Establish a baseline

FortiGate operates at all layers of the OSI model. For this reason, troubleshooting can be complex. Establishing baseline parameters for your system before a problem occurs helps to reduce the complexity when you need to troubleshoot.

A best practice is to establish and record the normal operating status. Regular operation data shows trends, and allows you to see where changes occur when problems arise. You can gather this data by using logs and SNMP tools to monitor the system performance or by regularly running information gathering commands and saving the output.

note icon

You should back up your FortiOS configuration on a regular basis even when you are not troubleshooting. You can restore the backed up configuration as needed to save time recreating it from the factory default settings.

Use the following CLI commands to obtain normal operating data for a FortiGate:

get system status

Displays firmware versions and FortiGuard engine versions, and other system information.

get system performance status

Displays CPU and memory states, average network usage, average sessions and session setup rate, viruses caught, IPS attacks blocked, and uptime.

get hardware memory

Displays information about memory.

get system session status

Displays total number of sessions.

get router info routing-table all

Displays all the routes in the routing table, including their type, source, and other useful data.

get ips session

Displays memory used and maximum amount available to IPS as well as counts

get webfilter ftgd-statistics

Displays a list of FortiGuard related counts of status, errors, and other data.

diagnose sys session list

Displays the list of current detailed sessions.

show sys dns

Displays the configured DNS servers.

diagnose sys ntp status

Displays information about NTP servers.

You can run any commands that apply to your system for information gathering. For example, if you have active VPN connections, use the get vpn series of commands to get more information about them.

Use execute tac report to get an extensive snapshot of your system. This command runs many diagnostic commands for specific configurations. It also records the current state of each feature regardless of the features deployed on your FortiGate. If you need to troubleshoot later, you can run the same command again and compare the differences to identify any suspicious output.