Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tecepeipe
New Contributor

IPS troubleshooting commands (nse4 material is wrong)

Hy Guys,

 

I was studying for the NSE4 and in the chapter concerning IPS, it was mentioned these commands below, but they don't work in version 5.2+:

 

Display IPs blocked by Anomalies filter

# diag ips anomaly list

 

IPS engine troubleshooting

#diag test app ipsm <number>

1-display engine information

2-enable/disable IPS engine

5-Toggle bypass status

99-restart IPS engines/monitor

 

Additionally, in the Quick reference to common diagnose commands available at: 

http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_di...

the command below doesn't work either:

# firewall statistic show

 

 

I think, all of them must have changed its syntax.

Does anyone know the updated one?

 

Thanks!

Regards,

Fabricio Lima

3 REPLIES 3
AndreaSoliva
Contributor III

Hi

 

I do not know from where you have this but this command works:

 

       # diagnose test application ipsmonitor               IPS Engine Test Usage:                   1: Display IPS engine information            2: Toggle IPS engine enable/disable status            3: Display restart log            4: Clear restart log            5: Toggle bypass status            6: Submit attack characteristics now           10: IPS queue length           11: Clear IPS queue length           12: IPS L7 socket statistics           13: IPS session list           14: IPS NTurbo statistics           15: IPSA statistics           16: Display device identification cache           17: Clear device identification cache           96: Toggle IPS engines watchdog timer           97: Start all IPS engines           98: Stop all IPS engines           99: Restart all IPS engines and monitor

 

or following for statistics:

 

       # diagnose ips packet status               PACKET STATISTICS:          total packets    60347021          tcp packets      48904151          udp packets      10835395          icmp packets     607475          other packets    16256               PACKET ACTION STATISTICS:          PASS                          3351862         0          DROP                          87              0          RESET                         0               0          RESET_CLIENT                  0               0          RESET_SERVER                  0               0          DROP_SESSION                  66              0          PASS_SESSION                  3585            0          CLEAR_SESSION                 0               0          EXEMPT                        0               0

 

Hope this helps

 

have fun

 

Andrea

localhost

Hey

 

Certain command run only in config global mode and others in config vdom mode:

 

FG01 (global) # get system status
Version: FortiGate-VM64 v5.2.4,build0688,150722 (GA)

 

FG01 (global) # diagnose test application ipsmonitor 1

pid = 56, engine count =  2

0 - pid:329:329 cfg:1 master:0 run:1

1 - pid:330:330 cfg:0 master:1 run:1

pid:         330 index:1 master

version:     05002000FLEN02300-00003.00079-1507021455

up time:     0 days 0 hours 8 minutes

init time:   0 seconds

socket size: 32(MB)

database:    regular

bypass:      disable

 

FG01 (root) # diagnose ips anomaly list
list nids meter:
total # of nids meters: 0.

 

Be aware that google searches return a lot of links to the old Fortigate documentation. In your case 4.0.

 

Guess this is what you were looking for in vdom mode:

 

FG01 (root) # get system performance firewall statistics
getting traffic statistics...
Browsing: 90563 packets, 57489934 bytes
DNS: 32140 packets, 3381815 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 61785 packets, 19293297 bytes
Generic UDP: 50437 packets, 6874141 bytes
Generic ICMP: 4 packets, 336 bytes
Generic IP: 4477 packets, 143846 bytes

emnoc
Esteemed Contributor III

Agreed ( check global vrs vdom )

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors