FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article lists helpful debug commands to use for troubleshooting security fabric issues.
Scope FortiOS 6.4,7.0, 7.2

Debug commands to find any issues related to Security Fabric /Security Fabric performance issues


# diag sys csf downstream

# diag test app csf 1


Run these before opening the GUI, then examine the parts that are lagging in the GUI.


# diagnose debug console timestamp enable

# diagnose debug enable

# diagnose debug application csf -1


Commands to identify a high CPU issue caused by the csfd daemon

# get sys performance status
# diagnose sys top 2 50 (Run it for 15 seconds and press q to quit
# diagnose sys mpstat
# diagnose hard sysinfo interrupt
# diagnose debug console timestamp enable

# diagnose debug application csfd -1

# diagnose debug enable


Run the following commands five times each when csfd is busy or 'csfd debug output stops' working.


# diagnose sys process dump <csfd pid>

# diagnose sys process pstack <csfd pid>

# dia sys process trace <csfd pid> 5

Commands to identify a High Memory issue caused by the daemon csfd

# diag test app csf 1

# diag test app csf 4

# diag test app csf 10

# diag test app csf 51

# diag test app csf 52

# diag test app csf 110

# diag test app csf 122

# diag test app csf 123

# diag test app csf 124