mirror of
https://github.com/yuriskinfo/cheat-sheets.git
synced 2026-01-03 11:34:53 +01:00
42 lines
1.3 KiB
Plaintext
42 lines
1.3 KiB
Plaintext
= Fortigate debug and diagnose commands complete cheat sheet
|
|
Yuri Slobodyanyuk <admin@yurisk.info>
|
|
v1.0, 2020-09-01
|
|
:homepage: https://yurisk.info
|
|
|
|
|
|
NOTE: To enable debug set by any of the commands below, you need to run *diagnose debug enable*. This is assumed and not reminded any further.
|
|
|
|
== IPSEC VPN debug
|
|
|
|
.IPSEC VPN Debug
|
|
[cols=2*,options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|*diagnose debug application ike -1*
|
|
| Enable IPSec VPN debug, shows phase 1 and phase 2 negotiations (for IKEv1) and everything for IKEv2.
|
|
"-1" sets the verbosity level to maximum, any other number will show less output.
|
|
|
|
|*diagnose vpn ike gateway flush name <vpn_name>*
|
|
|Flush (delete) all SAs of the given VPN peer only.
|
|
|
|
|*get vpn ipsec tunnel details*
|
|
| Get detailed info about the tunnels: Rx/Tx packets/bytes, IP addresses of the peers, algorithms used, detailed selectors info, lifetime.
|
|
|
|
|*get vpn ipsec stats tunnel*
|
|
| Show short general statistics about tunnels: number, kind, number of selectors, state
|
|
|
|
|*get vpn ipsec tunnel summary*
|
|
| Short statistics per each tunnel: number of selectors up/down, number of packets Rx/Tx.
|
|
|
|
|
|
|*get vpn ipsec stats crypto*
|
|
| Show statistics of the crypto component (ASIC/software) of the Fortigate: encryption algorithm, hasshing algorithm.
|
|
|
|
|
|
|
|
|
|
|
|
|===
|