Fortigate Cli Interface Status - CLI Commands for Troubleshooting FortiGate Firewalls.

Last updated: September 20, 2024

Solution Configure the two WAN interfaces as members of an SD-WAN configuration. Hi , Yes it will disable the VPN IPSEC but if there are any traffic seeking the remote LAN it will be UP automaticaly. The link layer discovery protocol (LLDP) is a vendor-neutral layer-2 protocol that enables devices on a layer-2 segment to discover information about each other. If any issues are encountered bringing the tunnel down. The mgmt traffic won't interfere with the real data traffic. When you need to run a command (or series of commands) and be off, you can save time by running Fortigate CLI command(s) via ssh tunnel without …. It also explains how to use the mondev and priority commands to troubleshoot common HA issues. Display Fortigate Hardware info. SD-WAN configuration portability. Configuration steps from the GUI: 1) Go to System -> Network and select 'Create New' -> 'Interface'. These commands are also valid for the other FortiGate models not covered …. The operator chose the wrong option from a drop-down menu. In the Available Interfaces list, select port 4, 5 and 6 and move it to the Selected Interfaces list. diagnose | grep . serviceaccess : fgtupdates webfilter-antispam webfilter antispam. Below shows the interfaces that are part of the LACP configuration. Enter the following command: config system interface edit append allowaccess ssh next end. # execute ha manage 1 < ----- If ID of secondary unit is 1. edit "agg1" set vdom "root" set fail-detect enable. STATIC - Specify in AP_IPADDR and …. steps to perform when SFP/SFP+ fiber link is not coming up. Via GUI: 1) Go to: Interface -> Software Switch -> edit. For information about the CLI config commands, see the FortiOS CLI Reference. shoprite hiring positions May 1, 2014 · show system interface. Using the network cable, connect the FortiGate unit’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiGate unit. 0/cli-reference/535740/ipsec-tunnel. The CLI displays the settings, including the management access settings, for the named interface. replacement shelf whirlpool refrigerator FGT4 must get the IS-IS route updates for RTR1 and RTR2 …. duplex auto speed auto vrrp 40 ip 192. If you use the apostrophe (‘) or quote (") character, you must precede it with a backslash (\) character when entering it in the CLI set command. ref=24 state=off start fw_flags=10000000 flags=up. On FortiSwitches, an interface trunk is a LAG interface (boundle interface, could be LACP). When an aggregate or redundant interface comes up, the corresponding fail-alert interface changes to up. It is assumed that Memory and/or Disk/Faz/FDS logging is enabled on the FortiGate and other log options enabled (at Protection Profile level for example). It is not possible to configure VRRP on hardware-switch interfaces where multiple physical interfaces are combined into a hardware-switch interface. Enter the IP address for the port of 10. Also, you can scroll in VMware console with key shortcuts: SHIFT+Page Up scrolls up. Create an aggregate interface and designate it as Fortilink interface on the FortiGate: Using the CLI: config system interface edit “aggr1” set vdom “vdom1” set fortilink enable set type aggregate set member “port11” “port12” set fortilink-split-interface enable. Where can be internal, external, dmz, wan1, port1, port2, and so on. net Solution FortiGate REST API: 1) How to login to FortiGate. CLI Console widget in the web UI (System > Status > Status). If received routes aren’t filtered, then the output of these commands will be same. Brain-computer interfaces allow you to manipulate computers and machinery with your thoughts. There is no way to modify interface name in CLI/GUI once the interface is created. To enable fail-detect: config system interface. 1) Verify if the FortiSwitch Model and switchport supports PoE. # execute log filter category <- …. osu skin minimal Enabled required events for alert mail. To create a redundant interface using the GUI: Go to Network > Interfaces and select Create New > Interface. To enable VDOM configuration – CLI: config system global. oftp status: connecting spos: 0, slen: 0 rpos: 0, rlen: 12 for example via IPsec tunnel, a source IP can be specified in the log settings in CLI, in order to allow the FortiGate unit to reach the FortiGateCloud servers: # config log fortiguard setting This source-ip must be the IP address of some of the FortiGate interfaces. 