Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msingh_FTNT
Staff & Editor
Staff & Editor

Created on ‎11-16-2022 10:00 AM Edited on ‎08-04-2025 10:59 PM By Staff

Article Id 230103

Troubleshooting Tip: Troubleshooting Security Fabric Issues

Description This article describes helpful debug commands to use for troubleshooting security fabric issues.
Scope FortiGate v6.4, v7.0, and higher.
Solution

Sniffer commands to troubleshoot communication issues between upstream and downstream FortiGate in the Security Fabric:

 

   diagnose sniffer packet any "tcp port 8013 or udp port 8014" 4 0 a

 

Debug commands to find any issues related to Security Fabric /Security Fabric performance issues.

 

diagnose sys csf downstream

diagnose test app csf 1

 

Another option for troubleshooting the connection is to verify the authorization list on the fabric root appliance (accept it if one is pending):

 

diagnose sys csf authorization pending-list

diagnose sys csf authorization accept [SN_of_pending_FGT]

 

In specific cases can also be useful:

 

diagnose sys csf upstream

diagnose sys csf global

 

Run these before opening the GUI, then examine the parts that are lagging in the GUI.

 

diagnose debug disable

diagnose debug reset

diagnose debug console timestamp enable

diagnose debug enable

diagnose debug application csfd -1

 

Open the GUI and replicate the issue, and then stop the capture with the command below

 

diagnose debug disable

 

Commands to identify a high CPU issue caused by the csfd daemon:

get sys performance status
diagnose sys top 2 50 <- Run it for 15 seconds and press q to quit.
diagnose sys mpstat
diagnose hard sysinfo interrupt <- Run multiple times, every 10 minutes.

diagnose debug console timestamp enable

diagnose debug application csfd -1

diagnose debug enable

 

Run the following commands five times each when csfd is busy or 'csfd debug output stops' working.

 

Find the csf process ID by issuing: 

 

diagnose sys process pidof csfd

 

Then use the process ID for the following commands: 

 

diagnose sys process dump <csfd pid>

diagnose sys process pstack <csfd pid>

diagnose sys process trace <csfd pid> 5


Commands to identify a High Memory issue caused by the daemon csfd:

diagnose test app csfd 1

diagnose test app csfd 4

diagnose test app csfd 10

diagnose test app csfd 51

diagnose test app csfd 52

diagnose test app csfd 110

diagnose test app csfd 122

diagnose test app csfd 123

diagnose test app csfd 124

Note:
Make sure that the upstream device IP is not part of the configuration of the downstream device. (IP address conflict).


Example:

Using the upstream device IP 172.16.24.1 in any interface of the downstream device. In such a case, the Fabric Status will be 'Not Connected'.
Labels:
6537
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.