Fortigate Troubleshooting – VPN


This is my first post regarding troubleshooting Fortigate devices.

To troubleshoot the Fortigate VPN configuration we will use the following commands:

#diag debug enable
#diag debug console timestamp en #this command shows the time-stamp
#diag debug app ike -1  <- used for v4.0MR1
#diag vpn ike log-filter dst-addr4 <-used from v4.0MR2 to the latest version
#diag debug app ike -1

<IP_PEER&gt <- is the ip of the remote peer.


To disable the VPN logging we can use:

#diag debug disable
#diag debug console timestamp dis
#diag debug app ike 0

The following commands show the active VPN tunnels:

#diag vpn tunnel list
#diag vpn gw list