Description

This article provides useful diagnostics commands for effective troubleshooting in FortiGate.

Scope

FortiGate.

Solution

1. fnsysctl ifconfig: Displays detailed information about physical interfaces, including drops, errors, and MTU. To view details for a particular interface, include its name—for instance, fnsysctl ifconfig port1

redkvivifc # fnsysctl ifconfig
port1 Link encap:Ethernet HWaddr 00:09:0F:09:44:00
inet addr:10.5.63.220 Bcast:10.5.63.255 Mask:255.255.240.0
link-local6: fe80::269:72ff:fe6f:5c01 prefixlen 64
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:12369162 errors:0 dropped:0 overruns:0 frame:0
TX packets:223079 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2048199721 (1.9 GB) TX bytes:71758229 (68.4 MB)

port2 Link encap:Ethernet HWaddr 00:09:0F:09:44:01
inet addr:172.16.20.220 Bcast:172.16.31.255 Mask:255.255.240.0
link-local6: fe80::269:72ff:fe6f:5c02 prefixlen 64
UP BROADCAST RUNNING PROMISC MULTICAST MTU:9192 Metric:1
RX packets:546197 errors:0 dropped:0 overruns:0 frame:0
TX packets:1099 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38578008 (36.8 MB) TX bytes:46248 (45.2 KB)

2. fnsysctl cat /proc/cpuinfo: Provides CPU-related information, including model, cores, and usage statistics:

redkvivifc # fnsysctl cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 106
model name : Intel(R) Xeon(R) Gold 6338 CPU @ 2.00GHz
stepping : 6
microcode : 0xd0003e7
cpu MHz : 1995.307
cache size : 16384 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 27
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq dtes64 vmx ssse3 fma cx16 pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq rdpid arch_capabilities
bugs : spectre_v1 spectre_v2 spec_store_bypass
bogomips : 3990.61
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 57 bits virtual
power management:

3. fnsysctl cat /proc/meminfo: Displays detailed information about total, used, free, buffers, and cache usage memory.

redkvivifc # fnsysctl cat /proc/meminfo
MemTotal: 2041160 kB
MemFree: 828192 kB
MemAvailable: 870924 kB
Buffers: 692 kB
Cached: 442540 kB
SwapCached: 0 kB
Active: 560200 kB
Inactive: 24360 kB
Active(anon): 544628 kB
Inactive(anon): 19840 kB
Active(file): 15572 kB
Inactive(file): 4520 kB
Unevictable: 188120 kB
Mlocked: 40 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 329464 kB
Mapped: 157264 kB
Shmem: 239168 kB
Slab: 196468 kB
SReclaimable: 94588 kB
SUnreclaim: 101880 kB
KernelStack: 3180 kB
PageTables: 28188 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 1020580 kB
Committed_AS: 20546360 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 0 kB
VmallocChunk: 0 kB
Percpu: 312 kB
AnonHugePages: 0 kB
ShmemHugePages: 0 kB
ShmemPmdMapped: 0 kB
CmaTotal: 0 kB
CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
Hugetlb: 0 kB
DirectMap4k: 61292 kB
DirectMap2M: 2035712 kB
DirectMap1G: 0 kB

4. fnsysctl date: Displays the date and time in standard Linux format

redkvivifc # fnsysctl date
Sun May 11 09:47:51 GMT 2025

5. fnsysctl df: Displays filesystem usage statistics; particularly useful when hard disks are connected to the FortiGate.

