# get system status
Version: FortiGate-60E v6.2.4,build1112,200511 (GA)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 15.00897(2020-07-29 03:26)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGT60ETKxxxxxxxx
IPS Malicious URL Database: 2.00729(2020-08-07 07:31)
Botnet DB: 1.00000(2012-05-28 22:51)
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: FW01
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: a-p, master
Cluster uptime: 1 days, 3 hours, 44 minutes, 43 seconds
Cluster state change time: 2020-08-07 18:49:10
Branch point: 1112
Release Version Information: GA
System time: Sat Aug 8 15:37:10 2020
get system performance status
View performance information such as resource usage
# get system performance status
CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU1 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 1911268k total, 578572k used (30.3%), 1272712k free (66.6%), 59984k freeable (3.1%)
Average network usage: 40 / 49 kbps in 1 minute, 890 / 885 kbps in 10 minutes, 414 / 409 kbps in 30 minutes
Average sessions: 116 sessions in 1 minute, 123 sessions in 10 minutes, 103 sessions in 30 minutes
Average session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes
Average NPU sessions: 50 sessions in last 1 minute, 60 sessions in last 10 minutes, 48 sessions in last 30 minutes
Average nTurbo sessions: 0 sessions in last 1 minute, 0 sessions in last 10 minutes, 0 sessions in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days, 23 hours, 42 minutes
Hardware related
get hardware status
Display various hardware information
# get hardware status
Model name: FortiGate-60E
ASIC version: SOC3
ASIC SRAM: 64M
CPU: ARMv7
Number of CPUs: 4
RAM: 1866 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6LITE Adapter (rev.)
Time related
execute time
Show current time
Shows last NTP sync time
# execute time
current time is: 15:02:56
last ntp sync:Sat Aug 8 14:49:25 2020
# diagnose sys ntp status
HA master: yes, HA master ip: 169.254.0.1, management_vfid: 0 ha_direct=1, ha_mgmt_vfid=1
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(ntp1.fortiguard.com) 208.91.113.70 -- reachable(0xff) S:1 T:54
server-version=4, stratum=2
reference time is e2d8bb75.8480a029 -- UTC Sat Aug 8 05:49:41 2020
clock offset is 0.025183 sec, root delay is 0.000092 sec
root dispersion is 0.011795 sec, peer dispersion is 216 msec
ipv4 server(ntp2.fortiguard.com) 208.91.114.23 -- reachable(0xfb) S:1 T:104
server-version=4, stratum=2
reference time is e2d8bb80.63241def -- UTC Sat Aug 8 05:49:52 2020
clock offset is 0.021793 sec, root delay is 0.000107 sec
root dispersion is 0.012390 sec, peer dispersion is 1399 msec
ipv4 server(ntp2.fortiguard.com) 208.91.113.71 -- reachable(0xff) S:1 T:18 selected
server-version=4, stratum=2
reference time is e2d8bb44.5be013 -- UTC Sat Aug 8 05:48:52 2020
clock offset is 0.025585 sec, root delay is 0.000092 sec
root dispersion is 0.012115 sec, peer dispersion is 415 msec
ipv4 server(ntp1.fortiguard.com) 208.91.114.98 -- reachable(0xff) S:1 T:15
server-version=4, stratum=2
reference time is e2d8bb8a.bd7757f0 -- UTC Sat Aug 8 05:50:02 2020
clock offset is 0.023176 sec, root delay is 0.000137 sec
root dispersion is 0.011032 sec, peer dispersion is 320 msec
Interface related
get system interface physical
Display the status of each interface such as up / down, speed, duplex, etc.
FW01 # get system ha status
HA Health Status: OK
Model: FortiGate-60E
Mode: HA A-P
Group: 0
Debug: 0
Cluster Uptime: 0 days 2:41:55
Cluster state change time: 2020-08-07 12:13:40
Master selected using:
<2020/08/07 12:13:40> FGT60ETKxxxxxxxx is selected as the master because it has the largest value of override priority.
<2020/08/07 11:52:10> FGT60ETKxxxxxxxx is selected as the master because it's the only member in the cluster.
