I configure/support Fortigate firewalls on a daily basis, the baby 60DSL’s, the  200A’s, but mostly the big 3016B’s.

Although I do use the Fortimanager front-end extensively for revision history, I still prefer and often do work from the command line, so I tought I’ll share the commands I use often.

Monitoring commands:

show

• Show global or vdom config

sh system interface

• Equivalent to show run interface

diagnose hardware deviceinfo nic

• Equivalent to show interface

get system status

• show version information

sh firewall policy 6

• show firewall rule numer 6

sh router policy

• Show Policy Routing rules

diagnose system session list

• Show the excisting translations

diagnose system session clear

• Clears all xlate/translations
  

diagnose ip arp list

• Shows the arp table of connected hosts

get router info routing-table all

• Equivalent to ‘show ip route’

diagnose system top

• Show System Processes running with PIDs

diagnose system kill 9 <id>

• Kill the specific PID

diag test auth ldap <server_name> <username> <password>

• Ldap test query from the Forti to the AD

-