Fortigate vpn troubleshooting command with example
When troubleshooting FortiGate VPN connectivity, you can use various commands to gather information and diagnose potential issues. Here are some commonly used FortiGate VPN troubleshooting commands along with examples:
Certainly! Here are a few more FortiGate VPN troubleshooting commands with examples:
1. show vpn ipsec tunnel
This command displays the status and configuration details of all IPsec tunnels on the FortiGate device.
Example: `show vpn ipsec tunnel`
2. diag debug application ike -1
This command enables debugging for the Internet Key Exchange (IKE) protocol, which is used for establishing VPN tunnels.
Example: `diag debug application ike -1`
3. diag debug enable
This command enables general debug output on the FortiGate device, allowing you to monitor various processes and events.
Example: `diag debug enable`
4. diag debug reset
This command resets the debug output, stopping all debugging processes.
Example: `diag debug reset`
5. diagnose debug application ike -1
This command is similar to the "diag debug application ike -1" command, but it provides more detailed output for IKE debugging.
Example: `diagnose debug application ike -1`
6. diagnose vpn ike log-filter dst-addr <destination_IP>
This command filters the IKE logs to display only the logs related to a specific destination IP address.
Example: `diagnose vpn ike log-filter dst-addr 192.168.1.100`
7. diagnose debug console timestamp enable
This command enables the display of timestamps in the console output, helping you track events more accurately.
Example: `diagnose debug console timestamp enable`
8. diagnose vpn tunnel list
This command displays information about all active VPN tunnels, including their status, source and destination IPs, and traffic statistics.
Example: `diagnose vpn tunnel list`
9. diagnose debug application sslvpn -1
This command enables debugging for SSL VPN-related issues. It provides detailed output for troubleshooting SSL VPN connections.
Example: `diagnose debug application sslvpn -1`
10. diagnose debug flow filter src <source_IP>
This command filters the debug flow output to display only flows originating from a specific source IP address.
Example: `diagnose debug flow filter src 10.0.0.1`
11. diagnose debug flow show function-name enable
This command displays the function names in the debug flow output, making it easier to trace the flow of packets.
Example: `diagnose debug flow show function-name enable`
12. diagnose vpn ike log-filter src-addr <source_IP>
This command filters the IKE logs to display only the logs related to a specific source IP address.
Example: `diagnose vpn ike log-filter src-addr 192.168.0.10`
13. diagnose sys session list vpn
This command lists all active VPN sessions on the FortiGate device, providing details such as source and destination IPs, protocols, and session IDs.
Example: `diagnose sys session list vpn`
14. get system performance top
This command shows the top processes consuming system resources, which can help identify any performance issues affecting VPN connectivity.
Example: `get system performance top`
15. diagnose debug application l2tp -1
This command enables debugging for L2TP-related issues. It provides detailed output for troubleshooting L2TP VPN connections.
Example: `diagnose debug application l2tp -1`
16. diagnose vpn ike gateway list
This command lists all configured IKE gateways on the FortiGate device, providing information such as their names, interfaces, and status.
Example: `diagnose vpn ike gateway list`
17. diagnose debug application pptp -1
This command enables debugging for PPTP-related issues. It provides detailed output for troubleshooting PPTP VPN connections.
Example: `diagnose debug application pptp -1`
18. diagnose debug application ipsec -1
This command enables debugging for IPsec-related issues. It provides detailed output for troubleshooting IPsec VPN connections.
Example: `diagnose debug application ipsec -1`
19. diagnose debug application ssl -1
This command enables debugging for SSL-related issues. It provides detailed output for troubleshooting SSL VPN connections.
Example: `diagnose debug application ssl -1`
20. diagnose debug flow filter dport <destination_port>
This command filters the debug flow output to display only flows targeting a specific destination port.
Example: `diagnose debug flow filter dport 80`
21. diagnose debug enable -1
This command enables all available debug messages on the FortiGate device, providing comprehensive information for troubleshooting purposes.
Example: `diagnose debug enable -1`
22. diagnose debug disable
This command disables all active debug output on the FortiGate device, helping to conserve system resources.
Example: `diagnose debug disable`
23. diagnose debug flow trace start <source_IP> <destination_IP>
This command initiates flow tracing between a specific source and destination IP address, allowing you to monitor the flow of packets and identify any issues.
Example: `diagnose debug flow trace start 192.168.1.10 10.0.0.1`
24. get vpn ike gateway <gateway_name> status
This command retrieves the status of a specific IKE gateway, providing information such as its uptime, number of tunnels, and phase 1 and phase 2 status.
Example: `get vpn ike gateway "VPN-Gateway" status`
Certainly! Here are a few more FortiGate VPN troubleshooting commands with examples:
25. diagnose debug application ike 0
This command enables debugging for IKEv1-related issues. It provides detailed output for troubleshooting IKEv1 VPN connections.
Example: `diagnose debug application ike 0`
26. diagnose debug application ike 1
This command enables debugging for IKEv2-related issues. It provides detailed output for troubleshooting IKEv2 VPN connections.
Example: `diagnose debug application ike 1`
27. diagnose debug flow filter src-subnet <source_subnet>
This command filters the debug flow output to display only flows originating from a specific source subnet.
Example: `diagnose debug flow filter src-subnet 192.168.0.0/24`
28. diagnose debug flow filter dst-subnet <destination_subnet>
This command filters the debug flow output to display only flows targeting a specific destination subnet.
Example: `diagnose debug flow filter dst-subnet 10.0.0.0/24`
29. diagnose debug flow filter src-port <source_port>
This command filters the debug flow output to display only flows originating from a specific source port.
Example: `diagnose debug flow filter src-port 5000`
30. diagnose debug flow filter dst-port <destination_port>
This command filters the debug flow output to display only flows targeting a specific destination port.
Example: `diagnose debug flow filter dst-port 443`
31. diagnose vpn tunnel reset <tunnel_name>
This command resets a specific VPN tunnel, terminating and re-establishing the connection.
Example: `diagnose vpn tunnel reset "VPN-Tunnel"`
32. diagnose firewall session list
This command lists all active firewall sessions, including those related to VPN traffic. It provides details such as source and destination IPs, ports, and session status.
Example: `diagnose firewall session list`
33. diagnose vpn ike config
This command displays the current IKE configuration, including parameters such as encryption algorithms, key lifetimes, and pre-shared keys.
Example: `diagnose vpn ike config`
34. diagnose vpn ike log-filter tunnel-id <tunnel_ID>
This command filters the IKE logs to display only the logs related to a specific VPN tunnel ID.
Example: `diagnose vpn ike log-filter tunnel-id 12345`
These additional commands should help you further troubleshoot VPN connectivity and diagnose specific issues on your FortiGate device. Always consult the FortiGate documentation or seek assistance from Fortinet support for comprehensive troubleshooting guidance based on your specific environment and firmware version.
