diagnose debug disable

19)
To see HA Status
#show system ha
20)
Ha Troubleshooting
diagnose sys ha status
execute ha manage ?

#switch to the CLI of a secondary unit

execute ha manage <device-index>

diagnose sys ha showcsum

#verify the checksum of all synchronized

peers

21)
To do factory reset
#execute factory reset
22)
To see running processes
# get system top/diagnose sys top
23)
To kill specific process
# diagnose sys kill -9 <pid>
24)
To see Authentication order
#diag firewall iprop list
# diag firewall iprop clear
25)
26)

To Take Backup to FTP

#execute backup image tftp image.out 192.168.1.168
To restore backup from tftp
execute restore image tftp image.out 192.168.1.168

27)

Password Recovery

28)
To see dhcp lease list
# get system dhcp lease-list
29)
To See CPU & Network USAGE
# get system performance status
30)
To see crashlogs
#diagnose debug crashlog read