1 lutego 2019 Monika Ciepłucha

Hardware

Diagnose hardware certificate

Firmware – FortiOS: 5.0 5.2 5.4 5.6 6.0
Use this command to verify all FortiGate unit certificates. For each certificate, the name test performed and results will be listed.

Syntax
diagnose hardware certificate

Command
diagnose hardware certificate

Output
Checking Fortinet_CA.cer integrality ……..Passed
Checking Fortinet_Factory.cer integrality ……..Passed
Checking Fortinet_Factory.cer key-pair integrality ……..Passed
Checking Fortinet_Factory.cer Serial-No. ……..Passed
Checking Fortinet_Factory.cer timeliness ……..Passed
Checking Fortinet_Factory.key integrality ……..Passed
Checking Fortinet_CA2.cer integrality ……..Passed
Checking Fortinet_Factory2.cer integrality ……..Passed
Checking Fortinet_Factory2.cer key-pair integrality ……..Passed
Checking Fortinet_Factory2.cer Serial-No. ……..Passed
Checking Fortinet_Factory2.cer timeliness ……..Passed
Checking Fortinet_Factory2.key integrality ……..Passed


Diagnose hardware ipsec

Firmware – FortiOS: 5.0 5.2 5.4
This command displays real-time session set up rate statistics. It is used to obtain ASIC IPsec information.

Syntax
diagnose hardware ipsec


Diagnose hardware lspci

Firmware – FortiOS: 5.0 5.2 5.4
This command is used to list PCI parameters.

Syntax
diagnose hardware lspci

Arguments
hardware-arguments

Command
diagnose hardware lspci <-n>

Output
Usage: lspci []
Basic display modes:
-mm Produce machine-readable output (single -m for an obsolete format)
-t Show bus tree
Display options:
-v Be verbose (-vv for very verbose)
-k Show kernel drivers handling each device
-x Show hex-dump of the standard part of the config space
-xxx Show hex-dump of the whole config space (dangerous; root only)
-xxxx Show hex-dump of the 4096-byte extended config space (root only)
-b Bus-centric view (addresses and IRQ’s as seen by the bus)
-D Always show domain numbers
Resolving of device ID’s to names:
-n Show numeric ID’s
-nn Show both textual and numeric ID’s (names & numbers)
-q Query the PCI ID database for unknown ID’s via DNS
-qq As above, but re-query locally cached entries
-Q Query the PCI ID database for all ID’s via DNS
Selection of devices:
-s [[[[]:]]:][][.[]] Show only devices in selected slots
-d []:[][:] Show only devices with specified ID’s
Other options:
-i Use specified ID database instead of /usr/local/share/pci.ids
-p Look up kernel modules in a given file instead of default modules.pcimap
-M Enable `bus mapping’ mode (dangerous; root only)
PCI access options:
-A Use the specified PCI access method (see `-A help’ for a list)
-O = Set PCI access parameter (see `-O help’ for a list)
-G Enable PCI access debugging
-H Use direct hardware access ( = 1 or 2)
-F Read PCI configuration dump from a given file


Diagnose hardware sys conserve

Firmware – FortiOS: 5.6
This command provides memory information about the system that is useful in diagnosing conserve mode issues.

Syntax
diagnose hardware sys conserve

Command
diagnose hardware sys conserve

Output
memory conserve mode: off
total RAM: 7996 MB
memory used: 2040 MB 25% of total RAM
memory used threshold extreme: 7597 MB 95% of total RAM
memory used threshold red: 7037 MB 88% of total RAM
memory used threshold green: 6557 MB 82% of total RAM


Diagnose hardware sysinfo interrupts

Firmware – FortiOS: 5.0 5.2 5.4
This command displays a list of specifications and settings for all interrupts for each CPU.

Syntax
diagnose hardware sysinfo interrupts

Command
diagnose hardware sysinfo interrupts

Output
8: 1164 ehci_hcd
9: 15236 fsoc1_udc
10: 379 serial
22: 1450583 Timer Tick
26: 102035 nplite
27: 0 cp7
31: 1 np_perf_timer
Err: 0


Diagnose hardware test

Firmware – FortiOS: 5.4 5.6
There is a alternative method to the HQIP test for running hardware tests on FortiGates.

Instead of downloading a special HQIP image to run hardware tests, the tests are now built into the firmware of some models of FortiGate. To use this method you will need to use the CLI but you will not be required to set up a console connection. All that is required is access to a CLI interface. This could be through a console connection, SSH, the CLI interface through FortiExplorer or even the CLI widget in the GUI. You just have to be able to use the diagnose command.

