Fortigate CLI

Commands to enable debug logs for troubleshooting IPSec VPN Tunnel in FortiGate

43

When troubleshooting site-to-site IPSEC VPN tunnels in FortiGate firewalls, these commands enable debugging on the firewall console and provide detailed information to identify the problem.

  • Login to CLI as admin
  • Disable any debug that are currently running

diagnose debug disable

  • Clear any debug filters that are previously applied

diagnose vpn ike log-filter clear

  • Set filter to show debug logs of a specific VPN tunnel. This is especially helpful if you have several VPN tunnels and facing problem with only one peer.

diagnose vpn ike log-filter dst-addr4 10.10.10.1

  • Enable debug mode on IKE handshaking process.

diagnose debug app ike 255

  • Enable debug logging to console

diagnose debug enable

After you fix the problem, don’t forget to disable debug

diagnose debug disable

 

· · ·


Related Articles & Comments

Thank you for visiting us. To continue receiving updates, please Subscribe to our Social Media Channels.

Google+
FACEBOOK
RSS
YOUTUBE
Menu Title
%d bloggers like this: