Chapter 18 Troubleshooting : Troubleshooting methodologies : Establish a baseline
  
Establish a baseline
FortiGate units operate at all layers of the OSI model. For this reason troubleshooting problems can become complex. If you establish a normal operation parameters, or baseline, for your system before the problem occurs it will help reduce the complexity when you are troubleshooting.
Many of the guiding questions in the following sections are some form of comparing the current problem situation to normal operation on your FortiGate unit. For this reason it is a best practice that you know what your normal operating status is, and have a record of it you can refer to. This can easily be accomplished by monitoring the system performance with logs, SNMP tools, or regularly running information gathering commands and saving the output. This regular operation data will show trends, and enable you to see when changes happen and there may be a problem.
 
 
Back up your FortiOS configuration on a regular basis. This is a good practice for everyday as well as when troubleshooting. You can restore the backed up configuration when needed and save the time and effort of re-creating it from the factory default settings.
Some fundamental CLI commands you can use to obtain normal operating data for your system:
 
get system status
Displays versions of firmware and FortiGuard engines, and other system information.
get system performance status
Displays CPU and memory states, average network usage, average sessions and session setup rate, virus caught, IPS attacks blocked, and uptime.
get hardware memory
Displays informations about memory
get system session status
Displays total number of sessions
get router info routing-table all
Displays all the routes in the routing table including their type, source, and other useful data.
get ips session
Displays memory used and max available to IPS as well and counts.
get webfilter ftgd-statistics
Displays list of FortiGuard related counts of status, errors, and other data.
diagnose firewall statistic show
Displays the amount of network traffic broken down into categories such as email, VoIP, TCP, UDP, IM, Gaming, P2P, and Streaming.
diag system session list
Displays current detailed sessions list
show system dns
Displays configured DNS servers
diag sys ntp status
Displays informations about ntp servers
These commands are just a sample. Feel free to include any extra information gathering commands that apply to your system. For example if you have active VPN connections, record information about them using the get vpn * series of commands.
For an extensive snapshot of your system, run the CLI command used by TAC to gather extensive information about a system — exec tac report. It runs many diagnostic commands that are for specific configurations. This means no matter what features you are using, this command will record their current state. Then if you need to perform troubleshooting at a later date, you can run the same command again and compare the differences to quickly locate suspicious output you can investigate.