diagnose firewall acl
Firmware – FortiOS: 5.4
This command is used to display information about the access control list feature.
Syntax
diagnose firewall acl {counter | counter6 | clearcounter | clearcounter6}
Options
counter: Shows the number of packets dropped by ACL
counter6: Shows the number of packets dropped by IPv6 ACL
clearcounter: Clears the ACL packet counter
clearcounter6: Clears the IPv6 packet counter
diagnose firewall auth list
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to list all the authorized users on this system.
Syntax
diagnose firewall auth list
Command
diagnose firewall auth list
Output
—– 0 listed, 0 filtered ——
diagnose firewall clear
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to clear authenticated IPv4 users.
Syntax
diagnose firewall auth clear
Command
diagnose firewall auth clear
Output
—– all cleared ——
diagnose firewall filter
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose firewall auth filter clear
diagnose firewall auth filter group
diagnose firewall auth filter method
diagnose firewall auth filter method policy
diagnose firewall auth filter source
diagnose firewall auth filter source6
diagnose firewall auth filter user
diagnose firewall fqdn flush
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose firewall fqdn flush name
diagnose firewall gtp runtime-stat
Firmware – FortiOS: 6.0
Command used to show the shared tunnel limiters
Syntax
diagnose firewall gtp runtime-stat
diagnose firewall gtp stat
Firmware -FortiOS: 6.0
Syntax
diagnose firewall gtp stat
diagnose firewall gtp tunnel
Firmware – FortiOS: 5.6.3< 6.0 The command is used to filter, list and flush all versions of GTP tunnels, including v0, v1, and v2.
Syntax
diagnose firewall gtp tunnel list
diagnose firewall gtp tunnel flush
diagnose firewall gtp tunnel filter version {0 | 1 | 2}
diagnose firewall gtp tunnel filter f-teid-c {teid | addr}
diagnose firewall gtp tunnel filter f-teid-u {teid | addr}
Options
diagnose firewall gtp tunnel-limit list
Firmware – FortiOS: 6.0
Command used to show the shared tunnel limiters
Syntax
diagnose firewall gtp tunnel-limit list
Example
diagnose firewall gtp tunnel-limit list
name=gtp-tl-1 tunnel_limit=50 tunnel_count=0
diagnose firewall ip-translation
Firmware – FortiOS: 5.0 5.2 5.4
This command can be used to list or flush IP translation table.
Syntax
Flush IP translation table
diagnose firewall ip-translation flush
List IP translation table
diagnose firewall ip-translation list
diagnose firewall ipgeo copyright-notice
Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command shows the copyright notice.
Syntax
diagnose firewall ipgeo copyright-notice
Command
diagnose firewall ipgeo copyright-notice
Output
GEIP 2.004 Copyright (c) 2017 Fortinet Inc. All Rights Reserved
diagnose firewall ipgeo country-list
Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command is used to display a listing of all the countries in the available.
Syntax
diagnose firewall ipgeo country-list
Example
The example command output shows that a firewall address has been added for China.
Command
diagnose firewall ipgeo country-list
Output
Total countries loaded:1
CN
diagnose firewall ipgeo ip-list
Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command shows the IP addresses of a specified country or all of the countries added to firewall addresses. Input the two letter country id or type ‚all’ for all IP ranges.
Syntax
diagnose firewall ipgeo ip-list
Make sure that the country ID uses capitalized letters. Using lower case letters will give a response of
Country name:cn Total IP Range:0
Command
diagnose firewall ipgeo ip-list CA
Output
4.15.16.0 – 4.15.23.255
4.15.77.132 – 4.15.77.135
4.16.48.0 – 4.16.55.255
4.26.255.0 – 4.26.255.255
4.28.136.0 – 4.28.143.255
.
.
.
.
.
217.21.138.0 – 217.21.139.255
217.21.141.0 – 217.21.143.255
220.243.216.0 – 220.243.216.255
220.243.219.0 – 220.243.219.255
220.243.223.0 – 220.243.223.255
Country name:CA Total IP Range:6451
diagnose firewall ipgeo override
Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command prints out all user defined IPgeo data.
Syntax
diagnose firewall ipgeo override
Command
diagnose firewall ipgeo override
Output
Location: geotest, code: A0 (ip-ranges 1)
range 1: 192.168.3.1 – 192.168.3.14
diagnose firewall iplist
FortiOS: 5.0 5.2 5.4
Syntax
Flush
diagnose firewall iplist flush
List optimized iplist
diagnose firewall iplist list optimized
diagnose firewall proute
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display policy routing.
Syntax
diagnose firewall proute list
Command
diagnose firewall proute list
Output
list route policy info(vf=root):
diagnose firewall statistic
Firmware – FortiOS: 5.0 5.2 5.4
This command ca be used to display throughput information for the firewall broken down into categories, by both packets and bytes. It can also be used to clear and reset the throughput information.
Syntax
diagnose firewall statistic
Options
Show traffic stats
Use the show command to display throughput information for the firewall broken down, into categories, by both packets and bytes. Categories include common applications such as DNS, FTP, IM, P2P, and VoIP and also includes the lower level protocols — TCP, UDP, ICMP, and IP.
diagnose firewall statistic show
Clear traffic stats
Use the clear command to clear and reset the throughput information.
diagnose firewall statistic clear
Command
diagnose firewall statistic show
Output
getting traffic statistics…
Browsing: 64116 packets, 34710998 bytes
DNS: 20304 packets, 2807191 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 206718 packets, 22202746 bytes
Generic UDP: 32546 packets, 8492940 bytes
Generic ICMP: 2 packets, 124 bytes
Generic IP: 41 packets, 1671 bytes
Command
diagnose firewall statistic clear
Output
clearing traffic statistics…
Done
diagnose firewall vip realserver
Firmware – FortiOS: 5.0 5.2 5.4 5.6 6.0
Syntax
diagnose firewall vip realserver down
diagnose firewall vip realserver flush
diagnose firewall vip realserver healthcheck stats clear
diagnose firewall vip realserver healthcheck stats show
diagnose firewall vip realserver list — list
diagnose firewall vip realserver up