= Fortigate debug and diagnose commands complete cheat sheet
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-09-01
:homepage: https://yurisk.info


NOTE: To enable debug set by any of the commands below, you need to run *diagnose debug enable*. This is assumed and not reminded any further.

== IPSEC VPN debug

.IPSEC VPN Debug
[cols=2*,options="header"]
|===
|Command
|Description

|*diagnose debug application ike -1*
| Enable IPSec VPN debug, shows phase 1 and phase 2 negotiations (for IKEv1) and everything for IKEv2. 
"-1" sets the verbosity level to maximum, any other number will show less output.

|*diagnose vpn ike gateway flush name <vpn_name>*
|Flush (delete) all SAs of the given VPN peer only.


|*get vpn ipsec stats tunnel*
| Show short general statistics about tunnels: number, kind, number of selectors, state

|===