Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff & Editor
Staff & Editor

Created on ‎09-01-2025 01:01 AM Edited on ‎09-25-2025 01:44 AM By Community Manager

Article Id 408983

Technical Tip: Performing general healthcheck on a FortiGate

Description This article describes how to perform a general health check of a FortiGate. It provides steps to retrieve logs and perform a health check on the device.
Scope FortiGate.
Solution
  1. Run the command 'get sys status' to display versions of firmware, FortiGuard engines, and other system information.
  2. Run the command 'get sys performance status' to display CPU and memory usage, network usage, and session setup rate.
  3. Run the command 'get hardware status' to show ASIC type, hard disk size, RAM size, CPU cores, network card type, etc.
  4. Run the command 'fnsysctl ifconfig' to show a summary for all interfaces, including MAC/HW address, IP address, MTU, Metric, TX, RX, collisions, interface queue size, etc.
  5. Run the command 'get hardware nic <port>' to show port hardware details, MAC/HW address, link status, link settings, and traffic counters.
  6. Run the command 'diagnose sys top 5 20' to show top processes information for 20 processes and refresh every 5 seconds.
  7. Run the command 'fnsysctl ps' to show the list of all processes active in the FortiGate.
  8. Run the command 'diagnose sys top-mem to show the top 5 processes using the most memory.
  9. Run the command 'get sys session-info full-stat' to show session info statistics.
  10. Run the command 'diagnose debug crashlog read' to show debug crashlog output.
  11. Run the command 'diagnose debug config-error-log read' to show config error logs.
  12. Run the command 'diagnose hardware sys memory' to show system memory information.
  13. Run the command 'diagnose system top-fd' to show file descriptors memory information.
  14. Run the command 'diagnose hardware sys conserve' to check if the FortiGate is in conserve mode.
  15. Run the command 'diagnose sys session list' to check session creation and teardown rates.
  16. Run the command 'diagnose alertconsole list' to show the current alert messages.

 

In general, FortiGate is in a healthy state based on the following:

  • FortiGate did not show any abnormality in CPU usage by a certain daemon continuously.
  • FortiGate did not show any abnormality in memory usage by a certain daemon.
  • There is no continuous crashlog observed on the FortiGate crashlog output.
  • FortiGate conserve mode is off

 

Note:

Super Admin privilege is required to run the 'fnsysctl' command. Otherwise, FortiGate will return an error, as explained in this KB article: Troubleshooting Tip: fnsysctl command returns Unknown action 0

 

If the FortiGate is suspected to fail on the hardware level, the HQIP test would be more appropriate to check: Technical Tip: RMA: HQIP test (with built-in FortiOS diagnostic commands
Labels:
499
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.