Diagnose hardware certificate
Firmware – FortiOS: 5.0 5.2 5.4 5.6 6.0
Use this command to verify all FortiGate unit certificates. For each certificate, the name test performed and results will be listed.
Syntax
diagnose hardware certificate
Command
diagnose hardware certificate
Output
Checking Fortinet_CA.cer integrality ……..Passed
Checking Fortinet_Factory.cer integrality ……..Passed
Checking Fortinet_Factory.cer key-pair integrality ……..Passed
Checking Fortinet_Factory.cer Serial-No. ……..Passed
Checking Fortinet_Factory.cer timeliness ……..Passed
Checking Fortinet_Factory.key integrality ……..Passed
Checking Fortinet_CA2.cer integrality ……..Passed
Checking Fortinet_Factory2.cer integrality ……..Passed
Checking Fortinet_Factory2.cer key-pair integrality ……..Passed
Checking Fortinet_Factory2.cer Serial-No. ……..Passed
Checking Fortinet_Factory2.cer timeliness ……..Passed
Checking Fortinet_Factory2.key integrality ……..Passed
Diagnose hardware ipsec
Firmware – FortiOS: 5.0 5.2 5.4
This command displays real-time session set up rate statistics. It is used to obtain ASIC IPsec information.
Syntax
diagnose hardware ipsec
Diagnose hardware lspci
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to list PCI parameters.
Syntax
diagnose hardware lspci
Arguments
Command
diagnose hardware lspci <-n>
Output
Usage: lspci [
Basic display modes:
-mm Produce machine-readable output (single -m for an obsolete format)
-t Show bus tree
Display options:
-v Be verbose (-vv for very verbose)
-k Show kernel drivers handling each device
-x Show hex-dump of the standard part of the config space
-xxx Show hex-dump of the whole config space (dangerous; root only)
-xxxx Show hex-dump of the 4096-byte extended config space (root only)
-b Bus-centric view (addresses and IRQ’s as seen by the bus)
-D Always show domain numbers
Resolving of device ID’s to names:
-n Show numeric ID’s
-nn Show both textual and numeric ID’s (names & numbers)
-q Query the PCI ID database for unknown ID’s via DNS
-qq As above, but re-query locally cached entries
-Q Query the PCI ID database for all ID’s via DNS
Selection of devices:
-s [[[[
-d [
Other options:
-i
-p
-M Enable `bus mapping’ mode (dangerous; root only)
PCI access options:
-A
-O
-G Enable PCI access debugging
-H
-F
Diagnose hardware sys conserve
Firmware – FortiOS: 5.6
This command provides memory information about the system that is useful in diagnosing conserve mode issues.
Syntax
diagnose hardware sys conserve
Command
diagnose hardware sys conserve
Output
memory conserve mode: off
total RAM: 7996 MB
memory used: 2040 MB 25% of total RAM
memory used threshold extreme: 7597 MB 95% of total RAM
memory used threshold red: 7037 MB 88% of total RAM
memory used threshold green: 6557 MB 82% of total RAM
Diagnose hardware sysinfo interrupts
Firmware – FortiOS: 5.0 5.2 5.4
This command displays a list of specifications and settings for all interrupts for each CPU.
Syntax
diagnose hardware sysinfo interrupts
Command
diagnose hardware sysinfo interrupts
Output
8: 1164 ehci_hcd
9: 15236 fsoc1_udc
10: 379 serial
22: 1450583 Timer Tick
26: 102035 nplite
27: 0 cp7
31: 1 np_perf_timer
Err: 0
Diagnose hardware test
Firmware – FortiOS: 5.4 5.6
There is a alternative method to the HQIP test for running hardware tests on FortiGates.
Instead of downloading a special HQIP image to run hardware tests, the tests are now built into the firmware of some models of FortiGate. To use this method you will need to use the CLI but you will not be required to set up a console connection. All that is required is access to a CLI interface. This could be through a console connection, SSH, the CLI interface through FortiExplorer or even the CLI widget in the GUI. You just have to be able to use the diagnose command.
