Debug FortiGate Network Issues – Bruderer Research GmbH

Fortigate Firewall Network Troubleshooting

Post author:Peter Bruderer
Post published:04.03.2018
Post category:Fortinet

Network Troubleshooting

Interface Status

Display interface information. Link status, settings are shown here.

get hardware nic <interface>

On FortiGates using SPF/SPF+ transceivers you can see their status

get system interface transceiver

Interface Index

Sometimes FortiGate only displays the interface index and not the name. To find the matching interface

diag netlink interface list

ARP Table

Display the ARP cache

get system arp

diag ip arp list

Delete an entry in the ARP cache

diag ip arp delete <interface> <ip-address>

Transparent Mode

Display the MAC addresses of a FortiGate in transparent mode

diag netlink brtcl

Ping

exec ping-options [option]
exec ping <ip-address>

exec ping6-options [option]
exec ping6 <ipv6-address>

Important: Using VPN tunnels without IP address configuration, ping uses the IP address or the interface where the tunnel is attached. Pinging an IP address on the other side of the tunnel without using ping-options does not work.

Traceroute

exec traceroute-options [option]
exec traceroute <ip-address>

exec tracert6 <ipv6-address>

Telnet/SSH client

It is possible to establish a connection to a remote system using telnet or ssh.

exec telnet <ip-address>

exec ssh <user@ip-address>

IP addresses used on the FortiGate

Show me the IP addresses used on the FortiGate

diag ip address list
diag ipv6 address list

Show me the IP addresses of my VIPs

diag firewall iplist list

Tags: FortiGate, Troubleshooting

Network Troubleshooting

Interface Status

Interface Index

ARP Table

Transparent Mode

Ping

Traceroute

Telnet/SSH client

IP addresses used on the FortiGate

You Might Also Like

Format FortiGate diag sniffer packet for Wireshark

Use LLDP on FortiGate

FortiGate “Deny: DNS Error”