Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
simonz_FTNT
Staff
Staff

Created on ‎11-30-2023 10:15 PM Edited on ‎04-21-2024 10:55 PM By Community Manager

Article Id 287059

Technical Tips: TAC debug script with TeraTerm

Description

This article describes how to use the TAC debug script to collect debug from FortiGate in case it has a high CPU, high memory, packet drop, or misbehaving.
Scope

FortiGate.
Solution

The following script is crafted to collect required debug commands depending on what issue is troubleshooting and is useful to collect that information beforehand before raising a ticket with TAC.

 

Below is the current supported list of debug which will update from time to time:

  • WAD.
  • IPS Engine.
  • VPN.
  • NP6/NP7/NPxlite.
  • CPU related.
  • Memory related.
  • Packet sniffer.

 

Make the following changes to the script according to the environment and it will prompt the password when begin running the script for debug collection.

 

username = 'admin'          <----- Username used to login into Fortigate (super_admin) profile is required.

hostname = 'xx.xx.xx.xx'    <----- IP address of the device.

sshport = '22'              <----- Change if using a custom SSH port.

dpath = 'C:\Debug'          <----- Log file store location.

vdom = 'root'               <----- Specify VDOM that needs a debug command to run.

waittime = '300'            <----- Pause duration before the next execution of the command in seconds.

lsize = '10M'               <----- Log rotate file size (M = megabyte).

NP = '2'                    <----- Number of NP processors, use 'diag npu npX port-list' to check. Leave it default if the device does not have NP.

wadworker = '2'             <----- Number of WAD worker, check using the 'diag test application wad 1000' command. Leave it default if not debugging on WAD.
verb = '6'                    <----- sniffer verbose level.
sniint = 'any'              <----- specify interface for packet sniffer.
sniwait = '5'               <----- sniffer wait timer.
secure = 0                 <----- 1-Teraterm console will run in the background, 0-Show on desktop (default).

option = 3                  <----- 1-WAD, 2-IPSE, 3-SYSCPU, 4-SYSMEM, 5-VPN, 6-NP6, 7-NP7, 8-NPx, 9-SNIFF.

 

Refer to the below article to run the script and to download the TeraTerm installer:
Technical Tip: FortiGate monitoring script


If the secure option is set to '1', when closing the TeraTerm macro script the console will remain open in the background as it was not properly shut down. It can be close to the task manager or use the cleanup.ps1 (Powershell script in cleanup.zip) to close Teraterm.

Note:

This script is not compatible with TeraTerm 5.x
TAC_debug_script_v1.3.3.ttl
cleanup.zip
1141
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.