Fortigate got some very good diagnostics on there firewalls. There is a hole branch of the command tree, that starts with

diagnose or short diag

On of the commands often used is

diagnose sys top [refresh] [num of procs]

This command keeps running like the ‘top’ command on Unix like systems. As options you can specify the refresh time in seconds and the number of processes to be displayed.

The output on Fortinet is something like:

Run Time:  1 days, 11 hours and 5 minutes
0U, 2S, 97I; 440T, 124F, 138KF
          newcli    22601      R       1.1     3.2
            sshd    22593      S       1.1     2.5
          ospf6d       42      S       0.1     0.5
       ipsengine      355      S <     0.0    29.8
          httpsd       81      S       0.0     4.3
         cmdbsvr       20      S       0.0     4.3
          httpsd       90      S       0.0     4.2
          httpsd       40      S       0.0     3.6
           fgfmd       78      S       0.0     3.2
       scanunitd      639      S <     0.0     3.2
          newcli    22597      S       0.0     3.2

While the line ‘Run Time’ is quite obvious, the next line is quite cryptic.

The next line, with 0U, 2S, 97I … means

U – Userspace CPU usage in %

S – CPU usage in % of System processes (Kernel)

I – CPU idle in %

The second part of this line informs about memory usage:

440T – you got a total of 440MB memory

124F – there are still 124MB free memory

138KF – the amount of shared memory pages used

The line ‘newcli 22601 R 1.1 3.2‘ tells you:

newcli – the name of the process

22601 – the process ID

R – Running, can also be S like sleeping

1.1 – using 1.1% CPU

3.2 – using 3.2% of the memory

Every Mac caches resolved DNS queries. Sometimes you get entries which create problems. To get rid of them you have to options: reboot the machine. This is the bad one. The good one is: Type the following command in the Terminal:

dscacheutil -flushcache

If you want to know all possible commands from the command line of your Fortigate firewall, then log in using SSH and type the following command:

tree

Now you get the complete command tree with all options and all choices.

I use to say “backup is only for wimps”. But to be honest, I do backups. And I even store the backup media in a save place.

To get the data onto a backup device and put that one to a save place, sometimes you have to write the backup over the network.

netcat or nc, the swiss army knife of networking is a big help for that.

On the remote system, where you want to write the backup start netcat:

nc -l -p 12345 > /var/backup/name-of -the-backup-2010-08-18.tgz

• -l means listen
• -p <number> is the port, where nc listens.

On the system you want to backup  you can exclude some directories, like /proc and /sys from being backed up. So run:

echo "./proc
./sys
./tmp" > /tmp/X

Now it is time to start the backup:

cd /
tar -X /tmp/X -czpf - . | nc 11.12.13.14 12345

So you cd into the root directory, exclude the files listed in /tmp/X, write the backup to STDOUT  and backup everything under the current directory. The backup is done relative.

Of course, you could use a backup command like tar -czpf – /,  but then the backup is done absolute. You realize the advantage of doing relative backups, when you want to restore the backup into a directory. With an absolute backup everything is written back to the original location.

If you have to upload firmware to a router or a switch with xmodem, get the package lrzsz-0.12.20.tar.gz. Configure it with

tar xvzf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure --disable-nls && sudo make install

Then start a console session with screen

screen /dev/tty.Keyserial1 9600

then, when you are asked from the program up upload the firmware using xmodem, do:

Press ctrl-a
:exec !! lsx -b -X /path/srw2016-24-10086.ros

the upload will start.