ses_pickup: enable, ses_pickup_delay=disable
override: enable
Configuration Status:
FGT60ETKxxxxxxxx(updated 2 seconds ago): in-sync
FGT60ETKyyyyyyyy(updated 2 seconds ago): in-sync
System Usage stats:
FGT60ETKxxxxxxxx(updated 2 seconds ago):
sessions=71, average-cpu-user/nice/system/idle=0%/0%/0%/99%, memory=31%
FGT60ETKyyyyyyyy(updated 2 seconds ago):
sessions=27, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=32%
HBDEV stats:
FGT60ETKxxxxxxxx(updated 2 seconds ago):
internal6: physical/1000auto, up, rx-bytes/packets/dropped/errors=22031628/66675/0/0, tx=39667019/70366/0/0
internal7: physical/1000auto, up, rx-bytes/packets/dropped/errors=18560694/46359/0/0, tx=18712447/45415/0/0
FGT60ETKyyyyyyyy(updated 2 seconds ago):
internal6: physical/1000auto, up, rx-bytes/packets/dropped/errors=38350647/67170/0/0, tx=20728120/62466/0/0
internal7: physical/1000auto, up, rx-bytes/packets/dropped/errors=17396561/42221/0/0, tx=17262772/42219/0/0
MONDEV stats:
FGT60ETKxxxxxxxx(updated 2 seconds ago):
internal1: physical/100auto, up, rx-bytes/packets/dropped/errors=27134716/142668/0/0, tx=88164022/134514/0/0
wan1: physical/100auto, up, rx-bytes/packets/dropped/errors=68478268/101399/0/0, tx=12222874/69742/0/0
FGT60ETKyyyyyyyy(updated 2 seconds ago):
internal1: physical/100auto, up, rx-bytes/packets/dropped/errors=3528048/35145/0/0, tx=0/0/0/0
wan1: physical/100auto, up, rx-bytes/packets/dropped/errors=1264451/3661/0/0, tx=88132/487/0/0
Master: FW01 , FGT60ETKxxxxxxxx, HA cluster index = 1
Slave : FW02 , FGT60ETKyyyyyyyy, HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Master: FGT60ETKxxxxxxxx, HA operating index = 0
Slave : FGT60ETKyyyyyyyy, HA operating index = 1
Link monitor related
diagnose sys link-monitor status all
Display the status of the monitor target
# diagnose sys link-monitor status all
Link Monitor: 1, Status: alive, Server num(1), Create time: Sat Dec 28 08:52:08 2019
Source interface: VLAN50 (23)
Interval: 1
Peer: 192.168.179.1(192.168.179.1)
Source IP(10.1.50.1)
Route: 10.1.50.1->192.168.179.1/32, gwy(10.1.50.254)
protocol: ping, state: alive
Latency(Min/Max/Avg): 1.971/28.514/3.938 ms
Jitter(Min/Max/Avg): 0.002/23.504/2.436
Packet lost: 0.000%
Number of out-of-sequence packets: 2081298
Fail Times(0/1)
Packet sent: 3265569, received: 2146619, Sequence(sent/rcvd/exp): 54306/54306/65536
Routing relationship
get router info routing-table all
View all of the routing table
# get router info routing-table all
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.179.1, wan1
C 10.1.10.0/24 is directly connected, VLAN10
is directly connected, VLAN10
C 10.1.20.0/24 is directly connected, VLAN20
C 10.1.30.0/24 is directly connected, VLAN30
C 192.168.179.0/24 is directly connected, wan1
get router info routing-table <option>
The routing table for each protocol can be displayed by changing the option part.
# get router info routing-table
details show routing table details information
all show all routing table entries
rip show rip routing table
ospf show ospf routing table
bgp show bgp routing table
isis show isis routing table
static show static routing table
connected show connected routing table
database show routing information base
OSFP related
get router info ospf neighbor
Show neighbor information
# get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID Pri State Dead Time Address Interface
10.200.30.2 1 Full/DR 00:00:35 10.10.2.2 wan1
get router info ospf route
Show OSPF routes
# get router info ospf route
OSPF process 0:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
C 10.10.2.0/30 [1] is directly connected, wan1, Area 0.0.0.0
E2 10.10.3.0/24 [1/20] via 10.10.2.2, wan1
E2 10.200.30.2/32 [1/20] via 10.10.2.2, wan1
Other commands
# get router info ospf
database show ospf database information
interface show ospf interfaces
route show ospf routing table
neighbor show ospf neighbors
border-routers show ospf border routers
status show ospf status
virtual-links show ospf virtual links
BGP relationship
get router info bgp summary
View BGP summary
# get router info bgp summary
BGP router identifier 10.10.2.1, local AS number 1
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.2 4 1 34 35 1 0 0 00:28:41 1
Total number of neighbors 1
get router info bgp network
View BGP table
# get router info bgp network
BGP table version is 2, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.10.1.0/24 0.0.0.0 100 32768 0 i
*>i10.10.3.0/24 10.10.2.2 0 100 0 0 i
Total number of prefixes 2
Other commands
# get router info bgp
attribute-info list all bgp attribute information
cidr-only display routes with non-natural netmasks
community display routes matching the communities
community-info list all bgp community information
community-list display routes matching the community-list
dampening display router dampening infomation
filter-list display routes conforming to the filter-list
inconsistent-as display routes with inconsistent AS Paths
neighbors show BGP neighbors
network show BGP info for network
network-longer-prefixes show BGP info for route and more specific routes
paths path information
prefix-list display routes conforming to the prefix-list
regexp display routes matching the AS path regular expression
quote-regexp display routes matching the AS path "regular expression"
route-map display routes conforming to the route-map
scan display BGP scan status
summary summary of BGP neighbor status
memory BGP memory table
NAT relationship
get system session list
View NAT table
# get system session list
PROTO EXPIRE SOURCE SOURCE-NAT DESTINATION DESTINATION-NAT
icmp 58 10.10.1.10:1 10.10.3.250:60417 10.10.3.10:8 -
igmp 345 10.10.10.1:0 - 224.0.0.22:0 -
tcp 3599 10.10.1.10:52627 - 10.10.1.254:22 -
Comments