Debug VPN in Fortigate

You can see debug commands for IPSEC site-to-site below,

- Enable debugging
FGA# diag debug en

- Enable debug messages for specific application , here we are interested in IKE
FGA # diag debug app ike -1

- also to do sniffer on the tests
FGA # diagnose sniffer packet any ‘host 10.10.10.10′

- end of debuging,
FGA # diag debug disable

CheckPoint Debug Command

Posted on March 2, 2012 by cemocan

in the expert mode,

fw ctl zdebug + drop | grep <ipaddress>