Here's a Fortinet link for device hardening and best practice in a FortiGate firewall.
To create a new Fortinet support ticket, go to this link > select Create
a Ticket.
Select a Request
Ticket Type (closest to your issue/inquiry). In this case, I selected Customer Service > Submit ticket.
Select a CS category. In this case I selected: Cloud Portal Query.
Put the device Serial Number > Contact Information > Ticket Information.
Add Comment to describe your issue or upload a screenshot of the error in the Attachments.
Click Finish and note the ticket number. The Fortinet ticket number and summary will be sent to your registered email.
Another way to create a Fortinet ticket is via the Asset Management portal. Click Support > FortiCare > Create a Ticket.
Click New Ticket.
Choose: Technical Support Ticket > Submit Ticket.
You can get the FortiGate serial number with the get system status CLI command:
FG# get system status
Version: FortiGate-xx v7x,buildxx
Security Level: 2
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number: FGxx
BIOS version: 06000008
System Part-Number: Pxx
Log hard disk: Available
Hostname: FG
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 2 in NAT mode, 0 in TP mode
Virtual domain configuration: multiple
FIPS-CC mode: disable
Current HA mode: a-p, primary
Cluster uptime: 241 days, 23 hours, 33 minutes, 20 seconds
Cluster state change time: 2024-03-06 07:04:47
Branch point: xx
Release Version Information: GA
FortiOS x86-64: Yes
System time: Fri Sep 6 03:20:07 2024
Last reboot reason: warm reboot
Or retrieve it via the web GUI under Dashboard > Status.
Under the Product Info > type the device SN > click Go
Fill up the required info > click Next.
Type the Comment (answer the pre-filled questionnaire) or click File Upload to upload a screenshot of the error.
It's also very useful to upload the Debug log which is similar to show tech-support in a Cisco device. Go to System > Settings > Debug logs > click Download.
It only took a few seconds to download the Debug log text file. Here's a snippet of the Debug log output:
----------------------------------------------------------------
Serial Number: FG4Hxx Diagnose output
----------------------------------------------------------------
### get system status
Version: FortiGate-xxv7x
Security Level: 2
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number: FG4xx
BIOS version: 06000008
System Part-Number: P27xx
Log hard disk: Available
Hostname: xx
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 2 in NAT mode, 0 in TP mode
Virtual domain configuration: multiple
FIPS-CC mode: disable
Current HA mode: a-p, primary
Cluster uptime: 241 days, 23 hours, 40 minutes, 25 seconds
Cluster state change time: 2024-03-06 07:04:47
Branch point: xx
Release Version Information: xx
FortiOS x86-64: Yes
System time: Fri Sep 6 03:27:12 2024
Last reboot reason: warm reboot
### get system performance status
CPU states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq
CPU0 states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq
CPU1 states: 0% user 0% system 0% nice 99% idle 0% iowait 0% irq 1% softirq
CPU2 states: 7% user 5% system 0% nice 87% idle 0% iowait 0% irq 1% softirq
CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU6 states: 0% user 0% system 0% nice 99% idle 0% iowait 0% irq 1% softirq
CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU8 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
<OUTPUT TRUNCATED>
Review
the ticket summary before submitting > click Confirm to proceed.