FGT-T6 # fnsysctl df
Filesystem Size Used Available Use% Mounted on
none 1.2G 69.3M 1.1G 6% /tmp
none 1.2G 5.8M 1.2G 0% /dev/shm
none 1.2G 10.9M 1.2G 1% /dev/cmdb
none 1.2G 33.5M 1.1G 3% /dev/shmfile
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /data
/dev/mmcblk0p3 2.8G 320.9M 2.4G 11% /data2
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /new_root/zebos/etc/localtime
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/dnsproxy_root/data/etc/cert
none 1.2G 10.9M 1.2G 1% /new_root/eap_proxy/dev/cmdb
none 1.2G 33.5M 1.1G 3% /new_root/eap_proxy/dev/shmfile
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /new_root/eap_proxy/etc/cert/ca
none 1.2G 10.9M 1.2G 1% /tmp/dnsproxy_root/dev/cmdb
none 1.2G 33.5M 1.1G 3% /tmp/dnsproxy_root/dev/shmfile
none 1.2G 69.3M 1.1G 6% /tmp/dnsproxy_root/tmp/botnet_domain_shm
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /new_root/eap_proxy/etc/localtime
none 1.2G 69.3M 1.1G 6% /tmp/dnsproxy_root/tmp/botnet_domain_shm_stat
none 1.2G 69.3M 1.1G 6% /tmp/dnsproxy_root/tmp/botnet_ip_shm
none 1.2G 69.3M 1.1G 6% /tmp/dnsproxy_root/tmp/botnet_ip_shm_stat
none 1.2G 69.3M 1.1G 6% /tmp/dnsproxy_root/tmp/external_shm
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/dnsproxy_root/data/etc/localtime
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /new_root/eap_proxy_worker/etc/cert/ca
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /new_root/eap_proxy_worker/etc/localtime
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/mnt
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/etc/cert
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/etc/sshproxy
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/etc/waf-sig
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/migadmin/webfilter/ublock/ftgd/lang
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/migadmin/webfilter/ublock/ftgd/daemon/lang
/dev/mmcblk0p3 2.8G 320.9M 2.4G 11% /tmp/wad/jail/data2/ffdb
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/ffdb
/dev/mmcblk0p3 2.8G 320.9M 2.4G 11% /tmp/wad/jail/data2/antiphish
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/migadmin/images/replacement_messages
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/external_shm
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/data/lib
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/digicert_ca.pem
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/cacert_b2.pem
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/cacert_b.pem
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/digicert_tsa.pem
none 1.2G 33.5M 1.1G 3% /tmp/wad/jail/dev/shmfile/vdom.info
/dev/mmcblk0p1 247.9M 155.0M 80.1M 66% /tmp/wad/jail/etc/pac
/dev/mmcblk0p3 2.8G 320.9M 2.4G 11% /tmp/wad/jail/data2/geodb
none 1.2G 10.9M 1.2G 1% /tmp/wad/jail/dev/cmdb
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/snmp
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/dns
none 1.2G 69.3M 1.1G 6% /tmp/wad/jail/tmp/nst

6. fnsysctl ps
   
   

Lists currently running processes; useful when combined with the kill command to restart stuck processes on FortiGate.

