Tuesday, September 3, 2013

Fortigate VPN Debug log filter for IKE

During debugging VPN on Fortigate you may see logs from other active VPN's as well and if you running your firewall in MSP environment and have multiple customers hosted and they have VPN's then its not your good day...!!

Use below filters to make your life easy when debugging VPN IKE on Fortigates

diag  vpn ike  log-filter ?
clear        erase the current filter
dst-addr4    the IPv4 destination address range to filter by
dst-addr6    the IPv6 destination address range to filter by
dst-port     the destination port range to filter by
interface    interface that IKE connection is negotiated over
list         display the current filter
name         the phase1 name to filter by
negate       negate the specified filter parameter
src-addr4    the IPv4 source address range to filter by
src-addr6    the IPv6 source address range to filter by
src-port     the source port range to filter by
vd           index of virtual domain. -1 matches all


Once the filter is in place, you can then run debug using below command;

diag debug application ike -3


2 comments:

  1. Great info! I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have. vpn

    ReplyDelete
  2. The VPN industry has been, up until recently, largely a business services industry. And because of this, the average consumer may find shopping for a personal VPN service in 2012 just a little intimidating. Here's what a person needs to keep in mind when selecting a personal VPN service. Best VPN

    ReplyDelete