diagnose sys botnet
Firmware – FortiOS: 5.4 5.6 6.0
This command is used to display information about botnet information in the kernel and to flush and reload botnet information into the kernel.
Changes made in 6.0
The hit option was added. This is part of an effort to collect hit stats for botnet IP lists.
Syntax
diagnose sys botnet {stat | list | find | flush | reload | file | hit}
stat – – The number of botnet entries in the kernel
list – – To list the botnet entries
find – – To find a botnet entry by ip address, port number, protocol etc.
flush – – To flush botnet entries from the kernel
reload – – To reload botnet file into the kernel
file – – Botnet file diagnostics
hit – – To show botnet total hits and IP address
Example(s)
List
diagnose sys botnet list
Read 10 botnet entry:
0. proto=TCP ip=0.175.57.24, port=80, name_id=8, rule_id=48
1. proto=UDP ip=1.22.117.135, port=16470, name_id=0, rule_id=32
2. proto=UDP ip=1.22.177.28, port=16465, name_id=0, rule_id=32
3. proto=UDP ip=1.22.213.38, port=16465, name_id=0, rule_id=32
4. proto=UDP ip=1.23.81.128, port=16465, name_id=0, rule_id=32
5. proto=UDP ip=1.23.82.125, port=16465, name_id=0, rule_id=32
6. proto=UDP ip=1.23.83.46, port=16465, name_id=0, rule_id=32
7. proto=UDP ip=1.23.83.138, port=16465, name_id=0, rule_id=32
8. proto=UDP ip=1.23.89.60, port=16465, name_id=0, rule_id=32
9. proto=UDP ip=1.23.128.18, port=16470, name_id=0, rule_id=32
Hit
diagnose sys botnet hit
0. proto=UDP ip=24.5.5.251, port=16471, hits=1
diagnose sys checkused
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to identify other objects which depend on or make reference to the configuration object in question. If an error is displayed that an object is in use and cannot be deleted, this command can help identify the source of the problem.
Syntax
diagnose sys checkused
Command
diagnose sys checkused system.interface.name wan1
Output
entry used by child table dstintf:name ‚wan1’ of table firewall.policy:policyid ‚1’
entry used by table router.static:seq-num ‚1’
diagnose sys dashboard
Firmware – FortiOS: 5.0 5.2 5.4
This command allows you to remove and rebuild the widget reports on the dashboard.
Syntax
diagnose sys dashboard reset
diagnose sys dashboard stats app-usage clear
diagnose sys dashboard stats app-usage show
diagnose sys dashboard stats dlp-archive clear
diagnose sys dashboard stats dlp-archive show
diagnose sys dashboard stats log
diagnose sys dashboard stats log-clear
diagnose sys dashboard stats pol-usage clear
diagnose sys dashboard stats pol6-usage clear
diagnose sys dashboard stats session-top
diagnose sys dashboard stats traffic-history
diagnose sys device
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to add device to Virtual Domain.
Syntax
diagnose sys device add
diagnose sys flash
Firmware – FortiOS: 5.0 5.2 5.4
This command can be used to change the currently active firmware partition and to display partition information stored on the flash drive.
Syntax
format shared data partition (flash partition #3)
Use this command to change the currently active firmware partition:
diagnose sys flash format
List flash images
Use this command to display partition information stored on the flash drive:
diagnose sys flash list
Command
diagnose sys flash list
Output
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FGT60C-5.02-FW-build582-140604 39417 28526 72% No
2 FGT60C-5.00-FW-build271-140409 39417 27224 69% Yes
3 FLDB-10.00974 39420 34068 86% No
Image build at Apr 9 2014 01:52:03 for b0271
Command
diagnose sys flash format
Output
Formatting this storage will erase all data on it, including
databases for antivirus and IPS;
and require the unit to reboot.
Do you want to continue? (y/n)
diagnose sys fullcone
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display fullcone diagnostics.
Syntax
diagnose sys fullcone
diagnose sys h323
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys h323
Options
H323 calls
diagnose sys h323 call list
Mask for H323 kernel trace
diagnose sys h323 debug-mask
H323 peers
diagnose sys h323 peer list
Display h323 status
diagnose sys h323 status
Command
diagnose sys h323 status
Output
Peer: alloc=0 free=0 used=0
Call: alloc=0 free=0 used=0
diagnose sys ha checksum cluster
Firmware – FortiOS: 5.4 5.6
This command is used to show HA cluster checksum.
