Commands to enable debug logs for troubleshooting IPSec VPN Tunnel in FortiGate

When troubleshooting site-to-site IPSEC VPN tunnels in FortiGate firewalls, these commands enable debugging on the firewall console and provide detailed information to identify the problem.

  • Login to CLI as admin
  • Disable any debug that are currently running

diagnose debug disable

  • Clear any debug filters that are previously applied

diagnose vpn ike log-filter clear

  • Set filter to show debug logs of a specific VPN tunnel. This is especially helpful if you have several VPN tunnels and facing problem with only one peer.

diagnose vpn ike log-filter dst-addr4

  • Enable debug mode on IKE handshaking process.

diagnose debug app ike 255

  • Enable debug logging to console

diagnose debug enable

After you fix the problem, don’t forget to disable debug

diagnose debug disable


You may also like...

Thank you for visiting us. To continue receiving updates, please Subscribe to our Social Media Channels.