Create a baseline to measure what is considered to be normal operations.
Baseline can be used to measure normal or abnormal CPU and memory utilization, traffic volume and direction, open protocols and port numbers, and traffic pattern.
Network diagrams shows the network topology such as how devices are interconnected.
Network diagrams can show the logical topology and/or physical topology.
The FortiGate devices can help you identify traffic flow and resources usage.
The Dashboard, Security Fabric, Alerts and Logs can be used to identify utilization.
get system status – Shows system information
get hardware nic <interface name> - Shows the interface information
get system arp – Shows the ARP table
execute ping-options
execute ping <dst-address>
execute traceroute <dst-address>
Shows how the CPU is handling each packet:
diagnose debug flow filter <filter> - define the filter
diagnose debug enable – enable the debugging output
diagnose debug flow trace start <repeat number> – start the trace
diagnose debug flow trace stop – stop the trace
Example:
diagnose debug filter addr 8.8.8.8
diagnose debug flow filter port 53
diagnose debug flow trace start 20
diagnose debug enable
Debug flow on the GUI
Network > Diagnostics > Debug Flow
Get system performance status
Diagnose sys top 1 – Shows running process and their resource usage
Sort by high CPU – Shift + P
Sort by high RAM – Shift + M
FortiGate can automatically protect itself when the memory usage is high.
This mode prevents the FortiGate from becoming unresponsive.
During this mode, the FortiGate does not accept system configuration changes.
The FortiGate does not performing quarantine or FortiSandbox analysis.
diagnose hardware sysinfo conserve – Check if memory conserve mode is on or off.
diagnose hardware test suite all
diagnose debug crashlog history
diagnose debug crashlog read