From 99debf56380b3f48648c9a3827d646db0d260998 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Tue, 11 Oct 2022 16:27:55 +0300 Subject: [PATCH 1/6] ongoing additions, changes, and fixes --- .DS_Store | Bin 8196 -> 8196 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.DS_Store b/.DS_Store index 1e72f65d330c05102de09fa4091aff77a793d3af..b4c8e34fcae432e19c170ca749e9451a5269fddc 100644 GIT binary patch delta 22 dcmZp1XmQxELV(lI(#%vx!O+5d^G1PSegIL429W>& delta 22 dcmZp1XmQxELV(lAz{prf!O+NZ^G1PSegIIu27dqm From 66169a66c2e95472ece9fa61556e1714b7cbc4a7 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Sat, 15 Oct 2022 14:02:50 +0000 Subject: [PATCH 2/6] Fortigate fixes --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index d9ce76e..b116181 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -799,9 +799,7 @@ proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-al |Command |Descritption -|*diagnose debug httpsd -1* - -*diagnose debug application httpsd -1* +| *diagnose debug application httpsd -1* |Enable diagnostics for administrator and remote REST API access via `api-user`. When debugging API automation, refrain from working in admin GUI as it will produce a lot of unrelated output. From 78a654efdce276ecb04913e46738ae1588f5cb85 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Sat, 15 Oct 2022 14:05:27 +0000 Subject: [PATCH 3/6] Fortigate fixes --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index b116181..5019e51 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -792,7 +792,7 @@ proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-al |=== -== Administrator GUI access and API automation requests debug +== Administrator GUI, SSH access and API automation requests debug [cols=2, options="header"] |=== @@ -803,6 +803,9 @@ proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-al |Enable diagnostics for administrator and remote REST API access via `api-user`. When debugging API automation, refrain from working in admin GUI as it will produce a lot of unrelated output. +|*diagnose debug application sshd -1* +|Debug SSH administrator session. + |=== From 8b442667e065aa70d71a371b4222e5fe4232b3dc Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Tue, 18 Oct 2022 14:37:18 +0000 Subject: [PATCH 4/6] Fortigate cheat sheet updates --- ...tigate-debug-diagnose-complete-cheat-sheet.adoc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 5019e51..fdc0b05 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -299,6 +299,20 @@ a| Filter VPN debug messages using various parameters: |*get vpn ssl monitor* |List logged in SSL VPN users with allocated IP address, username, connection duration. +|*diagnose vpn ssl debug-filter _criteria_* +|Limit debug output according to the _criteria_ below: + +`src-addr4|src-addr6` _source-ip-of-client_ Source IP of the connecting client + +`vd` _VDOM name_ Limit debug to a specific VDOM, specify VDOM by its string +name, not numerical index. + +`negate` Negate the filter. + +`clear` Clear the filter. + +`list` List active filter. + |*diagnose debug app sslvpn -1* |Debug SSL VPN connection. Shows only SSL protocol negotiation and set up. That is - ciphers used, algorithms and such, does NOT show user names, groups, or any client related info. From 09f264c04dd8594c6429daec85144681ef538086 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Tue, 18 Oct 2022 14:38:21 +0000 Subject: [PATCH 5/6] Fortigate cheat sheet updates --- cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index fdc0b05..0d3826f 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -302,7 +302,7 @@ a| Filter VPN debug messages using various parameters: |*diagnose vpn ssl debug-filter _criteria_* |Limit debug output according to the _criteria_ below: -`src-addr4|src-addr6` _source-ip-of-client_ Source IP of the connecting client +`src-addr4\|src-addr6` _source-ip-of-client_ Source IP of the connecting client `vd` _VDOM name_ Limit debug to a specific VDOM, specify VDOM by its string name, not numerical index. From c33759943e01b39b839b7add1c80414d5957a14a Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Sat, 29 Oct 2022 05:49:11 +0000 Subject: [PATCH 6/6] Fortigate sheet fixes --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 0d3826f..f8ac591 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -671,13 +671,13 @@ just clear Fortigate DHCP database and will start over allocating again. You can |*diagnose sys sdwan member* -*diagnose sys virtual-wan-link member* +*diagnose sys virtual-wan-link member* (5.6 up to 6.4) |Show list of SD-WAN zone/interface members. Also gives each interface gateway IP (if was set, 0.0.0.0 if not), `priority`, and `weight` both by default equal `0`, used with some SLA Types. |*diagnose sys sdwan service* -*diagnose sys virtual-wan-link service* +*diagnose sys virtual-wan-link service* (5.6 up to 6.4) |List configured SD-WAN rules (aka `services`), except the Implied one which is always present and cannot be disabled, but is editable for the default load balancing method used. Shows member interfaces and their status `alive` or `dead` for this rule. @@ -685,7 +685,7 @@ just clear Fortigate DHCP database and will start over allocating again. You can |*diag sys sdwan intf-sla-log * -*diag sys virtual-wan-link intf-sla-log * +*diag sys virtual-wan-link intf-sla-log * (5.6 up to 6.4) |Print log of usage for the last 10 minutes. The statistics shown in bps: `inbandwidth`, `outbandwidth`, `bibandwidth`, `tx bytes`, `rx bytes`.