2 introduces, that is the Direct IP support when using LTE/4G modems. end fortilink-split-interface must be disabled for MCLAG to. Using set interface : config …. FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses. #show full | grep admin-sport <----- verify https port. On the top-right side, you can copy commands to clipboard and paste to the FortiGate command-line interface for explanation on import failure. Specify different group ID between (1 -255) to differentiate link-type, such as …. When net-device is disabled, all dialup tunnels share an interface on the hub. Using the GUI: To configure the FortiLink interface on the FortiGate unit: Go to Network > Interfaces and click Create New. edit set physical-switch {string} set vlan {integer} config port Description: Configure member ports. Fortinet Document Library | Home. It is definitely a Fortilink interface: edit "FortiLink". In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs. Below are some of the steps that could be used to capture packets when troubleshooting IPsec VPN tunnel issues. To remove the interface, deselect the interface from Interface Members list. If I could login to the GUI I could easily add a interface monitoring dashboard and …. 2) Select 'Create New' -> Interface. Facebook develops a new way to interact with AR, Uber’s facial recognition policy faces scrutiny and SpaceX’s Starship rocket booster hits a major milestone. To disable an interface from the GUI, go to Network > Interfaces. Configure IPAM locally on the FortiGate Interface MTU packet size Logs for the execution of CLI commands Log buffer on FortiGates with an SSD disk Source and destination UUID logging Configuring and debugging the free-style filter LAG interface status signals to peer device. Set the gateway address to the IP address of the router. 3 for servers (forticlient_server_ 7. For information on using the CLI, see the FortiOS7. A FortiGate is able to display by both the GUI and via CLI. Oct 14, 2009 · RDP Offload Yes Yes. Select the respective physical interface from 'Select Entries list'. FortiGate GUI -> Log and Reports > System Event. " Hey u/MrNifty , I am on a 81E but I do have ports configured as part of a hardware switch. MSTP is backwards compatible with both RSTP and STP so FortiOS …. Blocking unwanted IKE negotiations and ESP packets with a local-in policy. VCI pattern matching for DHCP assignment. fram to supertech air filter cross reference Start by configuring pppoe-interface for the port 3 connected with the PPPOE: # config system pppoe-interface. You could use an OR grep for port1 or port10, but again it would show all policies where either port1 or port10 is used in source or destination interface. Enabled: The interface is active and can accept network traffic. Enable SD-WAN and add the interfaces as members: config system sdwan set status enable config members edit 1 set interface "wan1" next edit 2 set interface "wan2" set gateway 10. The following command fetches details of Source NAT and/or Destination NAT information from a FortiGate: #get system session list. 1) Go to Network -> Interfaces. This apply to interface type 802. Learn how interfaces work and how to implement them in your code. In the CLI, # get system ha status HA Health Status: OK Model: FortiGate-VM64 Mode: HA A-P Group Name: docs Group ID: 0 Debug: 0 Cluster Uptime: 0 days 2:24:46 Cluster state change time: 2021-04-29 13:17:03 Primary selected using. 2 to allow the tracking of the number of physical interfaces UP in an aggregate link. Hulu is slowly rolling out a new interf. Set the VLAN ID (1 - 4094, default = 0). While the status is up, you can click [Details] to view the detail system status of the FortiExtender. This is the time zone that the FortiGate is in. Disable FortiGuard antispam request caching. By default, the FortiGate blocks STP as well as other non-IP protocol traffic. Feb 18, 2021 · Step 4: Analyze the IKE phase 1 messages on the responder for a solution. The configuration change is synchronized to all cluster units. Inspired by our command line monthly calendar post, reader Nate writes in with the yearly edition. For vsys_ha and vsys_fgfm, the IP addresses are the local host, which are virtual interfaces that are used internally. Enter pairs to specify the priority of each heartbeat interface. This field appears when you edit an existing physical interface. This article shows how to change the speed and duplex for individual interfaces under switch mode. disable: Disable dial on demand. Use below command to fetch the latency, jitter, packet loose and bandwidth usage of interface FortiGate. To configure the FortiGate units for VRRP. At the command prompt, type your command and press Enter. For information on using the CLI, see the FortiOS 7. Learn how to configure and verify IP addresses for FortiGate interfaces in this cookbook guide from the Fortinet Documentation Library. Use the following command to check your VPN tunnel status: FX201E5919002631 # get vpn IPSec tunnel details fcs-0-phase-1: 0000002, ESTABLISHED, IKEv2, 94e21ce630f449a4_i* 07ca3af8b5fb4697_r local 'FX04DA5918004433' @ 100. With verbosity 4 and above, the sniffer trace displays the interface names where traffic enters or leaves the FortiGate unit. Click Commit before navigating away from a tab to apply your changes. Names of the non-virtual interface. set port1-ip , Enter the IPv4 address and netmask for the port1 interface. edd pfp Enter the interface IP address and