Description
This article describes that FortiManager/FortiAnalyzer Debugger is a Chrome extension that communicates with a FortiManager or FortiAnalyzer via the Chrome extension API.
The goal of this extension is to improve the quality of GUI bug reports by collecting as much information as possible at the time of capture.
This avoids developers, QA, and TAC from having to go back and forth multiple times to collect information throughout the debugging process.
Scope
This extension allows for capturing detailed debug information of a FortiManager/FortiAnalyzer's graphical user interface.
Requires FortiManager/FortiAnalyzer 6.4.0 GA or greater.
Solution
Download the Chrome extension from its Chrome store page
What is included in the tool:
Each FortiManager/FortiAnalyzer debugger capture includes the following information:
- A video recording.
- Device meta information.
- Client and browser meta information.
- HTTP network logs.
- Various daemon debug logs.
- JavaScript console logs.
- Device memory and CPU usage over time.
- Client memory and CPU usage over time.
The supported browsers for FortiManager and FortiAnalyzer are listed in the documentation, under the Release Notes of the version -> Product Integration -> Supported Software -> Supported Browsers.
Note:
- The FortiManager/FortiAnalyzer is using WebSockets.
- If a proxy or reverse proxy is in use, it can produce different GUI issues.
- Always use the latest version of Firefox or Chrome.
Special note:
If the slowness issue is isolated to the GUI and the firmware version is 7.2.4 or above, it is recommended to check the Apache mode used in the FortiManager under get system global. Before version 7.2.3, the default 'apache-mode' utilized the 'prefork' mode. However, as of v7.2.4, the default configuration switches to the 'event' mode.
This change is aimed at supporting the HTTP/2.0 protocol. With HTTP/2.0, there is no limit on the maximum concurrency of HTTP requests, potentially leading to slower GUI performance if the client's environment imposes restrictions, whether they are network or implementation-related. HTTP/2 may face issues such as head-of-line blocking and resource prioritization, leading to slower performance compared to HTTP/1.1. Additionally, server push and intermediaries struggling with encrypted headers can further complicate matters. Implementing HTTP/2 requires more computational resources, which may affect response times. These complexities highlight scenarios where HTTP/1.1 might outperform HTTP/2.
If customers experience GUI slowness, the option is available to revert to the 'prefork' mode by using the following commands:
config system global
set apache-mode prefork
end
See the 7.2.4 release notes.
Troubleshoot:
On FortiAnalyzer.
diagnose debug reset
diagnose debug application fazsvcd 255
After the tests.
diagnose debug enable
diagnose debug reset
On FortiManager.
diagnose debug application gui 255
diagnose debug enable
At the same time from the browser open the debug tools:
Using the web tools of the browsers.
Firefox: Windows: Ctrl + Shift + I or F12
Chrome: To open the DevTools Console panel, press Command + Option + J (Mac) or CTRL + Shift + J (Other OS).
Menu → More tools → Developer tools, then select the Network tab and click on the WS (WebSocket) filter
and save the output from the console Debug.
To restart the service on both platforms.
diagnose system process killall 9 httpd
To review the listening services:
diagnose fmnetwork netstat list
Then search for 443 port (the default one).
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 ::ffff:10.5.31.40:443 ::ffff:172.26.128.192:58916 TIME_WAIT
tcp 0 81 ::ffff:10.5.31.40:443 ::ffff:172.26.128.192:58926 ESTABLISHED
tcp 0 0 ::ffff:10.5.31.40:443 ::ffff:172.26.128.192:58916 TIME_WAIT
tcp 0 81 ::ffff:10.5.31.40:443 ::ffff:172.26.128.192:58926 ESTABLISHED
If the default GUI port needs to be changed.
config system admin setting
set https_port 12121
end
