Friday, August 8, 2014

Fortinet and understanding return codes

Fortinet Appliances typically provides some return codes if an error exists. This post will explain some of these return codes.

Everybody has seen the following message at one given time?



Okay simple , we have an return_code of 1. This was due primary because "seee" is not a configurable item. Basically I look at this return code  "1" as saying,

" hey dummy , check your command syntax "

The next return code  of  the # "8" means,  your option is incorrect or not expected. Take this dhcp6 server values that I will try to configure.



Both values where incorrectly format or expected, so the unit kicked out a "-8".


How about when we don't finish the command off correctly. Take this get system that was executed on a firewall.


So we got a "-160"  for the command executed via "get system" with nothing else specified.

Fortimail is similar btw,  but has noticeable differences. Take the same command "get system" The fortimail  appliance didn't display anything for reference and/or an  error / return code.

( normal expected err and return code, vrs  a no error or return code for the get system command syntax  )


Even between fortigate and fortimail, the  output could be very different



Even fortimail provides guidance on the expected value range sometimes for certain commands. Follow this output;

( take note  on the output range that it's expecting   1 thru 1440 )



On a fortigate it doesn't provide the same.



Bottom line,  get use to the  err and return code concept if you execute tasks from the command line.

The WebGUI typically provides no err or return codes in the output of bad execution, but will provide a popup window with summary or brief details.


e.g

( the values of x.x.x.x is not an valid address for a dhcp scope )


But the WebGUI is not faultless. Check out what happens if I place a dhcp scope range of 0.1.1.1 to 0.1.1.2.



note:  no error and the comman completes.


But from the cli, the console would display a error.




 Ken Felix
 Freelance Network & Security Engineer
 kfelix -a--t- socpuppets ---d--o--t--- com

   ^      ^
=( !   ! )=
       o 
      /  \

No comments:

Post a Comment