Troubleshooting Tip: Debugs for device/policy install from FortiManager to FortiGate

sakuraju · ‎08-19-2024

Description

This article describes the debug commands that need to be collected when policy push/ device install fails from FortiManager to FortiGate.

Scope

FortiGate 7.x.

FortiManager 7.x.

Solution

FortiGate:

dia deb reset

dia deb application fgfm -1

dia deb cli 8

dia deb console timestamp en

di deb en

Replicate the issue by installing the policy package/ device settings to FortiGate.

Example:

2024-08-17 16:07:04 FGFMs: client:

put script

devid=163

revision=-1

localid=912

chan_window_sz=32768

deflate=gzip

script_sz=210

undoscript_sz=821

script_timestamp=41

fmg_login_name=admin@FortiManager

2024-08-17 16:07:04 FGFMs: __tty_cleanup,140: tty_cleanup, sock=(nil), fd=-1.

2024-08-17 16:07:04 FGFMs: __ctx_cleanup,160: ctx_cleanup, cli_pid=0.

2024-08-17 16:07:04 FGFMs: fgfm_script_handler,1152: begain download script.

2024-08-17 16:07:04 FGFMs: fgfm_script_handler,1169: accept this channel.

2024-08-17 16:07:06 FGFMs: __run_cli,974: begain running script.

2024-08-17 16:07:06 FGFMs: [__chan_close:783] send channel close: local=913, remote=912

2024-08-17 16:07:06 FGFMs: Destroy chan local=913, remote=912, in=1031, ack=1031, out=56,acked=56,inbuff=-1.

2024-08-17 16:07:06 0: config firewall policy

2024-08-17 16:07:06 FGFMs: client:send:

put install_log

localid=914

chan_window_sz=32768

deflate=gzip

devid=163

revision=-1

script_timestamp=41

log_offset=0

2024-08-17 16:07:06 0: edit 1

2024-08-17 16:07:06 0: set auto-asic-offload disable

2024-08-17 16:07:06 0: next

2024-08-17 16:07:06 0: end

2024-08-17 16:07:06 0: config ips sensor

2024-08-17 16:07:06 0: delete "test"

2024-08-17 16:07:06 0: end

2024-08-17 16:07:06 0: config firewall addrgrp

2024-08-17 16:07:06 0: delete "test_local"

2024-08-17 16:07:06 0: end

2024-08-17 16:07:06 0: config firewall address

2024-08-17 16:07:06 0: delete "test_local_subnet_1"

2024-08-17 16:07:06 0: end

2024-08-17 16:07:06 FGFMs: __cli_run_script_cb,809: test tunnel, stage=install, will try 5 times, pid=11778.

2024-08-17 16:07:11 FGFMs: __restart_tunnel,736: Prepare to restart tunnel: pid=11778, fd=4.

2024-08-17 16:07:11 FGFMs: __restart_tunnel_handler,577:..., first time=1, pid=2048.

2024-08-17 16:07:11 FGFMs: Cleanup session 0x1146c610, 192.168.200.20.

2024-08-17 16:07:11 FGFMs: __log_chan_close,411: events=16...

2024-08-17 16:07:11 FGFMs: [__chan_close:783] send channel close: local=914, remote=913

2024-08-17 16:07:11 FGFMs: __tunnel_cb,523:...

2024-08-17 16:07:11 FGFMs: Destroy chan local=914, remote=913, in=0, ack=0, out=546,acked=546,inbuff=-1.

2024-08-17 16:07:11 FGFMs: Create session 0x114524d0.

2024-08-17 16:07:11 FGFMs: setting session 0x114524d0 exclusive=0