General Commands

1) To view version & serial no of firewall

Ans: get system status

2) To see Mode of operation

Ans: get system settings

3) To see fortiguard updates

Ans: get system autoupdate schedule

4) To see current login users

Ans: get system info admin status

5) To view Configuration files

Ans: show full-configuration

4) To view date & time

#get system status

5) To view Logs
# Execute log display

6) To view Interfaces
# get system interface physical

7) To See Route table

# get router info routing-table all

8) To view Forwarding Table

#get router info kernel

9) To view NAT Table

#get sys session list

10)To view NAT table of a source ip

# diag sys session filter src <ip>
# diag sys session list
To clear nat entries
# diag sys session clear

11)To see ARP table

#get system arp
12) To see detail ARP table
# diagnose ip arp list
 13)To view firewall Policies
#show firewall policy

14)To sniff packets @ interface

# diag sniffer packet <interface name>
to see only @ verbose level 4
# diag sniffer packet interface <int.Name> none 4 3

15)Filtering sniffing packet

To see what's going on between two PCs

# diag sniffer packet interface <int name> ‘src host 10.0.0.100 and dst
host 4.2.2.2’ 1

In this example we're sniffing for ICMP only, to and from 10.0.0.100

# diag sniffer packet internal 'host 10.0.0.100 and icmp' 1

To capture Only TCP traffic between a source and destination

# diag sniffer packet internal 'host 10.0.0.100 and 4.2.2.2 and tcp port 80'
1

16) Packet flow trace

diagnose debug reset

diagnose debug flow filter ?
diagnose debug flow filter saddr 172.16.27.148
diagnose debug flow filter daddr 8.8.8.8
diagnose debug flow show console enable
diagnose debug enable
diagnose debug flow trace start 10 #display the next 10 packets, after
that, disable the flow:
diagnose debug disable

17)To see VPN configuration

# get vpn ike gateway <name>
# get vpn ipsec tunnel name <name>
# get vpn ipsec tunnel details
# diagnose vpn tunnel list
# diagnose vpn ipsec status #shows all crypto devices with counters
that are used by the VPN
get router info routing-table all
18)VPN Debugging
diagnose debug reset

diagnose vpn ike log-filter clear

diagnose vpn ike log-filter ?

diagnose vpn ike log-filter dst-addr4 1.2.3.4

diagnose debug app ike 255 #shows phase 1 and phase 2 output

diagnose debug enable #after enough output, disable the debug:

diagnose debug disable

19)To see HA Status

#show system ha

20)Ha Troubleshooting
diagnose sys ha status

execute ha manage ? #switch to the CLI of a secondary unit

execute ha manage <device-index>

diagnose sys ha showcsum #verify the checksum of all synchronized peers

21) To do factory reset

#execute factory reset
22)To see running processes
# get system top/diagnose sys top
23)To kill specific process
# diagnose sys kill -9 <pid>

24)To see Authentication order

#diag firewall iprop list
# diag firewall iprop clear

25)To Take Backup to FTP

#execute backup image tftp image.out 192.168.1.168

26) To restore backup from tftp

 execute restore image tftp image.out 192.168.1.168

27)Password Recovery

28)To see dhcp lease list

# get system dhcp lease-list

29)To See CPU & Network USAGE

# get system performance status
30)To see crashlogs
#diagnose debug crashlog read