netmask. Add weight setting on each link health monitor server. This question is about the Torrid Credit Card @sydneygarth • 04/01/21 This answer was first published on 04/01/21. -n X to send X ping packets and stop. get <----- To display the current config, which looks like this in FortiOS 4. Mismatched times cause a large number of issues. Passing the mouse over the Temperature bar will display the current temperature for the different components. This powerful platform underpins the latest video games and is well-suited to provide. Two of the physical ports on the FortiGate-100D (Generation 2) are SFP ports. FGT2 # get router info routing-table all. The interface uses auto-negotiation to determine the connection speed. Additional information about GRE is available in the related articles at the end of this document or in the FortiGate CLI Reference or Administration guide at http - The GRE interface will remain unnumbered and remote subnets reachable with static routes. The important field from this particular command is status. set priority 250 . Learn how to use the command-line interface (CLI) to configure and manage your FortiGate network security device. Authentication policy extensions. PPPoE is only configurable in the GUI on desktop FortiGate devices. Under CLI: config system interface. To monitor hardware network operations in the CLI: diagnose hardware deviceinfo nic Sample output: The following is sample output when the is set to lan:. Also, " get system interface physical " shows IPv6 addresses assigned (static or DHCP) to interfaces, though not those assigned by prefix …. Using the CLI: diagnose switch poe status Diagnostic monitoring interface module status. Select a time zone from the list. interface-select-method: Specify how to select outgoing interface to reach server. mercury-kvm36 (fips-cc) # show full-configuration. Check Link monitor, interfaces and Age by running the following command: # diag sys ha dump-by group. To fix the issue, perform the following steps: Soft-reboot FortiGate using the ' execute reboot ' command. So that, FortiGate can reach the server over the tunnel. Check the neighborship status on each peer. Troubleshooting common scenarios. When the number of strikes detected on this subnet exceeds this value, the subnet has failed. To provide remote access to the management VLAN, configure a static route. 2) Collect logs on FortiGate to validate SNMP request using following commands: # diag debug enable. 1 Administration Guide, which contains information such as: Connecting to the CLI. private owner puppies for sale kaleb at shriners Execute the below commands to filter sessions associated with the website: # vdiag sys session filter clear <---- To clear existing session. Jun 2, 2012 · Check HA sync status. - The output of the diagnose command may vary …. However, the command "set associated-interface "Terminal10" in red is wrong, it should not be there. On the FortiGate CLI, enter the commands: config log fortianalyzer setting set …. Check connectivity to FortiGuard servers by checking to ensure FortiGate correctly resolves DNS with the following hostnames: exec ping service. mysedgewick FGT get router info routing-table database. # config switch-controller custom-command. Select the Mode: Static, Passive LACP, or Active LACP. If this fails enter this in the cli and capture the output: diag debug reset. OpaqueCapability flag is disabled. 0 on the spokes: Enable or disable SDWAN/ADVPN-2. FortiADC-VM # get router info ospf status. Below commands are to check the Network interface statistics and counters of received/transmitted packets and drops. Click on the System configuration tab on the left pane of the GUI if it is not already selected. To configure a secure connection on the FortiGate unit. During the LACP detection period: LACP packets are transmitted every second, a keep-alive mechanism for link members: (default: slow = 30s, fast=1s). Example commands run on VDOM Root. This article describes how to bring the interface status up from CLI. Display general PoE status get switch-controller The following example displays the PoE status for port 6 on the specified switch: # get switch-controller poe FS108D3W14000967 port6. Adjust the timeout under any DHCP server entry. Steps to add the Interface widget in GUI: 1) Login to the FortiGate. A few things to note: linkfails=35 will show the total number of 'down' interfaces on that serial number. Use the following CLI command to check the FortiSwitch connection in FortiGate:. The cli-audit-log data can be recorded on memory or disk, and can be uploaded to FortiAnalyzer, FortiGate Cloud, or a syslog …. ' interface to disable SSL VPN. Interface port1: SFP or QSFP transceiver is not detected. In the CLI, type the following command to verify TCP ports: # diagnose sys tcpsock | grep 0. sFlow agents can be added to any type of FortiGate interface. Model name: FortiGate-61E <- Hardware model. Use the left and right arrow keys to move the cursor back and