Before 5.4, the functionality of this command was taken care of by the command diagnose sys ha cluster-csum.
Syntax
diagnose sys ha checksum cluster
Command
diagnose sys ha checksum cluster
Output
================== FGT60C3G10016011 ==================
is_manage_master()=1, is_root_master()=1
debugzone
global: 6a d0 69 55 34 62 d7 c7 57 e1 45 8f e6 7f c0 00
root: e9 6d 2a da 25 6d d7 5f 5c 12 06 5e b5 7e 48 91
all: c2 5a f4 d7 e8 19 0f 52 52 d0 9b 12 73 b9 56 84
checksum
global: 6a d0 69 55 34 62 d7 c7 57 e1 45 8f e6 7f c0 00
root: e9 6d 2a da 25 6d d7 5f 5c 12 06 5e b5 7e 48 91
all: c2 5a f4 d7 e8 19 0f 52 52 d0 9b 12 73 b9 56 84
diagnose sys ha checksum log
Firmware – FortiOS: 5.4 5.6
This command is used to enable a checksum log by saving checksum calculations to a temp file. The checksum calculations saved in this file can be processed by two different functions; cmdbsvr and the CLI.
Syntax
diagnose sys ha checksum log
Options
Enable checksum log
diagnose sys ha checksum log enable
Disable checksum log
diagnose sys ha checksum log disable
Clear checksum log
diagnose sys ha checksum log clear
Command
diagnose sys ha checksum log enable
Output
checksum log is enabled
Command
diagnose sys ha checksum log disable
Output
checksum log is disabled
diagnose sys ha status
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to display the HA group ID, as well as the serial number, role (active or standby), and device priority of each appliance belonging to the HA cluster.
Syntax
diagnose sys ha status
Command
diagnose sys ha status
Output
HA information
Statistics
traffic.local = s:0 p:146398 b:15927610
traffic.total = s:0 p:146398 b:15927610
activity.fdb = c:0 q:0
Model=60, Mode=0 Group=0 Debug=0
nvcluster=0, ses_pickup=0, delay=0
HA group member information: is_manage_master=1.
Command
diagnose sys ha status
Output
HA information
Statistics
traffic.local = s:0 p:83204 b:23018881
traffic.total = s:0 p:83197 b:23014300
activity.fdb = c:0 q:0
Model=100, Mode=0 Group=0 Debug=0
nvcluster=0, ses_pickup=0, delay=0
[Debug_Zone HA information]
HA group member information: is_manage_master=1.
[Kernel HA information]
diagnose sys hasync-stats all
Firmware – FortiOS: 6.0
This command is used to display hasync all objects’ stats.
Syntax
diagnose sys hasync-stats all
diagnose sys hasync-stats by-object
Firmware – FortiOS: 6.0
This command is used to display hasync stats by object.
Syntax
diagnose sys hasync-stats by-object
diagnose sys nst
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display information about the FortiView network segmentation tree.
Syntax
diagnose sys nst {downstream | query}
Options
downstream: Shows connected downstream FortiGates
query: Query the network segmentation tree
diagnose sys process
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
Dump process stack
diagnose sys process dump
Sample process instructions
diagnose sys process trace
diagnose sys profile
Firmware – FortiOS: 5.4
This command is used to display the port kernel profiling information.
Syntax
diagnose sys profile {start | stop | show | sysmap | cpumask | module}
Options
start – – To start kernel profiling data
stop – – To copy kernel profiling data
show – – To show kernel profiling result
sysmap – – To show kernel sysmap
cpumask – – To profile which CPUs
module – – To show kernel module
Usage
Use the following steps:
set CPU mask first
run start command
run stop command to read the profiling data and analyze
run show command to show the result
set CPU mask 00 to stop profiling
Example
# diagnose sys profile module
filter4 2806048 – – Live 0x3f000000 (P)
diagnose sys proxy bypass
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys proxy bypass ftp
diagnose sys proxy bypass http
diagnose sys proxy bypass imap
diagnose sys proxy bypass nntp
diagnose sys proxy bypass pop3
diagnose sys proxy bypass smtp
diagnose sys sccp-proxy debug-console
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sccp-proxy debug-console
diagnose sys sccp-proxy phone
Description
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to list SCCP phones.
