FortiOS

(2015-04-20) Show the arp table: # get system arp

(2013-08-26) Problem: My scenario is that I have a FortiGate 60D with two ISPs: a static DSL, and...

(2015-04-22) List the firewall's internal crashlog: # di de crashlog read

Problem:        Cannot set mode to DHCP or PPPoE when HA is on. It doesn't work. Note: this is ...

(2015-04-22) List the DHCP leases handed out on $INTERFACE. # exec dhcp lease-list $INTERFACE

(2015-01-29) Warning: this method does not work in 5.2 (and presumably higher). config system dhc...

(2014-11-20) Verify the firmware versions of cluster members:         fw-ottawa-A # get syste...

(2013-12-17) Problem Need to force speed/duplex on a physical interface. Solution There's no GUI ...

(2014-06-24) To set interface mode: make sure the default Internal interface has no DHCP server ...

(2015-04-01) Interface State Show IP, status, speed/duplex: get system interface physical Show p...

(2015-03-12) Problem By default, baby firewalls (which seems to mean up to and including F90Ds ) ...

(2013-07-18) Show information of packets seen on an interface: # diag sniffer packet internal non...

(2014-06-14) On the smaller FortiGates, the GUI doesn't include the ability to define Radius serv...

(2014-07-03) Problem Nobody remembers the password for a given admin account. We have another sup...

(2013-08-28) Reset To Factory Defaults You have two minutes from power reset to perform this task...

(2013-08-26) Display the routing table: # get router info routing-table all

(2013-11-13) Ping # exec ping $TARGET Options execute ping-options view-settings execute ping-o...

(2014-08-22) To enable logging to a syslog server: config log syslogd setting set status enab...

Testing authentication These cli commands can help you test your radius or ldap server: # diag te...

(2015-08-24) This is the recipe that I use when configuring out-of-box systems for the first time...

(2015-01-29) New way: config system dhcp server edit <instance_int> config reserved-address ...

Rules For Multiple Default Gateways If the two routes have different Administrative Distance set...

(2015-10-02) Problem: Error or errors like EXT3-fs error (device sd(8,1)): ext3_free_blocks: Free...

(2015-09-14) Problem What's the status of my 5.2.x cluster? Solution Verify cluster status: fw-ot...

(2015-10-02) Problem Check synchronization status. Solution FGT_1# di sys ha cluster­csum =======...

(2015-08-13) Problem Need to enable remote management through the CLI. Solution config system int...

(2017-01-11) Problem VoIP Clients with FortiGates Solution Disable the SIP ALG config system sett...

(2017-04-12) Problem VPN throughput is slow and you suspect fragmentation. Solution You can influ...

(2015-10-19) Problem I want details about a VPN tunnel. Solution # diag vpn tunnel list list all ...

(2018-08-22) Problem It is a good idea to run a disk check before doing a firmware upgrade, espec...

Problem Upgrading firmwares via the web UI is tedious, especially when you have 50 or 60+ of thes...

(2018-02-26) Problem I have more vDOMs to connect to a VLAN than I have physical interfaces. (The...

(2018-06-11) Problem CPU on Fortigate is maxed out for a long period of time (hours, days). Solut...

(2018-01-30) Debugging Flow Example: diag debug enable diag debug flow filter addr 203.160.224.97...

(2018-01-30) Session operations di sys session list Set a filter: di sys session filter di sys s...

(2017-11-23) Problem Want to sniff traffic flow. Solution # diag sniffer packet <interface> <'fil...

(2018-03-01) Problem The reset to factory settings using the GUI is not available in v5.4. Soluti...

(2017-11-13) Problem: fgt300d-b (global) # get system ha status HA Health Status: OK Model: Forti...

(2018-02-02) Problem My FortiClient users are getting prompted to "register" their FortiClients a...

(2018-08-15) Problem Find the current list of DHCP clients for a Fortigate DHCP server. Solution ...

(2018-06-11) Problem List connected SSLVPN users. Solution exec vpn sslvpn list

(2018-12-03) Problem Firewall doesn't boot. When you hook a console up to it, it says: Error: RTC...

(2018-01-26) Problem SSLVPN disconnects after 8 hours. Solution config vpn ssl settings set auth-...

(2018-12-03) Problem Show system time on a FortiGate. Solution # exec time current time is: 19:0...

(2018-01-30) Problem Two computers, A and B, trying to connect across a site-to-site VPN to compu...

(2019-04-17) Problem Wifi clients connect but can't get DHCP lease from either the Fortigate or f...

(2020-06-18) BGP Neighbor status? # get router info bgp neighbors … # get router info bgp neighbo...

(2020-06-24) Problem Soft-bounce bgp sessions. This should cause peers to hold on to the routes w...

(2019-03-13) Problem What are the recommended settings for IPSEC VPNs? Updated 25 April 2023 IKE:...

