๐Ÿบ NetWolf | Fortigate Pro Toolkit

The Engineer's
FortiGate Command Centre

50+ guided troubleshoot playbooks, AI-powered CLI analysis, IP masking, subnet calculator, and multi-vendor CLI reference โ€” all in a single browser-based toolkit built for network engineers.

โ–ถ Interactive Demo View Pricing
50+
Guided playbooks
15
Trouble categories
10
Config templates
3
Vendor CLIs
AI
Groq LLaMA 3.3
What's inside

Every tool a FortiGate engineer needs

Built from real-world troubleshooting experience across IPsec, SD-WAN, HA clusters, VDOM architectures, and enterprise security stacks.

๐Ÿ”’
IPsec & SSL VPN Troubleshooting
Step-by-step playbooks for Phase 1/Phase 2 failures, NO_PROPOSAL_CHOSEN errors, DPD drops, unstable tunnels, dead peers, SSL VPN login loops, client cert errors, tunnel mode mismatches, and geo-IP source restrictions. Includes live IKE debug sequences, proposal comparison, and DPD inspection commands.
ike -1 debugphase1/phase2ssl monitorcert-cacheDPD
๐Ÿ“ƒ
Firewall Policy & NAT Diagnostics
Full debug-flow trace sequences (filter by source IP, port, protocol), policy lookup via iprope, NAT decision inspection, session table filtering, implicit deny detection, and UTM profile block analysis. Covers both SNAT and DNAT troubleshooting paths including port forwarding VIPs and hairpin NAT.
debug flowiprope lookupsession filterSNAT/DNATVIP
๐ŸŒ
SD-WAN Health & Steering
Member status and SLA inspection, health check daemon debug, service rule matching, preferred-interface tracing, and failover verification. Covers latency/jitter/packetloss SLA thresholds, load-balancing rules, and default route validation via SD-WAN members.
sdwan slahealth-checkprefer-interfacefailovermembers
๐Ÿ”ง
Routing โ€” Static, OSPF, BGP, PBR
Kernel routing table inspection, per-destination route lookups, OSPF neighbour and database queries, BGP peer summary and advertised-route inspection, policy-based routing (PBR) debug with proute list, and multicast PIM/IGMP group monitoring.
ospf neighborbgp summaryproute listkernel routePIM/IGMP
โš™๏ธ
HA / Cluster Troubleshooting
Heartbeat link monitoring, HA checksum sync verification, split-brain detection, forced manual failover, per-unit management IP setup, and full HA daemon debugging (hasync, hatalk). Covers Active-Passive failover events, uptime reset, and recovery procedures.
ha statuschecksumhasyncfailoversplit-brain
๐Ÿข
VDOM & Inter-VDOM Routing
Multi-VDOM context switching, VDOM link pair setup and status verification, per-VDOM routing and firewall policy inspection, cross-VDOM debug-flow tracing, and complete inter-VDOM static route configuration examples with /30 link subnets.
vdom-linkcontext switchinter-vdom routemulti-tenant
๐Ÿ”‘
Authentication โ€” LDAP, RADIUS, FSSO
Live LDAP bind and connectivity tests (test authserver), RADIUS PAP authentication debug, fnbamd daemon real-time logging, FSSO agent sync troubleshooting, FortiAuthenticator integration commands, and authenticated user session inspection with group-match verification.
fnbamd -1test authserverFSSO debugauth listFAC
๐Ÿ›ก๏ธ
UTM, IPS, Web Filter & SSL Inspection
Application control log inspection, FortiGuard URL rating tests, SSL deep-inspection profile verification, IPS sensor and anomaly lookup, antivirus outbreak-prevention config, web filter inspection-mode setup, and certificate CA chain validation for SSL inspection.
av-profileips-sensorssl-ssh-profilefortiguard rating
๐Ÿค–
AI CLI Analyzer โ€” Groq Powered
Paste any raw FortiGate CLI output and receive instant AI-driven diagnosis using LLaMA 3.3 70B via the free Groq API. Also supports Mixtral 8x7B and LLaMA 3.1 8B. Returns root cause, recommended fix commands, and clear explanation โ€” no guesswork or manual searching.
LLaMA 3.3 70BMixtral 8x7BGroq free APIoutput parser
๐ŸŽญ
IP Masking & Bulk Anonymizer
Automatically detect and replace all real IPv4 addresses in any CLI output with RFC 5737 documentation IPs (192.0.2.x, 198.51.100.x, 203.0.113.x). Generates a sortable realโ†’fake mapping table. Export masked reports as text for vendor tickets, peer review, or knowledge base articles.
RFC 5737bulk replacemapping tableexport report
๐Ÿงฎ
IPv4 Subnet Calculator
CIDR-based subnet calculator returning network and broadcast addresses, first/last usable hosts, netmask, wildcard mask, usable host count, and full binary breakdown of IP/mask/network. Perfect for designing VIP ranges, DHCP scopes, policy address objects, and OSPF network statements.
CIDRwildcard maskbinary viewusable hosts
๐ŸŒ
Multi-Vendor CLI Reference
Side-by-side CLI command reference for Cisco IOS/IOS-XE, ArubaOS-CX, and Huawei VRP โ€” covering interface config, VLAN and SVI setup, routing, ACLs, OSPF/BGP adjacency, and troubleshooting commands. Every command has an inline explanation and read-only/caution/danger safety badge.
Cisco IOS-XEArubaOS-CXHuawei VRPside-by-side
๐Ÿ“ก
Packet Sniffer & Deep Flow Trace
Pre-built sniffer filter templates (host, port, ICMP, dual-side capture) with verbosity level guidance, and complete debug-flow sequences with function-name and iprope-set-detail flags. Includes key output patterns to identify DNAT, SNAT, policy match, routing decision, and implicit deny.
sniffer packetflow tracedual-sideiprope-set-detail
๐Ÿ”ฌ
Advanced Diagnostics & Kernel Access
Expert-level tools: fnsysctl kernel commands (ifconfig, df, top, ls), daemon debug via diagnose test application (WAD, fnbamd, IPS engine, DNS proxy), control-plane local-in policy inspection, DoS policy counter monitoring, conserve-mode memory threshold status, and live session count queries.
fnsysctldaemon debuglocal-inconserve modeDoS policy
๐Ÿ“œ
10 Full Configuration Templates
Copy-ready config guides: initial FortiGate setup from scratch, multi-VDOM tenant setup, IPsec site-to-site VPN, SSL VPN with LDAP user group, SD-WAN with health checks and SLA rules, HA Active-Passive cluster, inter-VDOM routing, port-forwarding VIPs, OSPF/BGP redistribution, and full UTM security profile stack.
initial setupHA clusterSSL VPN LDAPSD-WAN SLAUTM stack
โ˜๏ธ
FortiGuard, FortiManager & FortiAnalyzer
FortiGuard connectivity and rating tests, AV/IPS/web-filter signature update triggers, license status inspection, FortiManager FGFM tunnel and DVM diagnostics, FortiAnalyzer connectivity debug, syslog config verification, SNMP community checks, and NTP sync status โ€” all in one place.
fortiguardFortiManagerFortiAnalyzerautoupdateSNMP
Live animated demo

