1. Basic Device Access & System Information
| Command | Description |
|---|
get system status | Shows firmware version, serial number, hostname, and uptime. |
get system performance status | Displays CPU, memory, session count, and throughput usage. |
get system performance top | Live CPU/memory usage (similar to top in Linux). |
get system interface | Displays all interfaces, their IP addresses, status, and administrative state. |
execute reboot | Reboots the firewall. |
execute shutdown | Shuts down the firewall. |
execute ping <IP> | Pings an IP address to test connectivity. |
execute traceroute <IP> | Traces the route to an IP address. |
diagnose debug config-error-log read | Displays any configuration errors. |
2. Configuration Mode Commands
You must enter configuration mode to make changes:
Example:
| Command | Description |
|---|
config system interface | Configure interface IP, VLANs, and allowed access. |
config firewall policy | Create/edit firewall rules. |
config firewall address | Create/edit address objects. |
config router static | Add static routes. |
config vpn ipsec phase1-interface | Configure VPN Phase 1 settings. |
config vpn ipsec phase2-interface | Configure VPN Phase 2 settings. |
3. Firewall Policy & Routing
| Command | Description |
|---|
show firewall policy | Shows all configured firewall rules. |
diagnose firewall iprope list | Shows policy route and firewall rule matching. |
diagnose firewall proute list | Displays all policy-based routes. |
get router info routing-table all | Shows the routing table. |
get router info bgp summary | Displays BGP neighbor status. |
diagnose sniffer packet <interface> 'filter' <count> | Captures packets on an interface (useful for troubleshooting). |
4. User & Authentication
| Command | Description |
|---|
config user local | Configure local user accounts. |
config user group | Create/edit user groups. |
diagnose test authserver ldap <server_name> <username> <password> | Tests LDAP authentication. |
diagnose test authserver radius <server_name> <username> <password> | Tests RADIUS authentication. |
5. VPN Troubleshooting
| Command | Description |
|---|
diagnose vpn ike gateway list | Lists all active VPN tunnels and status. |
diagnose vpn tunnel list | Detailed information about each VPN tunnel. |
diagnose vpn ike log-filter dst-addr4 <IP> | Filters VPN debug logs for a specific destination. |
diagnose debug application ike -1 | Shows detailed IKE (Phase 1 & 2) debug logs. |
diagnose vpn ike restart | Restarts VPN IKE process. |
6. Debug & Packet Capture
| Command | Description |
|---|
diagnose debug enable | Enables debug output. |
diagnose debug disable | Disables debug output. |
diagnose debug console timestamp enable | Adds timestamps to debug logs. |
diagnose debug flow filter addr <IP> | Filters debug logs by IP address. |
diagnose debug flow trace start <count> | Starts packet flow tracing. |
diagnose sniffer packet <interface> 'host <IP>' 4 | Captures packets with detailed output. |
7. Log & Event Monitoring
| Command | Description |
|---|
get log eventfilter | Displays event log filter settings. |
diagnose log read | Reads log messages. |
diagnose log filter category <number> | Filters logs by category. |
diagnose sys top | Displays top processes using system resources. |
Comments
Post a Comment