redkvivifc # fnsysctl ps
PID UID GID STATE CMD
1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2 0 0 S [kthreadd]
3 0 0 I [rcu_gp]
4 0 0 I [rcu_par_gp]
5 0 0 I [kworker/0:0-events]
6 0 0 I [kworker/0:0H-kblockd]
8 0 0 I [mm_percpu_wq]
9 0 0 S [ksoftirqd/0]
10 0 0 I [rcu_sched]
11 0 0 I [rcu_bh]
12 0 0 S [migration/0]
14 0 0 S [cpuhp/0]
15 0 0 S [kdevtmpfs]
17 0 0 S [rcu_tasks_kthre]
282 0 0 S [khungtaskd]
283 0 0 S [oom_reaper]
284 0 0 I [writeback]
285 0 0 S [kcompactd0]
287 0 0 S [ksmd]
385 0 0 S [khugepaged]
386 0 0 I [crypto]
388 0 0 I [kblockd]
512 0 0 I [ata_sff]
616 0 0 I [ib-comp-wq]
618 0 0 I [kworker/u3:0]
619 0 0 I [ib-comp-unb-wq]
622 0 0 I [ib_mcast]
623 0 0 I [ib_nl_sa_wq]
626 0 0 I [cfg80211]
628 0 0 I [kworker/0:2-events]
756 0 0 S [kswapd0]
784 0 0 I [pencrypt]
786 0 0 I [pdecrypt]
861 0 0 I [acpi_thermal_pm]
1497 0 0 S [scsi_eh_0]
1498 0 0 I [scsi_tmf_0]
1501 0 0 S [scsi_eh_1]
1502 0 0 I [scsi_tmf_1]
1567 0 0 I [ixgbe]
1570 0 0 I [i40e]
1572 0 0 I [iavf]
1580 0 0 I [mlx4]
1583 0 0 I [mlx5_ib_sigerr_]
1584 0 0 I [mlx4_ib]
1585 0 0 I [mlx4_ib_mcg]
1711 0 0 I [qat_device_rese]
1712 0 0 I [qat_fatal_error]
1721 0 0 I [ipv6_addrconf]
1752 0 0 S [memoryd]
1797 0 0 S [jbd2/vda1-8]
1798 0 0 I [ext4-rsv-conver]
1799 0 0 I [kworker/0:1H-kblockd]
1801 0 0 S [jbd2/vda2-8]
1802 0 0 I [ext4-rsv-conver]
1811 0 0 S [jbd2/vdb1-8]
1812 0 0 I [ext4-rsv-conver]
1927 0 0 I [fortilink]
1938 0 0 I [Aggr_LAN]
1996 0 0 S /bin/cmdbsvr
2022 0 0 S /bin/zebos_launcher
2023 0 0 S /bin/nsm -L 2
2024 0 0 S /bin/ripd -L 2
2025 0 0 S /bin/ripngd -L 2
2026 0 0 S /bin/ospfd -L 3
2027 0 0 S /bin/ospf6d -L 2
2028 0 0 S /bin/bgpd -L 3
2029 0 0 S /bin/isisd -L 2
2030 0 0 S /bin/pimd -L 2
2031 0 0 S /bin/pim6d -L 2
2032 0 0 S /bin/pdmd -L 2
2033 0 0 S /bin/uploadd
2034 0 0 S /bin/kmiglogd
2035 0 0 S /bin/httpsd
2037 0 0 S /bin/mingetty
2038 0 0 S /bin/mingetty
2039 0 0 S /bin/ipsmonitor
2040 0 0 S /bin/merged_daemons
2044 0 0 S /bin/syslogd
2045 0 0 S /bin/fnbamd
2046 0 0 S /bin/fclicense
2047 0 0 S /bin/ipshelper
2048 0 0 S /bin/forticron
2049 0 0 S /bin/forticldd
2050 0 0 S /bin/authd
2051 0 0 S /bin/foauthd
2052 0 0 S /bin/clearpass
2053 0 0 S /bin/httpclid
2054 0 0 S /bin/fas
2055 0 0 S /bin/fcnacd
2056 0 0 S /bin/fsso_ldap
2057 0 0 S /bin/miglogd
2058 0 0 S /bin/bfdd
2059 0 0 S /bin/reportd
2060 0 0 S /bin/voipd
2061 0 0 S /bin/wad
2064 0 0 S /bin/ikecryptd
2065 0 0 S /bin/iked
2066 0 0 S /bin/updated
2067 0 0 S /bin/fgtlogd
2068 0 0 S /bin/snmpd
2069 0 0 S /bin/hatalk
2070 0 0 S /bin/hasync
2071 0 0 S /bin/ikecryptd
2075 0 0 S /bin/harelay
2076 0 0 S /bin/lldprx
2077 0 0 S /bin/lldptx
2078 0 0 S /bin/acd
2080 0 0 S /bin/wad 4
2081 0 0 S /bin/wad 5
2082 0 0 S /bin/wad 6
2083 0 0 S /bin/lldprx config 8
2084 0 0 S /bin/cid
2085 0 0 S /bin/iotd
2086 10686 10686 S /bin/lldprx scan 9
2087 0 0 S /bin/cid config 7
2088 0 0 S /bin/ntpd
2089 0 0 S /bin/sshd
2090 0 0 S /bin/telnetd
2091 0 0 S /bin/fsvrd
2092 0 0 S /bin/quard
2093 0 0 S /bin/cid debug 8
2094 10682 10682 S /bin/cid trap 9
2095 10683 10683 S /bin/cid scan 10
2096 0 0 S /bin/lnkmtd
2097 0 0 S /bin/lnkmt_passive
2098 0 0 S /bin/vwl
2099 0 0 S /bin/alertmail
2100 0 0 S /bin/dnsproxy
2101 0 0 S /bin/sflowd
2102 65530 65530 S /bin/eap_proxy
2103 0 0 S /bin/sessionsync
2104 0 0 S /bin/fgfmd
2105 0 0 S /bin/cw_acd
2106 0 0 S /bin/cw_acd_helper
2107 0 0 S /bin/wpad_ac
2108 0 0 S /bin/fortilinkd
2109 0 0 S /bin/cu_acd
2110 0 0 S /bin/flcfgd
2111 65530 65530 S /bin/eap_proxy
2112 0 0 S /bin/flpold
2114 0 0 S /bin/autod
2115 0 0 S /bin/speedtestd
2117 0 0 S /bin/wad_usrinfohistory 11
2118 0 0 S /bin/wad 12
2119 0 0 S /bin/dnsproxy
2122 0 0 S /bin/wad 13
2133 0 0 S /bin/miglogd 1
2198 0 0 S /bin/imi -L 2
2221 0 0 S /bin/radvd
2239 0 0 S /bin/csfd
3933 0 0 S /bin/getty
9624 0 0 R /bin/node --expose_gc /node-scripts/index.js
9681 0 0 S /bin/httpclid
9682 0 0 S /bin/newcli
9878 0 0 I [kworker/u2:0-Aggr_LAN]
9937 0 0 I [kworker/u2:1-Aggr_LAN]
9996 0 0 I [kworker/u2:2-events_unbound]
10013 0 0 S /bin/httpsd
10014 0 0 S /bin/httpsd
10015 0 0 S /bin/httpsd
10020 0 0 R ps

7. fnsysctl kill: Terminates a process by its PID using the -s N option, where N specifies the signal number (as per Linux). Using the output from the fnsysctl ps command, a process like httpsd (Admin GUI) can be killed.

For example: 'fnsysctl kill 10013'.

Note:

Since multiple processes may exist for the same function, it is more efficient to use the next command: 'fnsysctl killall'.

Kill/restart a process by specifying its name. The only required option is the process name. For instance, to kill all httpsd processes, the following command can be used.

redkvivifc # fnsysctl killall httpsd

Killing processes with killall do not appear in the crash log file, which can be accessed using the command diagnose debug crashlog read.

Certain processes, such as hasync, cannot be killed using this command

Important Aspects about the fnsysctl Command:

• Super Admin privilege is required to run the 'fnsysctl' command.
• Tab completion is not supported for this command.
• These commands can be used in automation stitches by setting the action-type to cli-script.