diag vpn tunnel list | Lists all VPN tunnels and their statuses. | Safe |
diag vpn ike gateway list | Shows IKE gateways for troubleshooting phase1 negotiations. | Safe |
diag vpn ike log-filter <criteria> | Sets filter criteria for viewing IKE logs. Useful for narrowing down log output for specific tunnels or endpoints. | Safe |
diag debug app ike -1 | Enables detailed IKE debug logs. | Safe |
diag debug enable | Turns on debug messages. Use after specifying what debug messages to enable. | Safe |
diag debug disable | Turns off all debug messages. | Safe |
get vpn ipsec phase1 | Displays phase1 configurations and statuses. | Safe |
get vpn ipsec phase2 | Shows phase2 configurations and statuses. | Safe |
diag vpn ipsec status | Provides a summary of the IPsec status, including active tunnels. | Safe |
diag debug reset | Resets debug settings to default. | Safe |
diag debug flow trace start 100 | Starts packet flow tracing for 100 packets. Adjust the number based on your needs. | Safe |
diag debug flow filter addr <IP address> | Sets a filter to trace the flow for a specific IP address. | Safe |
diag debug flow show console enable | Ensures debug flow output is shown in the console. | Safe |
diag debug flow show function-name enable | Shows function names in flow debug output for deeper analysis. | Safe |
diag debug console timestamp enable | Adds timestamps to debug output, useful for time-based troubleshooting. | Safe |
exec ping <destination> | Pings a destination from the FortiGate to test reachability. Useful in VPN troubleshooting to check if tunnel endpoints are reachable. | Safe |
exec traceroute <destination> | Traces the route to a destination. Helps in identifying where packet drops are happening in the path. | Safe |
get vpn ssl stats | Displays statistics for SSL VPN, including active sessions. | Safe |
diag vpn ssl list | Lists SSL VPN sessions with detailed information. | Safe |
diag debug application sslvpn -1 | Enables detailed debug for SSL VPN. | Safe |
diag debug application ike -1 | Enables detailed IKE debug logs. Use cautiously as it generates a lot of logs. | Safe |
