Technical Tip: RMA - HQIP test (with built-in FortiOS diagnostic commands)
Description
This article describes troubleshooting with built-in FortiOS hardware diagnostic commands.
Scope
FortiGate with built-in diagnostic commands (E-Series and newer).
For older hardware that requires a dedicated HQIP test image, follow this article: Technical Tip: RMA - HQIP test (with hardware test image).
Solution
HQIP can perform tests on several hardware elements.
While it does not detect all hardware malfunctions, tests for the most common hardware problems are performed.
Note:
To prove that the hardware is faulty, visual evidence may be requested, especially when there is no other proof that the unit is indeed faulty (i.e., for checking the power adapter).
In many cases, the device may appear faulty when it is actually just running low on memory. For the lower end FortiGate models (smaller than 200F), this does not mean there is a hardware problem. These devices may simply have limited resources and may need some configuration optimization. For more details check the related articles at the bottom.
Traditionally, hardware diagnostics require users to download the HQIP image and then load the image on the device before the tests can be performed. Starting in FortiOS v5.4 with FortiGate E-Series models, HQIP tests are built into FortiOS itself. This allows users the convenience of performing hardware diagnostics without needing to find the HQIP image and reloading the firmware image.
Note:
No HQIP images will be produced for FortiGate E-Series and above that support built-in HQIP commands. Conversely, for units that require an HQIP image, continue using their designated HQIP images. See the 'Running an HQIP Test' attachment to the related article 'Technical Tip: HQIP - Hardware Quick Inspection Package' for details.
Precautions and Preparations:
- Some tests in HQIP will incur downtime. It is strongly recommended to run the HQIP test during a maintenance window.
- Plan to be local to the firewall to perform this test. Console access is recommended, and select tests require the use of loopback cables and re-cabling of the current device.
- Make sure to have a good backup of the configuration file.
- Have a backup of the current firmware image in case a full recovery of the system is required.
- Perform a factory reset before running the test if possible to get the most accurate results ('execute factoryreset').
- A reboot is required if the unit is factory reset config with some uptime.
- Make sure the device is no longer handling production traffic and the CPU and memory is low before performing the test.
- Enable logging of the console output before the test begins
- The 'Running an HQIP Test' attachment to the related article 'Technical Tip: HQIP - Hardware Quick Inspection Package' has information about wiring the device, console connection, hardware, TFTP server, and connecting to the device. Reference the link if unfamiliar with the aforementioned operations.
What can be tested:
From the CLI, run the following command to list all the hardware test items supported on the device. This command does not execute the actual tests:
Typically, the output will show test cases under these categories:
- BIOS.
- System.
- Pci.
- Usb.
- Button.
- Cpu.
- Memory.
- Network.
- Npu.
- ASIC.
- Disk.
- LED.
- Wifi.
What the HQIP test does not do:
- Detect all hardware malfunctions. Tests for the most common hardware problems are performed.
- Diagnose issues that cause a device to reboot or be unstable.
- Detect software configuration errors, OS bugs, or OS Kernel Crash issues (one type of OS bug).
- Diagnose devices with multiple Hard Drives.
| bios | Perform BIOS related test. |
| system | Perform system related test. |
| pci | Perform PCI related test. |
| usb | Perform USB related test |
| button | Perform button related test. |
| cpu | Perform CPU related test. |
| memory | Perform memory related test. |
| network | Perform network related test. |
| npu | Perform NPU related test. |
| asic | Perform ASIC related test. |
| disk | Perform disk related test. |
| led | Perform LED related test. |
| wifi | Perform WiFi related test. |
| suite | Run a test suite. |
| info | Show test parameters etc. |
There will be interactive prompts throughout the test, so users are advised to remain at the console during the duration of the test. To run the test suite:
Note:
Please connect ethernet cables:
[WAN - Any of PORT1...PORT4] <- This means no other cables should be connected.
Continue with the rest of the test cases and monitor the console for interactive prompts.
When the test is complete, a Test Report will be displayed, showing cases that Passed, Failed, or Skipped (N/A). Save this output for reference.
Running one test category or a single test case:
When running a test category, simply input the chosen category and select Enter. For example, to test the System:
========================= Fortinet Hardware Test Report =========================
SYSTEM
CPU Configuration Check....................................... PASS
Memory Configuration Check.................................... PASS
Storage Configuration Check................................... PASS
Network Configuration Check................................... PASS
========================= Fortinet Hardware Test PASSED ========================
To test the self-loopback test:
FortiGate # diagnose hardware test network loopback
Network Interface Loopback Test
Please connect ethernet/SFP cables:
[MGMT1 - MGMT2] [HA1 - HA2] [PORT1 - PORT2] [PORT3 - PORT4]
Do you want to continue this test? (y/n) (default is n) y
Test Begin at UTC Time Thu Jul 11 05:53:44 2024
==============Fortinet Hardware Test Report=======
SYSTEM
CPU Configuration check................................ PASS
=======Fortinet Hardware Test PASSED ===============
Common requests and issues:
A non-interactive mode for running the test suite:
Tests overwriting disk data:
Explaining the PCBA, stress, and rack-burn-in options when running the 'diagnose hardware test suite':
Note:
To proceed with an RMA process for the replacement of a device or chassis, specific supporting evidence may be required. As part of the process, it is important to provide visual evidence where the serial number of the device is clearly visible. This step ensures that the necessary verification can be completed.
For those unfamiliar with the process, it is important to note that visual evidence serves as crucial evidence to confirm the details of the device. Without this, the RMA request cannot move forward. Ensure that the serial number is legible in the media provided, as this is a standard requirement to comply with internal procedures for the RMA process and will be requested by the TAC engineer: RMA Note: Finding the unit serial number on a FortiGate chassis or appliance.
When opening the ticket with Fortinet Support to proceed with the RMA, if the FortiGate is configured in a Cluster/HA, run the commands below on the FortiGate that is operating normally and include the outputs along with the other evidence. This will ensure that the replacement device is compatible with the functioning FortiGate.
get system status
get hardware status
Related articles:
- Technical Tip: FortiGate HQIP test self-loopback cable - Ethernet RJ45
- Technical Tip: HQIP - Hardware Quick Inspection Package
- Technical Tip: 'diagnose hardware test suite all' with non-factory reset configuration
- Technical Tip: General Troubleshooting Library for Administrators
- Technical Tip: How to optimize memory consumption for smaller FortiGates