forth in a recalled command. For the static IP member, enter the Gateway address. best bar and grills near me The MTU value can only be changed through CLI. For example, the command get system status can be abbreviated to g sy st. Enter the IPv4 address and netmask for the port1 interface. Here you can find all important FortiGate CLI commands for the operation and troubleshooting of FortiGates with FortiOS 7. You may try use CLI: get hardware nic xx (NIC name) , it can show the interface status. glamrock bonnie 3d Configuring the Security Fabric with SAML. Use this information to troubleshoot, to provide to Fortinet Support, or to confirm the features that your FortiSwitch model supports. The interfaces can be grouped by role using the grouping dropdown on the right side of the toolbar. Use this command to display system status information including: Firmware version, build number and date. set nat-source-vip ? disable: Force only the source NAT mapped IP to the external IP for. This indicates whether the CAPWAP tunnel between the Controller (FortiGate) and the FortiExtender is established or not. To change the value from the CLI (For example on WAN2): #config system interface. Enable/disable use of clear text connections. config vpn ipsec phase1-interface. Note that I have my internal on my machined switches set to a static IP, the behavior is the same if I change them to DHCP. LAG interface status signaled to peer when available links fall below min-link Configuring multiple DDNS entries in the GUI Support DHCP client mode for inter-VDOM links 7. The tunnel interfaces are skipped. 2 Join Time: Fri Jan 11 15:22:32 2019 interface status duplex speed fortilink stacking poe status port1 up full 1000Mbps no no Delivering Power port2 down N/A 0 no no Searching. Go to Wifi & Switch-controller in FortiLink Interface on FortiGate GUI. Verify which port will be used in LACP LAG. Learn how to use the FortiOS CLI to configure and manage your FortiGate devices. This implementation conforms to RFC2328. Remote Power Device Type: IEEE802. Solution Perform a log entry test from the FortiGate CLI is possible using the 'diag log test' command. Find examples and syntax for various options and parameters in this CLI reference guide. The show system ntp command allows you to display the change of the automatic time setting using a network time protocol (NTP) server. Edit the interface to be disabled and set Interface State to Disabled. If the interface is a hardware switch, then the FortiGate is in Switch mode. Static—Specify a static IP address. The show system interface command allows you to display the change of a FortiDB network interface. Configuring the SD-WAN to steer traffic between the overlays. When using VIPs configured with 'Any' interface, the default behavior for outgoing internal initiated traffic is to use the External IP address mentioned in the VIP configuration. Configure the system NTP settings on your FortiGate device using the CLI reference guide. For details about each command, refer to the Command Line Interface section. Copy Doc ID c41ae137-ffd3-11ed-8e6d-fa163e15d75b:154471. ics 200 answers config system interface; show system interface; diagnose network interface detail. All traffic on the SPAN source ports is echoed to the SPAN destination port. Results of the following CLI commands: diag netlink aggregate name your_aggregate_link diagnose hardware deviceinfo nic . In a interface port, it is possible to add VLANs to be transmitted on the same port with its VLAN tag ID. Note: When the interface is created, changing the protocol type from slow to fast or vice versa will not change the current type. Note: = name of Radius object on Fortigate. status: connecting, state 3, started 15s ago. Monitoring the hardware NIC is important because interface errors indicate data link or physical layer issues which may impact the performance of the FortiGate. The CLI supports international characters in strings. Nov 8, 2006 · FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. Created on ‎05-14-2019 03:22 PM. This option became available in MR5 patch 4 i think. The command to use is ' # get system interface transceiver ' to retrieve information for all …. Display forigate hardware info - FortiASIC version, CPU type, amount of memory, flash drive size, hard disk size (if present), USB flash size (if present), network card chipset. The document also explains the syntax and parameters of the command, as well as the examples and output. Allows you to view the status of Ethernet interfaces. In order to enable FortiCloud logging, use any SSH/telnet client (e. Configuring a LACP interface, active mode: config switch trunk. # diag sniffer packet "host and udp port 500" 6 0 l. The Command Line Interface (CLI) can be used in lieu of the GUI to configure the FortiGate. The device must also be running FortiOS 5. Enter tree to display the FortiAnalyzer CLI command tree. specify: Set outgoing interface manually. Configure IPAM locally on the FortiGate Interface MTU packet size CLI troubleshooting cheat sheet Additional resources Change Log LAG interface status signals to peer device Failure detection for aggregate and redundant interfaces Loopback interface. OSPF Routing Process, Router ID: 1. It can be configured using the following steps. Look for incrementing errors and run the command over and over. The FortiAuthenticator -VM's console allows scrolling up and down through the CLI output by using Shift+PageUp and Shift+PageDown. 1) Keep the email body field as it is. Configuring port speed and status. Interface-based traffic shaping profile Interface-based traffic shaping with NP acceleration QoS assignment and rate limiting for FortiSwitch quarantined VLANs Ingress traffic shaping profile Internet Services. As shown below, the FortiGate-100D (Generation 2) has 22 interfaces. Crosh, short for Chrome OS Shell, is a com. A possible root cause is that the login options for the syslog server may not be all enabled. FEX-201E for FortiGate HA configuration Troubleshooting, diagnostics, and debugging Troubleshooting Status, diagnostics, and debugging commands Get interface status. 255 ! An overlay IP is mandatory for the static route over the tunnel tunnel source GigabitEthernet1/0 tunnel destination 198. Select + in the Interface members field and then select the ports to add to the FortiLink interface. 3 CLI Configurator is a powerful tool that allows users to configure and fine-tune their Betaflight flight control software through the command-line interface (CLI). To power off a FortiGate unit correctly: 1) Issue the shutdown command. The “Transceiver” column is visible in the table, which displays the transceiver vendor name and part number. Never shut off a FortiGate unit by removing power from the unit. Below command returns information about the status of the FortiGuard service including the name, version late update, method used for the last update and when the update expires. # get system fortiguard-service status. These settings can be manually adjusted by using the CLI only. If required, remove port 1 from the lan interface: config system virtual-switch edit lan config port delete port1. Technical Tip: PPPoE interface option not available from GUI. If the FortiGate is not able to sync the time with the configured NTP server, use the following commands to check the NTP server status: get sys stat. -To view the physical interface status: # get sys interface physical. Go to System -> Dashboard -> Status and enter either of the following commands into the CLI Console:. The chapters in this document describe the commands available for each of the top-level CLI commands: config —commands that allow you to configure various components of the FortiSwitch unit. Explicit and transparent proxies. To find mtu of fortigate interface, please use below command. Optional setting, also known as Calling-Station-Id. Trusted by business builders worldwide,. 2 the port configuration could be changed by using the following commands: 1) Command to change the FortiGate to switch mode: 2) Command to change the FortiGate to interface mode: After this change the unit had to be rebooted and instead of a combined "internal" switch the unit showed individual ports. aegon-kvm20 # show full-configuration system link-monitor. Download the file 'Compatible Transceivers' from below link OR contact support. If these ports are changed or intended to be changed, refer to the details below: 1) Verify the current admin ports configured for admin access. DHCP IPv6 is similar to DHCP IPv4, however …. Configure the interface fields: Interface Name. 4 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI). DuckDuckGo's new interface, which we talked about when it was back in beta, is now live on the main site. Reasons that may cause import failure: Make sure every command relative to the interface is loaded successfully onto the device. mtf code Find examples, tips, and related resources. Syntax: diagnose system export fd_log [directory] [filename] where: Variables. This command displays the following information: type, OID, SN, HA, IP, name, ADOM, and firmware. Dual stack IPv4 and IPv6 support for SSL VPN. is the interface IP address. Endpoint control and compliance. Find detailed syntax, examples, and error codes in this comprehensive reference. # diag netlink interface list . This article presents a new feature that has been introduced in FortiOS 5. Click on Aggregation to display the Aggregated Interfaces screen. Copy Doc ID 541164a8-66d4-11ed-96f0-fa163e15d75b:997251. If the status is Link Down, this is the highest speed that can be negotiated, or the Force setting. Compatibility between FortiManager and FortiGates has to be verified using the compatibility tool before adding the FortiGates to FortiManager or pushing any configuration from FortiManager. type {aggregate | physical | vlan} Set the type of interface (default = aggregate). It will be out of the box condition. 