Advanced Search
Search Results
419 total results found
ASA 9.5
ASA 9.8
Switch
Cyrus SASL
Daemon Tools
Debian 8
(AKA: Debian Jesse)
IPsec
OpenSSL
Bind
DNS server extraordinare.
eXceed
Fedora 31
Environment Modules
Fedora 32
Fedora 34
Fedora 33
Fedora 35
Fedora 25
Fedora 27
Fedora 30
Fedora 23
DHCP Reservation
(2015-01-29) New way: config system dhcp server edit <instance_int> config reserved-address edit <id_int> set description <string> set ip <ipv4> set mac <mac> end end
Dual-WAN Gateways
Rules For Multiple Default Gateways If the two routes have different Administrative Distance settings, the lowest one wins. Routes with higher Administrative Distance settings are not entered into the routing table and are not usable while interfaces with low...
EXT3 fs error (device)
(2015-10-02) Problem: Error or errors like EXT3-fs error (device sd(8,1)): ext3_free_blocks: Freeing blocks not in datazone - block = 1836348733, count = 1 EXT3-fs error (device sd(8,1)): ext3_free_blocks: Freeing blocks not in datazone - block = 1651864352, c...
HA Cluster Status
(2015-09-14) Problem What's the status of my 5.2.x cluster? Solution Verify cluster status: fw-ottawa-A # conf global fw-ottawa-A # get system ha status [...] Verify the firmware versions of cluster members: fw-ottawa-A # get system stat Version [...] [...] ...
HA Cluster Synchronization
(2015-10-02) Problem Check synchronization status. Solution FGT_1# di sys ha clusterÂcsum ================== FG100D3G13805993 ================= is_manage_master()=0, is_root_master()=0 debugzone global: 89 f2 f0 0b e8 eb 0d ee f8 55 8b 47 27 7a 27 1e root: cf...
Management Access
(2015-08-13) Problem Need to enable remote management through the CLI. Solution config system interface edit <interface_name> set allowaccess {http https ping snmp ssh telnet} end
VoIP Clients with Fortigates
(2017-01-11) Problem VoIP Clients with FortiGates Solution Disable the SIP ALG config system settings set sip-helper disable set sip-nat-trace disable end config system session-helper show (locate the SIP entry, usually 13, but can vary) delete 13 (or the n...
VPN Fragmentation
(2017-04-12) Problem VPN throughput is slow and you suspect fragmentation. Solution You can influence the MSS (Maximum Segment Size) passed through the VPN by adding qualifiers to the policies governing traffic flow through the VPN. You can only do this from t...
VPN Tunnel Details
(2015-10-19) Problem I want details about a VPN tunnel. Solution # diag vpn tunnel list list all ipsec tunnel in vd 0 ------------------------------------------------------ name=VPN_NAME ver=1 serial=1 x.x.x.x:0->y.y.y.y:0 lgwy=static tun=intf mode=auto bound_...
CLI Disk Scan FSCK
(2018-08-22) Problem It is a good idea to run a disk check before doing a firmware upgrade, especially on little units that get all upset because their power got ganked during the last thunderstorm. It's also tedious to do this through the web interface when w...
CLI Upgrade Firmware
Problem Upgrading firmwares via the web UI is tedious, especially when you have 50 or 60+ of these fuckers to do. Solution You have to do this via tftp. This involves setting up a tftp server and making sure the appropriate firmware is A) loaded on it and B) a...
Connecting Multiple vDOMs to the same VLAN
(2018-02-26) Problem I have more vDOMs to connect to a VLAN than I have physical interfaces. (The easy way to glue vDOMs together on the same VLAN is to tag up different physical ports with the same VLAN, associated with different vDOMs. This doesn't scale.) S...
CPU is pinned
(2018-06-11) Problem CPU on Fortigate is maxed out for a long period of time (hours, days). Solution Identify the process using the CPU: get system performance top It should be obvious which process is using all the CPU. Note the PID of the offending process....
Debug Flow
(2018-01-30) Debugging Flow Example: diag debug enable diag debug flow filter addr 203.160.224.97 diag debug flow show function-name enable diag debug flow trace start 100 Useful other things: di de flow filter saddr 10.0.0.1 di de flow filter daddr 199.99.99...
Debug Session
(2018-01-30) Session operations di sys session list Set a filter: di sys session filter di sys session filter src 1.2.3.4 di sys session filter dst 5.6.7.8 In general: clear clear session filter dport dest port dst dest ip address duratio...
Debug Sniffer
(2017-11-23) Problem Want to sniff traffic flow. Solution # diag sniffer packet <interface> <'filter'> <verbose> <count> a Filter syntax: '[[src|dst] host<IP1>] [[src|dst] host<IP2>] [[arp|ip|gre|esp|udp|tcp] [port_no]] [[arp|ip|gre|esp|udp|tcp] [port_no]]' ...
Factory Reset
(2018-03-01) Problem The reset to factory settings using the GUI is not available in v5.4. Solution In a command prompt, global context, issue the command: exec factoryreset After confirmation, firewall will reboot with default configuration for the loaded fi...
Forticlient Registering To Fortigate
(2018-02-02) Problem My FortiClient users are getting prompted to "register" their FortiClients against the FortiGate firewall. I don't want this to happen. Solution On the relevant LAN interface, ensure that FortiTelemetry is not enabled. In 5.4.6 this is a c...
Fixing HA Sync Problems
(2017-11-13) Problem: fgt300d-b (global) # get system ha status HA Health Status: OK Model: FortiGate-300D Mode: HA A-P Group: 0 Debug: 0 [...] Configuration Status: FGT3HD--------42(updated 5 seconds ago): in-sync FGT3HD--------79(updated 2 seconds ag...
List DHCP Client Leases
(2018-08-15) Problem Find the current list of DHCP clients for a Fortigate DHCP server. Solution # execute dhcp lease-list internal