Scribd Logo
Upload

Welcome to Scribd!

  • Technical Tip - Initial Troubleshooting For GUI or ... - Fortinet Community

    Uploaded by

    Osama Refai
    5 views5 pages

    Original Title

    Technical Tip_ Initial troubleshooting for GUI or ... - Fortinet Community

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views5 pages

    Technical Tip - Initial Troubleshooting For GUI or ... - Fortinet Community

    Uploaded by

    Osama Refai

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    7/19/23, 5:43 PM Technical Tip: Initial troubleshooting for GUI or ...

    - Fortinet Community

     Help 

    Forums  Knowledge Base  Community Groups 

    FortiGate
    FortiGate Next Generation Firewall utilizes purpose-built security processors
    and threat intelligence security services from FortiGuard labs to deliver top-
    rated protection and high performance, including encrypted traffic.

    This Board Search here

    Fortinet Community  Knowledge Base  FortiGate  Technical Tip: Initial troubleshooting for GUI or ...

    pbangari
    Staff

    Created on Edited on By

    ‎07-17-2023 10:57 PM ‎07-19-2023 01:15 AM Jean-Philippe_P

    Article Id

    264598

    Technical Tip: Initial troubleshooting for GUI or CLI access issue


    Description This article is an Initial troubleshooting for GUI or CLI access issue.
    Scope FortiGate.

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-for-GUI-or-CLI-access/ta-p/264598 1/5
    7/19/23, 5:43 PM Technical Tip: Initial troubleshooting for GUI or ... - Fortinet Community

    Solution To check the GUI or CLI access issues:


     
    1. Take console access to the FortiGate and check the management IP
    address (that is trying to be accessed) and make sure the correct IP
    address is used.

    show system interface


     
    2. Run the below command to check the port numbers configured for HTTP,
    HTTPS, SSH, and Telnet access respectively, and make sure the correct
    one is used:

     
    config system global
    (global) # show system global | grep -f port
        set admin-port 80
        set admin-sport 443
        set admin-ssh-port 22
        set admin-telnet-port 23
     
    Check if the above administrative accesses are enabled at the interface level:
     
    show system interface
        config system interface
            edit "mgmt1"
                set allowaccess ping https ssh http telnet
     
    3. Run the below command to check if the source IP address is part of the
    trusted host configuration if any is configured:

    show system admin


     
    Note:
    Check if the client IP address is getting S-NAT before reaching FortiGate. If
    yes, make sure that the IP address is part of the trusted host list.
     
    4. Run the below commands to check if the source IP address is allowed in
    the local-in policy if configured:

    show firewall local-in-policy


     
    5. Take the debug flow and packet sniffer if the issue still exists, to check
    for errors:

    diag debug reset


    diag debug flow filter addr <Fortigate's mgmt IP address>
    diag debug flow show function-name enable
    diag debug flow trace start 1000
    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-for-GUI-or-CLI-access/ta-p/264598 2/5
    7/19/23, 5:43 PM Technical Tip: Initial troubleshooting for GUI or ... - Fortinet Community

    diag debug enable


    diag debug disable <----- To stop the debug flow.
    diag sniffer packet any "host <Fortigate's mgmt IP address>" 6
    0 l    <----- ctrl+c to stop the capture.
     
    6. Collect the Chrome debugger as mentioned in the below document:

     
    Technical Tip: FortiGate Support Tool - Google Chrome Extension for
    troubleshooting GUI issues.

    185 0

    Share

    Submit Article Idea

    Contributors

    pbangari

    Anthony_E

    hrahuman_FTNT

    Jean-Philippe_P

    Broad. Integrated. Automated.

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-for-GUI-or-CLI-access/ta-p/264598 3/5
    7/19/23, 5:43 PM Technical Tip: Initial troubleshooting for GUI or ... - Fortinet Community

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to
    provide comprehensive cybersecurity protection for all users, devices, and applications and across
    all network edges.​

    Social Media

    SECURITY RESEARCH

    Threat Research

    FortiGuard Labs

    Threat Map

    Threat Briefs

    Ransomware

    COMPANY

    About Us

    Security Fabric

    Exec. Mgmt

    Careers

    Certifications

    Events

    Industry Awards

    Social Responsibility

    NEWS & ARTICLES

    News Releases

    News Articles

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-for-GUI-or-CLI-access/ta-p/264598 4/5
    7/19/23, 5:43 PM Technical Tip: Initial troubleshooting for GUI or ... - Fortinet Community

    Trademarks

    CONTACT US

    Corporate

    Community

    Copyright 2023 Fortinet, Inc. All Rights Reserved.


    Terms of Service Privacy Policy GDPR

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-for-GUI-or-CLI-access/ta-p/264598 5/5

    You might also like