Technical Tip: Debug commands to analyze FortiLink communication

FortiLink is a feature used in Fortinet’s security fabric to connect FortiSwitches to FortiGates. SSH into the FortiGate and run the following command: 

diagnose debug console timestamp enable 

diagnose debug application fortilink <level>  1 to 4 (higher numbers provide more detailed output). 

diagnose debug enable  

diagnose debug disable <----- Execute the when finished.

Caution:

Debugging can generate a large amount of output and may affect performance. Always advisable to run commands during maintenance windows.

Output:

2024-10-19 09:03:51 591s:749ms:448us flp_send_pkt[460]:pkt-sent {type(5) flag=0x1ac2 node(internal6) sw(internal6) len(26)smac: 4:d5:90:80:85:4c dmac:70:4c:a5:ab:3d:d0 

Note:

The above will display output <level>  1: (minimal output)

Upon analyzing the debug logs related to network activity, it is evident that a packet is being transmitted from the device.

The number within the parentheses denotes a specific category of packet or protocol. These categories encompass different network protocols like data packets, control messages, or management traffic.

pkt-sent: This field indicates that the device is sending out packets.
type(5): A specific packet or protocol type.

• The reference to 'node(internal6)' likely pertains to a particular network node or interface within the FortiGate. The 'internal6' is an internal interface.
• The reference to 'sw(internal6)' indicates the corresponding switch or virtual switch interface associated with the internal6 node. This signifies that the FortiGate is overseeing a switch interface that aligns with the internal network.