Fortigate Firewall Network Troubleshooting

Network Troubleshooting

Interface Status

Display interface information. Link status, settings are shown here.

get hardware nic <interface>

On FortiGates using SPF/SPF+ transceivers you can see their status

get system interface transceiver

Interface Index

Sometimes FortiGate only displays the interface index and not the name. To find the matching interface

diag netlink interface list

ARP Table

Display the ARP cache

get system arp

diag ip arp list

Delete an entry in the ARP cache

diag ip arp delete <interface> <ip-address>

Transparent Mode

Display the MAC addresses of a FortiGate in transparent mode

diag netlink brtcl


exec ping-options [option]
exec ping <ip-address>

exec ping6-options [option]
exec ping6 <ipv6-address>

Important: Using VPN tunnels without IP address configuration, ping uses the IP address or the interface where the tunnel is attached. Pinging an IP address on the other side of the tunnel without using ping-options does not work.


exec traceroute-options [option]
exec traceroute <ip-address>

exec tracert6 <ipv6-address>

Telnet/SSH client

It is possible to establish a connection to a remote system using telnet or ssh.

exec telnet <ip-address>

exec ssh <user@ip-address>

IP addresses used on the FortiGate

Show me the IP addresses used on the FortiGate

diag ip address list
diag ipv6 address list

Show me the IP addresses of my VIPs

diag firewall iplist list