{"id":389,"date":"2013-12-09T12:10:22","date_gmt":"2013-12-09T11:10:22","guid":{"rendered":"http:\/\/janscholten.de\/blog\/?p=389"},"modified":"2013-12-09T12:10:57","modified_gmt":"2013-12-09T11:10:57","slug":"fortigate-debug-eines-bestimmten-vpn-tunnels","status":"publish","type":"post","link":"https:\/\/janscholten.de\/blog\/2013\/12\/fortigate-debug-eines-bestimmten-vpn-tunnels\/","title":{"rendered":"Fortigate: Debug eines bestimmten VPN Tunnels"},"content":{"rendered":"

Wenn man eine gut best\u00fcckte Fortigate hat muss man hin und wieder auch mal Fehler suchen.
\nZ.B. warum kommt ein VPN Tunnel nicht hoch.<\/p>\n

Der „einfache“ Weg
\ndiag debug enable
\ndiag debug console
\ndiag debug ike -1<\/code><\/p>\n

gibt nat\u00fcrlich Daten \u00fcber alle VPN Verbindungen, was schnell un\u00fcbersichtlich wird.<\/p>\n

Man kann das ganze aber auch beschr\u00e4nken um z.B. nur Daten f\u00fcr eine Gegenstelle oder eine Phase2 zu sehen:<\/p>\n

Zur Auswahl stehen:
\ndiag vpn ike log-filter
\nclear Erase the current filter.
\ndst-addr4 IPv4 destination address range to filter by.
\ndst-addr6 IPv6 destination address range to filter by.
\ndst-port Destination port range to filter by.
\ninterface Interface that IKE connection is negotiated over.
\nlist Display the current filter.
\nname Phase1 name to filter by.
\nnegate Negate the specified filter parameter.
\nsrc-addr4 IPv4 source address range to filter by.
\nsrc-addr6 IPv6 source address range to filter by.
\nsrc-port Source port range to filter by.
\nvd Index of virtual domain. -1 matches all.
\n<\/code><\/p>\n

z.B.<\/p>\n

diag vpn ike log-filter dst-addr4 10.10.10.10
\ndiag debug enable
\ndiag debug console
\ndiag debug app ike -1
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

Wenn man eine gut best\u00fcckte Fortigate hat muss man hin und wieder auch mal Fehler suchen. Z.B. warum kommt ein VPN Tunnel nicht hoch. Der „einfache“ Weg diag debug enable diag debug console diag debug ike -1 gibt nat\u00fcrlich Daten \u00fcber alle VPN Verbindungen, was schnell un\u00fcbersichtlich wird. Man kann das ganze aber auch beschr\u00e4nken … Fortigate: Debug eines bestimmten VPN Tunnels<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,7,28,12],"tags":[40,53],"class_list":["post-389","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-erfahrungen","category-fortinet","category-job","tag-debug","tag-fortinet"],"_links":{"self":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/comments?post=389"}],"version-history":[{"count":2,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions"}],"predecessor-version":[{"id":391,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions\/391"}],"wp:attachment":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/media?parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/categories?post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/tags?post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}