(2019-10-30) FortiCloud Debug Commands fgt300d-a (global) # di test app forticldd 1. dump fds set...

(2019-01-22) Solution So apparently FortiGates can do LLDP, you just have to turn it on. config s...

(2019-09-12) Problem IPsec tunnel to another device (in this case, a Watchguard). Tunnel shows as...

(2019-02-13) Problem Using the CLI, list current assigned DHCP leases. Solution For interface "in...

(2020-03-13) Creating Whitelists For Microsoft Internet Services See: (https://docs.microsoft.com...

(2019-05-28) Problem Routing table? Solution get router info routing-table all get router info ...

(2018-12-19) Problem Want SSH Pubkey authentication for my AD-backed administrative user. Specifi...

(2019-03-13) Problem Standard configuration for (more) secure crypto Solution config sys global ...

(2019-03-13) Problem SSLVPN users have to use FQDNs instead of short names when connecting to off...

(2019-01-10) What firmware am I running? # get system status Version: FortiGate-60D v5.6.2,build1...

(2019-07-08) Problem Traffic shaping wtf? Solution In 5.6, traffic shaping was removed from IPv4 ...

(2020-09-14) CLI Restore Configuration > execute restore config tftp <filename> <ip> > execute re...

(2021-07-20) Problem Display logs from a console session. Solution Select log source: # execute l...

(2021-06-16) Limited iPerf3 on Fortigates # diag traffictest client-intf port1 <----- Defi...

(2022-01-17) Problem IPSA self test failed, disable IPSA! Solution FW # conf ips global FW (globa...

(2022-02-08) Problem What do we have to do to permit the LDAP lookup account to be able to change...

(2021-10-07) Problem Who's logged in from where? Solution # di firewall auth list

(2022-02-15) Problem I want a (or a bunch of) read-only admin(s) with global scope. Solution # co...

(2022-06-17) Problem SD-WAN no workie. Solution You can probably figure out information from some...

(2018-08-02) Problem Site to site VPN not coming up. Solution it depends what you would like to t...

(2020-01-11) Problem If you try to put an IP address on a VPN tunnel interface, the minimum netma...

(2019-04-10) Problem Wifi WPA/WPA2 access tests that depend on a LDAP (Active Directory) user gro...

(2020-03-24) Problem What does this error code that FortiClient SSLVPN is giving me? Solution If ...

(2025-06-05) diagnose system waninfo ipify

(2023-02-21) How many can I define? On the device in question: fgt300d-a # print tablesize syste...

(2024-02-08) Problem The local, internally generated certificate that the Fortigate presents for ...

(2025-01-31) FGVM # di geoip ip2c 147.45.47.173 147.45.47.173 - Netherlands, is not anycast ip F...

(2024-02-06) Problem CLI way to duplicate the "policy lookup" tool Solution diagnose firewall ipr...

(2025-03-31) # di sys sdwan member Member. service ...

(2025-03-18) # execute backup disk alllogs ftp <IP_address> <username> <password> <compressed | u...

MTU can be adjusted via three ways: Adjusting the MTU of the physical interface where the IPsec...

(2024-11-13) Stronger encryption algorithms equals to lower MTU values. For example, the FortiGat...

(2023-11-15) Example Link Monitor Configuration config system link-monitor edit "VLAN601" set src...

(2024-11-28) fw # exec log filter category Category. device Device to ...

(2025-06-04) diagnose firewall fqdn list-ip diagnose firewall fqdn list-all dia firewall fqdn li...

(2025-06) What This Is About In the course of my day-to-day duties I've been seeing a lot of sdwa...

(2025-06-18) Commands to show what pppd is up to: diagnose debug reset diagnose debug disable dia...

(2025-06-18) diagnose debug console timestamp enable

(2024-08-28) Remember you need to have basic support in order for this db to be populated. Firewa...

(2025-07-03) To block the QUIC application signature in the CLI: config application list edit...

(2025-04-24) What routes are we sending to a neighbor? get router info bgp neighbors <neighbor IP...

(2025-04-29) Debug Fortigate as DHCP client: diag debug reset diag debug application dhcpc -1 dia...

(2025-03-31) (..or, we don't want you using this but if you insist:) Enable the GUI menus: config...

(2025-02-19) Command Does diag dvm device list list all devices diag dvm device list nam...

(2025-04-28) diag sniffer packet any "proto 89" 6 0 l diag sniffer packet any "host 224.0.0.5" ...

(2025-04-15) To generate a Tac report: # exec tac report Alternatively, go to System Settings F...

(2025-05-13) top-mem: #diag sys top-mem node (165): 44189kB forticron (173): 29644kB ipshelper (...

(2025-06-17) No pager: config system console set output standard end Pager again: config sys...