- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS troubleshooting commands (nse4 material is wrong)
Hy Guys,
I was studying for the NSE4 and in the chapter concerning IPS, it was mentioned these commands below, but they don't work in version 5.2+:
Display IPs blocked by Anomalies filter# diag ips anomaly list IPS engine troubleshooting#diag test app ipsm <number>1-display engine information2-enable/disable IPS engine5-Toggle bypass status99-restart IPS engines/monitor Additionally, in the Quick reference to common diagnose commands available at: http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_di...the command below doesn't work either:# firewall statistic show I think, all of them must have changed its syntax.Does anyone know the updated one? Thanks!Regards,Fabricio Lima
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I do not know from where you have this but this command works:
# diagnose test application ipsmonitor IPS Engine Test Usage: 1: Display IPS engine information 2: Toggle IPS engine enable/disable status 3: Display restart log 4: Clear restart log 5: Toggle bypass status 6: Submit attack characteristics now 10: IPS queue length 11: Clear IPS queue length 12: IPS L7 socket statistics 13: IPS session list 14: IPS NTurbo statistics 15: IPSA statistics 16: Display device identification cache 17: Clear device identification cache 96: Toggle IPS engines watchdog timer 97: Start all IPS engines 98: Stop all IPS engines 99: Restart all IPS engines and monitor
or following for statistics:
# diagnose ips packet status PACKET STATISTICS: total packets 60347021 tcp packets 48904151 udp packets 10835395 icmp packets 607475 other packets 16256 PACKET ACTION STATISTICS: PASS 3351862 0 DROP 87 0 RESET 0 0 RESET_CLIENT 0 0 RESET_SERVER 0 0 DROP_SESSION 66 0 PASS_SESSION 3585 0 CLEAR_SESSION 0 0 EXEMPT 0 0
Hope this helps
have fun
Andrea
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey
Certain command run only in config global mode and others in config vdom mode:
FG01 (global) # get system status
Version: FortiGate-VM64 v5.2.4,build0688,150722 (GA)
FG01 (global) # diagnose test application ipsmonitor 1
pid = 56, engine count = 2
0 - pid:329:329 cfg:1 master:0 run:1
1 - pid:330:330 cfg:0 master:1 run:1
pid: 330 index:1 master
version: 05002000FLEN02300-00003.00079-1507021455
up time: 0 days 0 hours 8 minutes
init time: 0 seconds
socket size: 32(MB)
database: regular
bypass: disable
FG01 (root) # diagnose ips anomaly list
list nids meter:
total # of nids meters: 0.
Be aware that google searches return a lot of links to the old Fortigate documentation. In your case 4.0.
Guess this is what you were looking for in vdom mode:
FG01 (root) # get system performance firewall statistics
getting traffic statistics...
Browsing: 90563 packets, 57489934 bytes
DNS: 32140 packets, 3381815 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 61785 packets, 19293297 bytes
Generic UDP: 50437 packets, 6874141 bytes
Generic ICMP: 4 packets, 336 bytes
Generic IP: 4477 packets, 143846 bytes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed ( check global vrs vdom )
PCNSE
NSE
StrongSwan
