Fortigate IPSec Trouble Shooting

Here are the basic commands to trouble shoot IPSec on a Fortigate firewall.

Use diag debug en
Diag vpn ike filt
Diag debug app ike -1
Diag debug reset

SA is on phase 1 and phase 2 but typically refered to in phase 2
An SA is required for each direction

AH authentication header, is not encrypted and is not typically used (protocol 51)

ESP is nwo used most of the time (protcol 50)

For IT Support and InfoSec services see,

This entry was posted in IT (Informatin Technology), Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>