Syntax
diagnose sys sccp-proxy phone list
diagnose sys session filter clear
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter clear
Options
diagnose sys session filter clear dintf
diagnose sys session filter clear dport
diagnose sys session filter clear dst
diagnose sys session filter clear duration
diagnose sys session filter clear expire
diagnose sys session filter clear nport
diagnose sys session filter clear nsrc
diagnose sys session filter clear policy
diagnose sys session filter clear proto
diagnose sys session filter clear proto-state
diagnose sys session filter clear sintf
diagnose sys session filter clear sport
diagnose sys session filter clear src
diagnose sys session filter clear vd
diagnose sys session filter dst
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter dst
diagnose sys session filter duration
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter duration
diagnose sys session filter policy
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter policy
diagnose sys session filter proto
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter proto
diagnose sys session filter src
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session filter src
diagnose sys session help
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
Add session help
diagnose sys session help add
Delete session help
diagnose sys session help delete
Command
diagnose sys session help list
Output
list builtin help module:
mgcp
dcerpc
rsh
pmap
dns-tcp
dns-udp
rtsp
pptp
sip
mms
tns
h245
h323
ras
tftp
ftp
list session help:
help=pmap, protocol=17 port=111
help=rtsp, protocol=6 port=8554
help=rtsp, protocol=6 port=554
help=pptp, protocol=6 port=1723
help=rtsp, protocol=6 port=7070
help=sip, protocol=17 port=5060
help=pmap, protocol=6 port=111
help=rsh, protocol=6 port=512
help=dns-udp, protocol=17 port=53
help=tftp, protocol=17 port=69
help=tns, protocol=6 port=1521
help=mgcp, protocol=17 port=2727
help=dcerpc, protocol=17 port=135
help=rsh, protocol=6 port=514
help=ras, protocol=17 port=1719
help=ftp, protocol=6 port=21
help=mgcp, protocol=17 port=2427
help=dcerpc, protocol=6 port=135
help=mms, protocol=6 port=1863
help=h323, protocol=6 port=1720
diagnose sys session6 filter expire
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session6 filter expire
diagnose sys sip debug-mask
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to set the debug level for the SIP session helper. Different debug masks display different levels of detail about SIP session helper activity.
Syntax
Mask for SIP kernel trace
diagnose sys sip debug-mask
Command
diagnose sys sip debug-mask 0
Output
The old mask is 2.
diagnose sys sip mapping
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to display the current list of SIP NAT address mapping tables being used by the SIP session helper.
Syntax
diagnose sys sip mapping list
diagnose sys sip status
Firmware – FortiOS: 5.0 5.2 5.4
Use this command to display the current SIP session helper activity including information about the SIP dialogs, mappings, and other SIP session help counts. This command can be useful to get an overview of what the SIP session helper is currently doing.
Syntax
diagnose sys sip status
Command
diagnose sys sip status
Output
dialogs: max=32768, used=0
mappings: used=0
dialog hash by ID: size=2048, used=0, depth=0
dialog hash by RTP: size=2048, used=0, depth=0
mapping hash: size=2048, used=0, depth=0
count0: 0
count1: 0
count2: 0
count3: 0
count4: 0
This command output shows that the session helper is not processing SIP sessions because all of the used and count fields are 0. If any of these fields contain non-zero values then the SIP session helper may be processing SIP sessions.
diagnose sys sip-proxy calls
Firmware – FortiOS: 5.0 5.2 5.4 5.6
Use the following commands to list all active SIP calls being processed by the SIP ALG. You can also use the clear option to delete all active SIP calls being processed by the SIP ALG.
Syntax
diagnose sys sip-proxy calls clear
diagnose sys sip-proxy calls idle
diagnose sys sip-proxy calls invite
diagnose sys sip-proxy calls list
diagnose sys sip-proxy filter identity-policy
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy filter identity-policy
diagnose sys sip-proxy filter list
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display the current filter.
Syntax
diagnose sys sip-proxy filter list
diagnose sys sip-proxy filter policy-type
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy policy-type
Options
Filter IPv4 policies
diagnose sys sip-proxy filter policy-type ipv4
Filter IPv6 policies
diagnose sys sip-proxy filter policy-type ipv6
diagnose sys sip-proxy filter src-port
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display the source port to filter by.
Syntax
diagnose sys sip-proxy filter src-port
diagnose sys sip-proxy log-filter identity-policy
Firmware – FortiOS: 5.0 5.2 5.4 5.6 6.0
This command is used to identify the policy to filter by.
Syntax
diagnose sys sip-proxy log-filter identity-policy
diagnose sys sip-proxy log-filter list
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display the current filter.
