Table Of Contents

•Before you begin
How this guide is organized
Document conventions
IP addresses
Cautions, Notes and Tips
Typographical conventions
CLI command syntax conventions
Entering FortiOS configuration data
Entering text strings (names)
Entering numeric values
Selecting options from a list
Enabling or disabling options
Registering your Fortinet product
Fortinet products End User License Agreement
Fortinet Tools and Documentation CD
Fortinet Knowledge Base
Comments on Fortinet technical documentation
Customer service and technical support
Troubleshooting process
•Establish a baseline
Establish a baseline
Define the Problem
Gathering Facts
Resource Usage
Proxy Operation
Hardware NIC
Hardware Troubleshooting
Conserve Mode
Antivirus Failopen
Traffic Trace
Session Table
Finding Object Dependencies
Flow Trace
Flow Trace Output Example - HTTP
Flow Trace Output Example - IPSec (policy-based)
Packet Sniffer
FA2 and NP2 Based Interfaces
Debug Command
Debug Output Example
Other Commands
ARP Table
Time and Date Settings
FortiGate Ports
Diagnostic Commands
FortiAnalyzer/FortiManager Ports
FortiGuard Troubleshooting
Sorting the Server List
Calculating Weight
FortiGuard URL Rating
Technical Support Organization Overview
Fortinet Global Customer Services Organization
Creating an Account
Registering a Device
Reporting Problems
Logging Online Tickets
Fortinet Partners
Fortinet Customers
Following Up On Online Tickets
Telephoning a Technical Support Center
Assisting Technical Support
Support Priority Levels
Priority 1
Priority 2
Priority 3
Priority 4
Return Material Authorization Process
Troubleshooting connectivity
Check hardware connections
To check hardware connections
Run ping and traceroute
Verify the contents of the routing table (in NAT mode)
For Transparent mode, check the bridging information
What checking the bridging information can tell you
How to check the bridging information
Perform a sniffer trace
What can sniffing packets tell you
How do you sniff packets
Debug the packet flow
Examine the firewall session list
To examine the firewall session list in the CLI
Other diagnose commands
Troubleshooting ‘get’ commands
exec tac report
get firewall iprope list
get firewall iprope appctrl
get firewall proute
FGT # get firewall proute
get hardware cpu
get hardware nic
get hardware npu list
get hardware npu performance
get hardware npu status
get hardware status
get ips session
get router info kernel
get system arp
get system auto-update
get system auto-update version
FGT # get system auto-update version
get system ha status
get system performance firewall
get system performance firewall packet-distribution
get system performance status
FGT# get sys performance status
get system performance top
get system session-info full-stat
get system session-helper
get system session-table list
get system session-table statistics
get system session-info ttl
get system startup-error-log
get test application
get test application urlfilter
get vpn status ike config
get vpn status ike crypto
get vpn status ike errors
get vpn status ike status detailed
get vpn status ipsec
get vpn status ssl hw-acceleration-status
get vpn status ssl list
get vpn status tunnel dialup-list
get vpn status tunnel list
get vpn status tunnel stat
get vpn status concentrator
get webfilter ftgd-statistics
get webfilter status
Troubleshooting bootup issues
•B. You don’t see the boot options menu
A. You have text on the screen, but you have problems
B. You don’t see the boot options menu
C. You have problems with the console text
D. You have visible power problems
E. You have a suspected defective FortiOS unit
P. 1
Fortigate Troubleshooting 40 Mr2

Published by Eric Franco

Published by: Eric Franco on May 24, 2011
You're Reading a Free Preview