4 Administration Guide, which contains information such as: Connecting to the CLI. As all flaps are logged in /var/log/messages/ it cannot be such a deal to transfer it to some command (show interface link-status) or WebUI. In any version of FortiGate, it is possible to also disable ALL of the firewall policies referencing the 'ssl. In the physical Interface Members, click to add interfaces and select ports 4, 5, and 6. Before proceeding, verify that the date, time, and timezone are the same as they are in the managing FortiGate. Time-to-live for antispam cache entries in seconds (300 - 86400). 1990 ezgo wiring diagram internal Interface Speed changed from 1000000000 to 10000000 bpsinternal Interface Speed changed from 10000000 to 1000000000 bpsinternal Interface Speed changed from 1000000000 to 10000000. 90W, Power-Status: Delivering Power. To check ddns status, use the following command: # diagnose test application ddnscd 3. 3 # get system ha status HA Health Status: OK Model: FortiGate-300D Group Name: Group ID: 240 Debug: 0 Cluster Uptime:. 1 Looking for RIP routes in the routing table: FGT2 # get router info routing-table all. Hello, is it possible to set a VPN Tunnel via CLI " Up" / " Down" (like via the Webintterface/Monitor)? I' ve searched in the CLI Reference, but found nothing : ( Best regards, Patrick. Scope Any supported version of FortiGate. The CLI syntax is created by processing the schema from a FortiGate 3000D running FortiOS6. Enter the password used to connect to the RADIUS server. Original work by Frederic Kasmirczak, updated by Exclusive Networks show/get system interface Show interfaces status. Learn how to use the FortiOS CLI to configure and manage your FortiGate unit. FGT # diagnose sniffer packet "ether proto 0x8100" 6 0 l. chancey williams net worth Command " get router info bgp neighbors routes " shows only filtered (in) received routes. If the preceding script is used to be run on the FortiGate Directly (via CLI) or run on device database on a FortiGate has the VDOM enabled. This reference lists some important command line interface (CLI) commands that can be used for log gathering, analysis, and troubleshooting. # execute log filter category <- Check Option 0: traffic. x/y Basic interface ip configuration set allow ssh ping https end diag hard dev nic Show interfaces statistics. But it would be better to define a filter giving the logs you need and that the command above should return. Nov 6, 2014 · Technical Note: Tracking physical interface status of an aggregate link. This article describes how to find the interface's MAC address. If the DNS resolves, move to Step 2: 2. To enable using the special management port …. Select 'Backup' and allow the browser to save the file to a secure location. Use the following commands to set port speed and other base port settings: config switch-controller managed-switch edit …. Use this DHCP server configuration. Use the command indicated in the related document to list the FortiGate's physical network interface's information such as IP address, physical link status, speed, and duplex mode. Configuring firewall authentication. Devices on your network can contact these interfaces for NTP services. set fail-detect-option detectserver. Once enabled, edit the automation stich and add the email ID under 'Email settings'. Any packets larger than the MTU are divided into smaller packets before they are sent. 2) Configure SNMP details like community name, snmp …. Then might need to keep filtering down until you find the interface you are interested in. This article describes techniques on how to identify and troubleshoot VPN tunnel errors due to large size packets. The port can be set to a port number such as port1 , port2 , port3 , or port4. Advertisement As the power of mo. Note the number of the physical network port. This article explains how SDWAN Performance SLA functions with multiple servers. Show interface bandwidth on CLI. Disable relevant Firewall policies in the CLI. Create a static route to get FortiSwitch access on the VLAN. Commands on FortiSwitch: # diag switch physical-ports port-stats list (port number) Look for incrementing errors and CRC errors …. The cli-audit-log option records the execution of CLI commands in system event logs (log ID 44548). The command to use is '# get system interface transceiver' to retrieve information for all interfaces or '# get system interface transceiver ' for a single interface. The changes will be visible in both the web- based manager and CLI, just the web-based manager, or just the CLI. woods 121 gearbox Use the BGP state to help determine the possible issue, for example:. # diagnose sys link-monitor interface <interface name> aegon-kvm20 # diagnose sys link-monitor interf. When a cluster starts up the FortiGate Cluster Protocol (FGCP) assigns a cluster index and a HA heartbeat IP address to each cluster unit based on the serial number of the cluster unit. Synopsis This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category.