Syntax
diagnose sys sip-proxy log-filter list
diagnose sys sip-proxy log-filter negate
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy log-filter negate
Options
diagnose sys sip-proxy log-filter negate dst-addr4
diagnose sys sip-proxy log-filter negate dst-addr6
diagnose sys sip-proxy log-filter negate dst-port
diagnose sys sip-proxy log-filter negate identity-policy
diagnose sys sip-proxy log-filter negate policy
diagnose sys sip-proxy log-filter negate policy-type
diagnose sys sip-proxy log-filter negate src-addr4
diagnose sys sip-proxy log-filter negate src-addr6
diagnose sys sip-proxy log-filter negate src-port
diagnose sys sip-proxy log-filter negate vd
diagnose sys sip-proxy log-filter negate voip-profile
diagnose sys sip-proxy log-filter policy-type
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy log-filter policy-type
Options
Filter IPv4 policies
diagnose sys sip-proxy log-filter policy-type ipv4
Filter IPv6 policies
diagnose sys sip-proxy log-filter policy-type ipv6
diagnose sys sip-proxy log-filter vd
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy log-filter vd
diagnose sys sip-proxy redirect
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to list SIP redirects.
Syntax
diagnose sys sip-proxy redirect list
Command
diagnose sys sip-proxy redirect list
Output
sip redirects
vdom 0 (root) redirect 32839020 proto 6 addr 0.0.0.0:5060 users 1
vdom 0 (root) redirect 32839050 proto 6 addr [::]:5060 users 1
vdom 0 (root) redirect 32839080 proto 17 addr 0.0.0.0:5060 users 1
vdom 0 (root) redirect 328390b0 proto 17 addr [::]:5060 users 1
diagnose sys sip-proxy stats
Firmware – FortiOS: 5.0 5.2 5.4
Use the following commands to display status information about the SIP sessions being processed by the SIP ALG. You can also clear all SIP ALG statistics.
Syntax
diagnose sys sip-proxy stats
Options
diagnose sys sip-proxy stats call
diagnose sys sip-proxy stats clear
diagnose sys sip-proxy stats ha
diagnose sys sip-proxy stats list
diagnose sys sip-proxy stats mem full
diagnose sys sip-proxy stats mem summary
diagnose sys sip-proxy stats proto
diagnose sys sip-proxy stats ssl-auth
diagnose sys sip-proxy stats udp
diagnose sys sip-proxy vdom
Firmware – FortiOS: 5.6
This command is used to display VDOM data located in the voipd daemon.
Syntax
diagnose sys sip-proxy vdom
Command
diagnose sys sip-proxy vdom
Output
VDOM list by id:
vdom 0 root (Kernel: root)
vdom 1 dmgmt-vdom (Kernel: dmgmt-vdom)
vdom 2 test2 (Kernel: test2)
vdom 3 test3 (Kernel: test3)
vdom 4 vdoma2 (Kernel: vdoma2)
vdom 5 vdomb2 (Kernel: vdomb2)
vdom 6 vdomc2 (Kernel: vdomc2)
vdom 7 vdoma (Kernel: vdoma)
vdom 8 vdomb (Kernel: vdomb)
vdom 9 vdomc (Kernel: vdomc)
VDOM list by name:
vdom 1 dmgmt-vdom (Kernel: dmgmt-vdom)
vdom 0 root (Kernel: root)
vdom 2 test2 (Kernel: test2)
vdom 3 test3 (Kernel: test3)
vdom 7 vdoma (Kernel: vdoma)
vdom 4 vdoma2 (Kernel: vdoma2)
vdom 8 vdomb (Kernel: vdomb)
vdom 5 vdomb2 (Kernel: vdomb2)
vdom 9 vdomc (Kernel: vdomc)
vdom 6 vdomc2 (Kernel: vdomc2)
diagnose sys sip-proxy vip
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys sip-proxy vip
Options
Policy VIP list
diagnose sys sip-proxy vip policy
Real server VIP list
diagnose sys sip-proxy vip real-server
RTP policies
diagnose sys sip-proxy vip rtp-policies
diagnose sys tcpsock
Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display TCP sock info.
Syntax
diagnose sys tcpsock
Command
diagnose sys tcpsock
Output
0.0.0.0:709->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1000->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1001->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1002->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1003->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1004->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1005->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1006->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:80->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1011->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1012->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:53->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1013->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:22->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1014->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:23->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1015->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1017->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1018->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:2650->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:443->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1019->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:7900->0.0.0.0:0->state=listen err=0 sockflag=0x2 rma=0 wma=0 fma=0 tma=0
0.0.0.0:541->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
192.168.1.99:22->192.168.1.100:51842->state=estabilshed err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
diagnose sys top-fd
Firmware – FortiOS: 6.0
Command to retrieve fd usage information.
