Diagnose command changes

Leave a reply

New diagnose sys botnet command

Use the diagnose sys botnet {stat | list | find | flush | reload | file} command to display information about botnet information in the kernel and to flush and reload botnet information into the kernel.

stat the number of botnet entries in the kernel.

list list the botnet entries.

find find a botnet entry by ip address, port number, protocol etc.

flush flush botnet entries from the kernel. reload reload botnet file into the kernel file botnet file diagnostics.

Example command output:

diagnose sys botnet list

Read 10 botnet entry:

  1. 0. proto=TCP ip=0.175.57.24, port=80, name_id=8, rule_id=48
  2. 1. proto=UDP ip=1.22.117.135, port=16470, name_id=0, rule_id=32
  3. 2. proto=UDP ip=1.22.177.28, port=16465, name_id=0, rule_id=32
  4. 3. proto=UDP ip=1.22.213.38, port=16465, name_id=0, rule_id=32
  5. 4. proto=UDP ip=1.23.81.128, port=16465, name_id=0, rule_id=32
  6. 5. proto=UDP ip=1.23.82.125, port=16465, name_id=0, rule_id=32
  7. 6. proto=UDP ip=1.23.83.46, port=16465, name_id=0, rule_id=32
  8. 7. proto=UDP ip=1.23.83.138, port=16465, name_id=0, rule_id=32
  9. 8. proto=UDP ip=1.23.89.60, port=16465, name_id=0, rule_id=32
  10. 9. proto=UDP ip=1.23.128.18, port=16470, name_id=0, rule_id=32

 

Unquarantine all quarantined FortiClient devices (284146)

You can use the diagnose endpoint registration unquarantine all command to unquarantine all quarantined FortiClient devices.

 

Port HQIP to FortiOS using standard diagnose CLI (290272)

On FortiGate E series models, instead of downloading a special HQIP image to run hardware tests you can use the following command .

diagnose hardware test, followed by one of the following options:

  • bios – perform BIOS related tests.
  • system – perform system related tests.
  • usb – perform USB related tests.
  • button – perform button related tests.
  • cpu – perform CPU related tests.
  • memory – perform memory related tests.
  • network – perform network related tests.
  • disk – perform disk related tests.
  • led – perform LED related tests.
  • wifi – perform wifi related tests.
  • suite – runthe HQIP test suite.
  • setting – change test settings.
  • info – show test parameters.

 

Access Control List (ACL) diagnose command (0293399)

Use the diagnose firewall acl {counter | counter6 | clearcounter |

clearcounter6} command to display information about the access control list feature:

counter Show number of packets dropped by ACL. counter6 Show number of packets dropped by IPv6 ACL. clearcounter Clear ACL packet counter. clearcounter6 Clear the IPv6 ACL packet counter.

New traffic test functionality (279363)

diagnose traffictest {show | run -h arg | server-intf | client-intf | port | proto}

Where -h arg can be

-f, –format [kmgKMG] format to report: Kbits, Mbits, KBytes, MBytes

-i, –interval # seconds between periodic bandwidth reports

-F, –file name xmit/recv the specified file

-A, –affinity n/n,m set CPU affinity

-V, –verbose more detailed output

-J, –json output in JSON format

-d, –debug emit debugging output

-v, –version show version information and quit

-h, –help show this message and quit

-b, –bandwidth #[KMG][/#] target bandwidth in bits/sec (0 for unlimited) (default %d Mbit/sec for UDP, unlimited for TCP) (optional slash and packet count for burst mode)

-t, –time # time in seconds to transmit for (default %d secs)

-n, –bytes #[KMG] number of bytes to transmit (instead of -t)

-k, –blockcount #[KMG] number of blocks (packets) to transmit (instead of -t or -n)

-l, –len #[KMG] length of buffer to read or write (default %d KB for TCP, %d KB for UDP)

-P, –parallel # number of parallel client streams to run

-R, –reverse run in reverse mode (server sends, client receives)

-w, –window #[KMG] TCP window size (socket buffer size)

-C, –linux-congestion <algo> set TCP congestion control algorithm (Linux only)

-M, –set-mss # set TCP maximum segment size (MTU – 40 bytes)

-N, –nodelay set TCP no delay, disabling Nagle’s Algorithm

-4, –version4 only use IPv4

-6, –version6 only use IPv6

-S, –tos N set the IP ‘type of service’

-L, –flowlabel N set the IPv6 flow label (only supported on Linux)

-Z, –zerocopy use a ‘zero copy’ method of sending data

-O, –omit N omit the first n seconds

-T, –title str prefix every output line with this string

–get-server-output get results from server

[KMG] indicates options that support a K/M/G suffix for kilo-, mega-, or giga-


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.