Category Archives: Fortigate

Fortigate, Security

How To Send Fortigate Syslog Messages To Syslog Server

2 Comments

Server # config log syslogd setting

Server (setting) # set status enable (enable logging to a remote syslog server).

Server (setting) # set facility local0  (identifies the source of the log message to syslog).

Server (setting) # set server 10.20.10.113 (the IP address of the syslog server).

Server (setting) # end

Fortigate

How to Restart FortiGate Services

Leave a comment

How to Restart FortiGate Services

When browsing to the forfIgate GUI I got response “error 400”

I restated the httpsd on the fortIgate to solve the issue.

To restart the httpsd do the following:

  1. Login to the fortIgate using ssh and admIn user
  2. Run the command get system performance top
  3. Press ctrl+c to stop the command.
  4. Locate the httpsd and its process Id. the process Ids are on the second column from the left.
  5. Run the command dIag sys kIll 11 <process-Id>
  6. Try to brows again to the GUI.

Example:

Run Time:  45 days, 18 hours and 50 minutes

0U, 0S, 100I; 4031T, 2260F, 149KF

miglogd       44      S       0.1     0.4

proxyworker       52      S       0.0     1.0

proxyworker       53      S       0.0     1.0

httpsd       66      S       0.0     0.8

httpsd      126      S       0.0     0.7

ipsengine       60      S <     0.0     0.6

ipsengine       72      S <     0.0     0.6

Fortigate, Network, Security

Fortigate SSL VPN not working

Leave a comment

If the fortigate memory goes too high, and the device drops to conserve mode then the SSL VPN may stop working correctly, or at all.

This is usually happens when the fortigate memory is above 75%.

To solve this:

  1. Run command: diagnose system top 10 or diag sys top 10 or get system performance top. The command will give you the top memory usage processes

For example:

xxxxx # diag sys top 10

Run Time:  121 days, 6 hours and 5 minutes

8U, 91S, 1I; 4031T, 1966F, 148KF

 initXXXXXXXXXXX        1      S       0.0     0.2

         cmdbsvr       38      S       0.0     0.5

(The most left number is the PID and the most right number is the current RAM usage)

  1. If you see among the processes a process name reported or a process name forticron then kill them
  2. To kill those processes run diagnose system kill 9 <pid_int> or diag sys kill 9 <pid_int>
  3. Verify that the fortigate memory usage gone below 75%.
  4. Test connection with VPN.

http://docs-legacy.fortinet.com/fadc/4-1-0/index.html#page/FortiADC_Handbook/looking_for_system_intensive_processes.html

http://pack3tlife.com/2014/08/26/fortinet-restart-ssl-vpn-process/