Syntax
diagnose sys top-fd [process count]
diagnose sys top-fd detail [process count] [fd-count]
Options
detail – Turns on the display, on a per process basis, of the active fd information with details.
process-count – The number of processes for which information will be displayed. The default is five (5).
fd-count – The number of fds that will be displayed if the detail option is used. The default is fifty (50) fds.
Basic command
diagnose sys top-fd
authd (158): 45
wad (194): 44
miglogd (200): 42
miglogd (199): 40
miglogd (146): 39
Using detail with process-count of 1 and fd count of 10
diagnose sys top-fd detail 1 10
authd (158): 45
/dev/null
/dev/null
/dev/null
anon_inode:[eventpoll]
socket:[21]
/tmp/cmdb_lock
/tmp/shm_lock
/dev/console
anon_inode:[eventpoll]
socket:[2753]
diagnose sys ttl
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
diagnose sys session ttl
diagnose sys vd
Firmware – FortiOS: 5.0 5.2 5.4
This command provides options to display various virtual domain information.
Syntax
diagnose sys vd
Options
Add a Virtual System
diagnose sys vd add
Delete a Virtual System
diagnose sys vd delete
List Virtual Domains
diagnose sys vd list
Set current VDOM
diagnose sys vd set
Command
diagnose sys vd list
Output
system fib version=61
list virtual firewall info:
name=vsys_fgfm index=2 enabled use=8 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based asym_rt6=0 rt6_num=4 strict_src_check=0 dns_log=0 ses_num=0 ses6_num=0 pkt_num=0
tree_flag=0 nataf=0 traffic_log=0 extended_traffic_log=0 svc_depth=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no
ipv4_rate=0, ipv6_rate=0
name=vsys_ha index=1 enabled use=11 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based asym_rt6=0 rt6_num=6 strict_src_check=0 dns_log=0 ses_num=0 ses6_num=0 pkt_num=1242
tree_flag=0 nataf=0 traffic_log=0 extended_traffic_log=0 svc_depth=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no
ipv4_rate=0, ipv6_rate=0
ha_flags={no-ses-sync,no-ses-flush,no-ha-stats} mode=standalone ha_state=work prio=0 vid=0
name=root index=0 enabled use=70 rt_num=44 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based asym_rt6=0 rt6_num=16 strict_src_check=0 dns_log=1 ses_num=22 ses6_num=0 pkt_num=699917
tree_flag=0 nataf=0 traffic_log=0 extended_traffic_log=0 svc_depth=2
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no
ipv4_rate=0, ipv6_rate=0
vf_count=4 vfe_count=10
diagnose sys vxlan fdb
Firmware – FortiOS: 6.0
This is a command for showing VXLAN FDB information and statistics.
Syntax
diagnose sys vxlan fdb
Options
list – Display VXLAN forwarding DB
stat – Display VXLAN forwarding DB statistics
Example(s)
diag sys vxlan fdb stat vxlan1
fdb_table_size=256 fdb_table_used=256 fdb_entry=486107 fdb_max_depth=2025 cleanup_idx=212 cleanup_timer=-2
diagnose sys waninfo
Firmware – FortiOS: 5.6
This command is used to display the public IP address and the geographical location (country) in the dashboard. In the same location on the dashboard, it also shows whether or not the listed IP address is a member of the Fortinet Blacklist.
Syntax
diagnose sys waninfo
Command
diagnose sys waninfo
Output
Public/WAN IP: 209.87.240.98
Location:
Latitude: 45.250100
Longitude: -75.916100
Accuracy radius: 5
Time zone: America/Toronto
City: Stittsville
Subdivisions:
0: Ontario
Country: Canada
Postal:
Code: K2S
Continent: North America
Registered country: Canada
ISP: Unknown
Failed to query whether 209.87.240.98 is in the FortiGuard IP Blacklist: ret=-1 buf_
sz=1024
Command fail. Return code 5
diagnose sys wccp
Firmware – FortiOS: 5.0 5.2 5.4
Syntax
Delete one wccp service
diagnose sys wccp delete
Flush wccp services
diagnose sys wccp flush
List wccp services
diagnose sys wccp list