See the toolkit in action

Every command, badge, and result is real โ€” this is exactly what subscribers get access to.

๐Ÿ”’ 50+ Playbooks ๐Ÿค– AI Analyzer ๐ŸŽญ IP Anonymizer ๐Ÿงฎ Subnet Calc ๐Ÿ“ก Quick Ref ๐ŸŒ Multi-Vendor โš™๏ธ HA / Cluster ๐ŸŒ SD-WAN
๐Ÿบ NetWolf Pro  ยท  netwolffortigate.com  ยท  FortiOS 6.x / 7.x LIVE PREVIEW
๐Ÿ“‹ Guided Steps
๐Ÿค– AI Analyzer
๐ŸŽญ IP Anonymizer
๐Ÿงฎ Subnet Calc
โšก Quick Ref
Troubleshoot
๐Ÿ”’VPN / IPsec
๐Ÿ•ต๏ธSSL VPN
๐Ÿ“ƒPolicy / NAT
โš™๏ธHA Cluster
๐ŸŒSD-WAN
๐Ÿ”งRouting
๐Ÿ”‘Auth / LDAP
Config Guides
๐Ÿš€Initial Setup
๐Ÿ›ก๏ธZTNA Config
๐Ÿ’ปSSL VPN Full
Tools
๐ŸŽญIP Anonymizer
๐ŸงฎSubnet Calc
๐Ÿ“กQuick Ref
๐Ÿ”’ IPsec VPN Troubleshooting 4 steps
1
Check tunnel status
read-only
๐Ÿ’ก Look for "established" in both phases. Missing = tunnel never came up.
2
Live IKE negotiation debug
โš  config
๐Ÿ’ก Look for: NO_PROPOSAL_CHOSEN ยท AUTH_FAILED ยท PAYLOAD_MALFORMED
3
Compare phase proposals
read-only
๐Ÿ’ก Encryption, DH group and lifetime must match exactly on both peers.
4
Check routing to remote subnet
read-only
๐Ÿ’ก Missing static route = traffic blackholed before reaching tunnel.
FortiOS 7.4 ยท 50+ playbooks ยท AI-powered netwolffortigate.com
NetWolf Pro โ€” Professional FortiGate CLI toolkit for network engineers
Subscribe โ€” โ‚ฌ10/month โ†’
Get Instant Access โ†’ โ‚ฌ10/month ยท Cancel anytime ยท Credentials delivered instantly via Firebase
Pricing

Simple, honest pricing

One plan. Full access. Cancel anytime.

