During debugging VPN on Fortigate you may see logs from other active VPN's as well and if you running your firewall in MSP environment and have multiple customers hosted and they have VPN's then its not your good day...!!
Use below filters to make your life easy when debugging VPN IKE on Fortigates
diag vpn ike log-filter ?
clear erase the current filter
dst-addr4 the IPv4 destination address range to filter by
dst-addr6 the IPv6 destination address range to filter by
dst-port the destination port range to filter by
interface interface that IKE connection is negotiated over
list display the current filter
name the phase1 name to filter by
negate negate the specified filter parameter
src-addr4 the IPv4 source address range to filter by
src-addr6 the IPv6 source address range to filter by
src-port the source port range to filter by
vd index of virtual domain. -1 matches all
Once the filter is in place, you can then run debug using below command;
diag debug application ike -3
Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though. Check it out
ReplyDelete