Debug VPN in Fortigate

You can see debug commands for IPSEC site-to-site below,

- Enable debugging
FGA# diag debug en

- Enable debug messages for specific application , here we are interested in IKE
FGA # diag debug app ike -1

- also to do sniffer on the tests
FGA # diagnose sniffer packet any ‘host 10.10.10.10′

- end of debuging,
FGA # diag debug disable