NetWolf Pro ยท Monthly
โ‚ฌ10
per month, billed monthly
  • All 50+ guided troubleshoot playbooks
  • AI CLI Analyzer (Groq LLaMA 3.3)
  • IP Masking & Bulk Anonymizer
  • Subnet Calculator + Advanced Diag
  • Multi-vendor CLI (Cisco, Aruba, Huawei)
  • 10 full configuration templates
  • Regular content updates
  • Your own login credentials
Get Monthly โ†’
Cancel anytime ยท No commitment
BEST VALUE โ€” SAVE โ‚ฌ20
NetWolf Pro ยท Yearly
โ‚ฌ100
per year โ€” โ‰ˆ โ‚ฌ8.33/mo
  • Everything in Monthly
  • Priority email support
  • Early access to new features
  • 2 months free vs monthly billing
  • Single annual payment, no recurring hassle
Get Yearly โ†’
One payment ยท Full 12-month access
Subscribe

Create your account

Choose your own username and password. You'll use these to log in to the toolkit immediately after your payment is confirmed.

๐Ÿบ NetWolf Pro โ€” Monthly โ‚ฌ10 / month
Your login credentials
Letters, numbers and underscores only. Min 4 characters.
Min 8 characters
Personal information
Subscription plan
Payment โ€” secured by Stripe
๐Ÿ”’ Card details go directly to Stripe's encrypted servers. NetWolf never sees or stores your card number.
Anything else?
Payments secured by Stripe
โœ“

Account created!

Your NetWolf Pro subscription is active. Use the credentials below to log in to the toolkit right now. A confirmation email has also been sent.

Username: โ€”
Password: โ€”
Keep these safe โ€” you'll need them to log in at app.html
Open Toolkit โ†’

๐Ÿ“œ Terms of Service โ€” NetWolf Pro

1. Acceptance of Terms

By subscribing to NetWolf Pro and creating an account, you agree to be bound by these Terms of Service. If you do not agree, do not subscribe or use the toolkit.

2. Subscription & Payment

NetWolf Pro is offered as a monthly (โ‚ฌ10/month) or yearly (โ‚ฌ100/year) subscription. Payments are processed securely via Stripe. By subscribing you authorise recurring charges to your payment method at the selected interval until you cancel. No refunds are issued for partial billing periods.

3. Account Credentials

You are responsible for keeping your username and password confidential. Do not share your credentials with others. Each subscription is for a single user. If we detect credential sharing, your account may be suspended without refund.

4. Permitted Use

NetWolf Pro is licensed for use in legitimate professional and educational network engineering contexts only โ€” including troubleshooting, lab environments, and authorised production systems. You must have explicit permission to run diagnostic commands on any device you target.

5. Prohibited Use

You may not use NetWolf Pro to:

โ€ข Access, modify, or disrupt systems you do not own or have explicit written authorisation to manage.
โ€ข Conduct unauthorised penetration testing or security audits.
โ€ข Reverse-engineer, resell, or redistribute the toolkit or its content.
โ€ข Share login credentials with users outside your subscription.

6. Disclaimer of Liability

NetWolf Pro is provided "as is" without warranty of any kind. The creators accept no liability for any damage, data loss, service interruption, security breach, or legal consequence arising from the use of this toolkit. You are solely responsible for any commands executed on live production equipment. Some commands (e.g. execute reboot, diagnose sys session clear) can cause traffic interruption โ€” always review before executing.

7. Intellectual Property

All content within NetWolf Pro โ€” including playbooks, configuration guides, and CLI references โ€” is the intellectual property of NetWolf. You may not copy, publish, or distribute this content without written permission.

8. Cancellation

You may cancel your subscription at any time by contacting us. Cancellation takes effect at the end of the current billing period. No partial refunds are issued.

9. Changes to Terms

We reserve the right to update these terms at any time. Continued use of the toolkit after changes constitutes acceptance of the updated terms. Subscribers will be notified of material changes by email.

10. Governing Law

These terms are governed by the laws of the Netherlands. Any disputes shall be subject to the exclusive jurisdiction of the courts of the Netherlands.

Last updated: May 2025 ยท NetWolf Pro Toolkit