From 6cb7f261c4afaa00f46a35169e4ef8516d76246a Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 30 Jan 2023 08:37:35 +0000 Subject: [PATCH 1/5] Added to Fortigate alertmail debug --- ...e-debug-diagnose-complete-cheat-sheet.adoc | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 0978fee..79ac4ad 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -5,7 +5,9 @@ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ -NOTE: To enable debug set by any of the commands below, you need to run *diagnose debug enable*. This is assumed and not reminded any further. +NOTE: To enable debug set by any of the commands below, you need to run +*diagnose debug enable*. This is assumed and not reminded any further. Use *dia +debug info* to know what debug is enabled, and at what level. NOTE: To disable and stop immediately any debug, run *dia deb res* which is short for *diagnose debug reset*. @@ -957,4 +959,20 @@ Google or documentation. +|=== + + +== Alerts Sending debug + +[cols=2, options="header"] +|=== +|Command +|Description + +|*dia debug app alertmail -1* +|Enable sessions debug for sending alerts by mail. This will show the configured +settings, like from/to email address, as well as SMTP session log of connecting +to the remote mail server and received/sent SMTP session codes. + + |=== From be3a97aabf08f1f4b7e8e5fa426dd30deba29ed5 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Tue, 7 Feb 2023 13:50:46 +0000 Subject: [PATCH 2/5] Fortigate SFP info --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 79ac4ad..9143a5e 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -483,6 +483,11 @@ source _ip_ / ttl _integer_ / use-sdwan yes] |*diagnose hardware deviceinfo nic * |Same as above. +|*get sys interface transceiver* +|List all SFP/SFP+ transceivers installed with info on: vendor name, serial +number, temperature, voltage consumed, and, most important - Transmit (TX) and +Receive (RX) signal power in dBm. + |*get hardware npu np6 port-list* |Show on which interfaces the NPU offloading is enabled. From 82036e127381555c045b3b970ede8fde2f4dfee8 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Wed, 8 Feb 2023 15:05:33 +0000 Subject: [PATCH 3/5] Fortigate: added Fortitoken section --- ...e-debug-diagnose-complete-cheat-sheet.adoc | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 9143a5e..213dbae 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -966,6 +966,41 @@ Google or documentation. |=== +== FortiTokens + +[cols=2, options="header"] +|=== +|Command +|Description + +|*diagnose fortitoken info* +|Show all existing on the Fortigate Fortitokens, including their status: + +* `new` - new token, available to be assigned to a user. +* `active` - normal state, assigned to a user, hardware Fortitoken. +* `provisioning` - Fortitoken Mobile (FTM), assigned to a user, waits for end + user to activate it on his/her mobile phone. +* `provisioned` - FTM, assigned to a user and activated by him/her as well. +* `provision timeout` - user hasn't activated the assigned token in the given + time window (3 days default), the token needs to be re-provisioned to a user again. +`locked` - token was locked either manually by administrator, or because +Fortigate was not able to reach Fortiguard servers. + + +|*exec ping fds1.fortinet.com* + +*exec ping directregistration.fortinet.com* + +*exec ping globalftm.fortinet.net* + +|Verify that Fortigate can resolve and ping the FortiGuard servers +responsible for FortiToken activation/license validation. + +|*show user fortitoken* +|Display all Fortitokens info on license number, activation expiration (in epoch +format). + +|=== == Alerts Sending debug From 4b4fa6846ebdddabd9713b19bebbcbd3058287da Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Wed, 8 Feb 2023 15:07:12 +0000 Subject: [PATCH 4/5] Fortigate: added Fortitoken section --- ...tigate-debug-diagnose-complete-cheat-sheet.adoc | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 213dbae..11a3fd2 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -976,12 +976,16 @@ Google or documentation. |*diagnose fortitoken info* |Show all existing on the Fortigate Fortitokens, including their status: -* `new` - new token, available to be assigned to a user. -* `active` - normal state, assigned to a user, hardware Fortitoken. -* `provisioning` - Fortitoken Mobile (FTM), assigned to a user, waits for end +`new` - new token, available to be assigned to a user. + +`active` - normal state, assigned to a user, hardware Fortitoken. + +`provisioning` - Fortitoken Mobile (FTM), assigned to a user, waits for end user to activate it on his/her mobile phone. -* `provisioned` - FTM, assigned to a user and activated by him/her as well. -* `provision timeout` - user hasn't activated the assigned token in the given + +`provisioned` - FTM, assigned to a user and activated by him/her as well. + +`provision timeout` - user hasn't activated the assigned token in the given time window (3 days default), the token needs to be re-provisioned to a user again. `locked` - token was locked either manually by administrator, or because Fortigate was not able to reach Fortiguard servers. From c0b2904fee0ff8662b356266eab062f2d4749d47 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Wed, 8 Feb 2023 15:08:06 +0000 Subject: [PATCH 5/5] Fortigate: added Fortitoken section --- cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 11a3fd2..dc3fc74 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -987,6 +987,7 @@ Google or documentation. `provision timeout` - user hasn't activated the assigned token in the given time window (3 days default), the token needs to be re-provisioned to a user again. + `locked` - token was locked either manually by administrator, or because Fortigate was not able to reach Fortiguard servers.