Description
This article describes how to collect debug or diagnostic commands, it is recommended to connect to the FortiGate using SSH so that is possible tp easily capture the output to a log file. The instructions below explain how to enable SSH access and connect using the popular SSH client PuTTY.
Scope
FortiGate.
Solution
- Make sure that SSH is enabled on the interface connected to.
- Network -> Interfaces, Choose the desired interface and select ' Edit '.
- Make sure to check 'SSH' next to 'Administrative Access', then choose 'OK' to save changes.
- Network -> Interfaces, Choose the desired interface and select ' Edit '.
Enable SSH admin access on the interface From CLI:
config system interface
edit <interfacename>
set allowaccess ssh -> If there are already existing ping or HTTPS make sure to include 'set allowaccess ping https ssh'.
next
end
Example:
Discovery-kvm81 # config system interface
Discovery-kvm81 (interface) # edit port2
Discovery-kvm81 (port2) # set allowaccess ping https ssh --> ping and https are already existing protocols added ssh
Discovery-kvm81 (port2) # end
-
Download an SSH client such as PuTTy (using PuTTy is explained in the following steps).
-
Launch PuTTY and:
-
Putty Configuration -> Session: Specify IP and port (usually port 22), Connection Type: SSH.
-
Go to 'Session -> Logging' and under 'session logging', enable 'printable output'.
-
Choose a location for the log file under 'Log file name'.
-
Select Open to connect to FortiGate.
-
-
Log into the FortiGate, and execute the CLI commands.
-
Close PuTTY (or disable logging) and attach the log file to the ticket.
Related article:
Technical Tip: How to create a log file of a session using PuTTY
