Comprendre les logs IPSEC sur un Firewall Fortigate IPsec phase1 IPsec phase1 negotiating logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local" mode="aggressive" dir="outbound" stage=1 role="initiator" result="OK" IPsec phase1 negotiated logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/1230131a28eb4e73" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local" mode="aggressive" dir="outbound" stage=2 role="initiator" result="DONE" IPsec phase1 tunnel up logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=11.
Troubleshooting Fortigate firewall: Use the following steps to assist with resolving a VPN tunnel that is not active or passing traffic. Solution Step 1: What type of tunnel have issues? FortiOS supports:
Site-to-Site VPN. Dial-Up VPN . Step 2: Is Phase-2 Status ‘UP’? No (SA=0) - Continue to Step 3. Yes (SA=1) - If traffic is not passing, - Jump to Step 6. Flapping - SA is flapping between ‘UP’ and ‘Down’ state - Jump to Step 7.
✦
Troubleshooting Fortigate firewall: To view the date and time in the CLI: To view the date FortiGate-VM64-HV # execute date current date is: 2022-08-01 To view time FortiGate-VM64-HV # execute time current time is: 09:54:57 last ntp sync:Mon Aug 1 09:20:07 2022 To view system resources in the CLI: FortiGate-VM64-HV # get system performance status CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq Memory: 2058672k total, 880400k used (42.
✦
Tips and Tricks on Fortigate firewalls Check configuration informations: How to get ip address: FortiGate-VM64-HV # diagnose ip address list IP=10.152.8.141->10.222.333.444/255.255.255.0 index=3 devname=port1 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=5 devname=root IP=10.255.1.1->10.255.1.1/255.255.255.0 index=9 devname=fortilink IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=12 devname=vsys_fgfm To view the ARP cache in the CLI: FortiGate-VM64-HV # get system arp Address Age(min) Hardware Addr Interface 10.222.333.444 0 7c:21:4a:24:16:c0 port1 10.152.8.1 0 f4:bd:9e:6d:67:75 port1 To view the ARP cache in the system in the CLI: FortiGate-VM64-HV # diagnose ip arp list index=3 ifname=port1 10.