Models
Models that are capable of using the diagnose hardware test command are:

  • FortiGate E series models
  • FortiGate 300D/500D – Running FortiOS 5.4.1 or later
  • Multiple low and mid range models running 5.6 or later
  • FortiGate 3800D model running 5.6 or later

    • Syntax
    The base command is:

    diagnose hardware test
    followed by one of the following options:

    bios – perform BIOS related tests.
    system – perform system related tests.
    usb – perform USB related tests.
    button – perform button related tests.
    cpu – perform CPU related tests.
    memory – perform memory related tests.
    network – perform network related tests.
    disk – perform disk related tests.
    led – perform LED related tests.
    wifi – perform wifi related tests. (This option is only available on FortiWiFi units)
    suite – runthe HQIP test suite.
    setting – change test settings.
    info – show test parameters.
    skip – skip interface while testing.
    Some of these options, also have options of their own.


    Diagnose hardware test skip

    Firmware – FortiOS: 5.0 5.2 5.4
    This diagnostic option allows specific interfaces to be skipped when performing performance tests on a FortiGate. One of the advantages of this method of hardware testing is that the device does not have to be shut down to run the tests. This advantage would be nullified if the running of the test brought down the functionality of the FortiGate. By skipping interfaces, tests can be run without impacting traffic.

    Syntax
    diagnose hardware test skip

    Options
    Clears the list of interfaces to be skipped during testing
    diagnose hardware test skip clear

    Shows the current list of interfaces that are skipped during testing
    diagnose hardware test skip show

    Includes an interface to the list of interfaces that are skipped during testing
    This function is cumulative. Using the command to skip another interface does not replace the previous interface, it adds an additional one.
    diagnose hardware test skip interface

    Command
    diagnose hardware test skip clear

    Output
    Skip list cleared.

    Command
    diagnose hardware test skip show

    Output
    Currently skipped interfaces:
    wan1
    lan

    Command
    diagnose hardware test skip interface

    Output
    Skipped interface: lan
    Skip lan successfully!


    Diagnose hardware test usb

    Firmware – FortiOS: 5.0 5.2 5.4
    Syntax
    diagnose hardware test usb

    This command can be used with the following options or none at all:

  • 2.0 – – USB 2.0 Test
  • 3.0 – – USB 3.0 Test

    • If you use one of the options, only tests relating to that information subset will be run and you will only get results for that. If you run the command without any of the options you will get results for all of the options.

    Your options for the command are:

  • diagnose hardware test usb
  • diagnose hardware test usb 2.0
  • diagnose hardware test usb 3.0

    • Command
    In this particular instance there was no USB device connected to the USB port.
    diagnose hardware test usb

    Output

    Test Begin at UTC Time Mon Feb 1 20:27:22 2016

    20:27:22 ( 0s) ==> USB 2.0 Test

    Please install USB 2.0 disk to the USB port.

    Do you want to continue? (y/n) (default is n) y

    Please wait while we are detecting the USB device…

    No USB devices found.

    20:27:29 ( 7s) <== USB 2.0 Test - [[ X FAIL X ]] 20:27:29 ( 7s) ==> USB 3.0 Test

    Please install USB 3.0 disk to the USB port.

    Do you want to continue? (y/n) (default is n) y

    Please wait while we are detecting the USB device…

    No USB devices found.

    20:27:41 ( 19s) <== USB 3.0 Test - [[ X FAIL X ]] Test End at UTC Time Mon Feb 1 20:27:41 2016 Total Elapsed Time: 19 seconds (0m 19s). ========================= Fortinet Hardware Test Report ========================= USB USB 2.0 Test.................................................. FAIL X USB 3.0 Test.................................................. FAIL X FAILURES: 1. USB-USB 2.0 Test: No USB devices found 2. USB-USB 3.0 Test: No USB devices found ========================= Fortinet Hardware Test ========================

    Command
    diagnose hardware test usb 2.0

    Output

    Please install USB 2.0 disk to the USB port.

    Do you want to continue? (y/n) (default is n) y

    Please wait while we are detecting the USB device…

    No USB devices found.

    20:21:39 ( 10s) <== USB 2.0 Test - [[ X FAIL X ]] Test End at UTC Time Mon Feb 1 20:21:39 2016 Total Elapsed Time: 10 seconds (0m 10s). ========================= Fortinet Hardware Test Report ========================= USB USB 2.0 Test.................................................. FAIL X FAILURE: 1. USB-USB 2.0 Test: No USB devices found ========================= Fortinet Hardware Test ========================

    Command
    diagnose hardware test usb 3.0

    Output
    Test Begin at UTC Time Mon Feb 1 20:22:28 2016

    20:22:28 ( 0s) ==> USB 3.0 Test

    Please install USB 3.0 disk to the USB port.

    Do you want to continue? (y/n) (default is n) y

    Please wait while we are detecting the USB device…

    No USB devices found.

    20:22:35 ( 7s) <== USB 3.0 Test - [[ X FAIL X ]] Test End at UTC Time Mon Feb 1 20:22:35 2016 Total Elapsed Time: 7 seconds (0m 07s). ========================= Fortinet Hardware Test Report ========================= USB USB 3.0 Test.................................................. FAIL X FAILURE: 1. USB-USB 3.0 Test: No USB devices found ========================= Fortinet Hardware Test ========================