Models
Models that are capable of using the diagnose hardware test command are:
Syntax
The base command is:
diagnose hardware test
followed by one of the following options:
bios – perform BIOS related tests.
system – perform system related tests.
usb – perform USB related tests.
button – perform button related tests.
cpu – perform CPU related tests.
memory – perform memory related tests.
network – perform network related tests.
disk – perform disk related tests.
led – perform LED related tests.
wifi – perform wifi related tests. (This option is only available on FortiWiFi units)
suite – runthe HQIP test suite.
setting – change test settings.
info – show test parameters.
skip – skip interface while testing.
Some of these options, also have options of their own.
Diagnose hardware test skip
Firmware – FortiOS: 5.0 5.2 5.4
This diagnostic option allows specific interfaces to be skipped when performing performance tests on a FortiGate. One of the advantages of this method of hardware testing is that the device does not have to be shut down to run the tests. This advantage would be nullified if the running of the test brought down the functionality of the FortiGate. By skipping interfaces, tests can be run without impacting traffic.
Syntax
diagnose hardware test skip
Options
Clears the list of interfaces to be skipped during testing
diagnose hardware test skip clear
Shows the current list of interfaces that are skipped during testing
diagnose hardware test skip show
Includes an interface to the list of interfaces that are skipped during testing
This function is cumulative. Using the command to skip another interface does not replace the previous interface, it adds an additional one.
diagnose hardware test skip interface
Command
diagnose hardware test skip clear
Output
Skip list cleared.
Command
diagnose hardware test skip show
Output
Currently skipped interfaces:
wan1
lan
Command
diagnose hardware test skip interface
Output
Skipped interface: lan
Skip lan successfully!
Diagnose hardware test usb
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose hardware test usb
This command can be used with the following options or none at all:
If you use one of the options, only tests relating to that information subset will be run and you will only get results for that. If you run the command without any of the options you will get results for all of the options.
Your options for the command are:
Command
In this particular instance there was no USB device connected to the USB port.
diagnose hardware test usb
Output
Test Begin at UTC Time Mon Feb 1 20:27:22 2016
20:27:22 ( 0s) ==> USB 2.0 Test
Please install USB 2.0 disk to the USB port.
Do you want to continue? (y/n) (default is n) y
Please wait while we are detecting the USB device…
No USB devices found.
20:27:29 ( 7s) <== USB 2.0 Test - [[ X FAIL X ]] 20:27:29 ( 7s) ==> USB 3.0 Test
Please install USB 3.0 disk to the USB port.
Do you want to continue? (y/n) (default is n) y
Please wait while we are detecting the USB device…
No USB devices found.
20:27:41 ( 19s) <== USB 3.0 Test - [[ X FAIL X ]]
Test End at UTC Time Mon Feb 1 20:27:41 2016
Total Elapsed Time: 19 seconds (0m 19s).
========================= Fortinet Hardware Test Report =========================
USB
USB 2.0 Test.................................................. FAIL X
USB 3.0 Test.................................................. FAIL X
FAILURES:
1. USB-USB 2.0 Test: No USB devices found
2. USB-USB 3.0 Test: No USB devices found
========================= Fortinet Hardware Test
Command
diagnose hardware test usb 2.0
Output
Please install USB 2.0 disk to the USB port.
Do you want to continue? (y/n) (default is n) y
Please wait while we are detecting the USB device…
No USB devices found.
20:21:39 ( 10s) <== USB 2.0 Test - [[ X FAIL X ]]
Test End at UTC Time Mon Feb 1 20:21:39 2016
Total Elapsed Time: 10 seconds (0m 10s).
========================= Fortinet Hardware Test Report =========================
USB
USB 2.0 Test.................................................. FAIL X
FAILURE:
1. USB-USB 2.0 Test: No USB devices found
========================= Fortinet Hardware Test
Command
diagnose hardware test usb 3.0
Output
Test Begin at UTC Time Mon Feb 1 20:22:28 2016
20:22:28 ( 0s) ==> USB 3.0 Test
Please install USB 3.0 disk to the USB port.
Do you want to continue? (y/n) (default is n) y
Please wait while we are detecting the USB device…
No USB devices found.
20:22:35 ( 7s) <== USB 3.0 Test - [[ X FAIL X ]]
Test End at UTC Time Mon Feb 1 20:22:35 2016
Total Elapsed Time: 7 seconds (0m 07s).
========================= Fortinet Hardware Test Report =========================
USB
USB 3.0 Test.................................................. FAIL X
FAILURE:
1. USB-USB 3.0 Test: No USB devices found
========================= Fortinet Hardware Test