|
Sometimes the admin has only read-only access to the FortiGate, but to be able to troubleshoot some issues need to run 'diagnose test application' commands.
For example, if the resolved FQDNs need to be checked in CLI:
FGT $ diagnose test application dnsproxy 6
command parse error before 'application'
Command fail. Return code -61
The solution is to replace 'diagnose test application' with 'get test':
FGT $ get test dnsproxy 6
worker idx: 0
vfid=0 name=www.fortinet.com ver=IPv4 timer running, min_ttl=17:14, cache_ttl=0 , slot=0, num=1
13.37.145.162 (ttl=17:5:5)
FQDN num=1
Also, IPS can be troubleshooted with this command:
FGT $ diagnose test application ipsmonitor 1
command parse error before 'application'
Command fail. Return code -61
FGT $ get test ipsmonitor 1
pid = 178, engine count = 4
0 - pid:212:212 cfg:1 master:0 run:1
1 - pid:229:229 cfg:0 master:1 run:1
2 - pid:230:230 cfg:0 master:0 run:1
3 - pid:231:231 cfg:0 master:0 run:1
pid: 229 index:1 master
version: 06000000FLEN04300-00004.00035-1903252254
up time: 0 days 0 hours 30 minutes
init time: 0 seconds
socket size: 256(MB)
database: extended
bypass: disable
pid: 230 index:2
version: 06000000FLEN04300-00004.00035-1903252254
up time: 0 days 0 hours 30 minutes
init time: 0 seconds
socket size: 256(MB)
database: extended
bypass: disable
pid: 231 index:3
version: 06000000FLEN04300-00004.00035-1903252254
up time: 0 days 0 hours 30 minutes
init time: 0 seconds
socket size: 256(MB)
database: extended
bypass: disable
Limitation:
The commands that require to run 'diagnose debug enable' will also not produce any output:
FGT $ get test wad 1000
FGT $
Note:
The 'get test' command is removed from v7.6.1 and only the 'diagnose test application' command is available.
|
