Fortinet black logo

Administration Guide

IPsec monitor

IPsec monitor

The IPsec monitor displays all connected Site to Site VPN and Dial-up VPNs. You can use the monitor to bring a phase 2 tunnel up or down or disconnect dial-up users.

To view the IPSEC monitor in the GUI:
  1. Go to Dashboard > Network.
  2. Hover over the IPsec widget, and click Expand to Full Screen.
Tooltip

To filter or configure a column in the table, hover over the column heading and click Filter/Configure Column.

To reset statistics:
  1. Select a tunnel in the table.
  2. In the toolbar, click Reset Statistics or right-click the tunnel, and click Reset Statistics. The Confirm window opens.
  3. Click OK.
To bring a tunnel up:
  1. Select a tunnel in the table.
  2. Click Bring Up, or right-click the tunnel, and click Bring Up. The Confirm window opens.
  3. Click OK.
To bring a tunnel down:
  1. Select a tunnel in the table.
  2. Click Bring Down, or right-click the tunnel, and click Bring Down. The Confirm window opens.
  3. Click OK.
To locate a tunnel on the VPN Map:
  1. Select a tunnel in the table.
  2. Click Locate on VPN Map, or right-click the tunnel, and click Locate on VPN Map. You are taken to VPN > VPN Location Map.
To view the IPsec monitor in the CLI:

# diagnose vpn tunnel list

Sample output:

list all ipsec tunnel in vd 0

------------------------------------------------------

name=fct-dialup ver=1 serial=4 10.100.67.5:0->0.0.0.0:0 dst_mtu=0

bound_if=3 lgwy=static/1 tun=intf/0 mode=dialup/2 encap=none/512 options[0200]=frag-rfc accept_traffic=1 overlay_id=0

proxyid_num=0 child_num=0 refcnt=12 ilast=5545 olast=5545 ad=/0

stat: rxp=0 txp=0 rxb=0 txb=0

dpd: mode=on-demand on=0 idle=20000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

run_tally=0

------------------------------------------------------

name=To-HQ-MPLS ver=2 serial=3 192.168.0.14:0->192.168.0.1:0 dst_mtu=1500

bound_if=7 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/528 options[0210]=create_dev frag-rfc accept_traffic=1 overlay_id=0

proxyid_num=1 child_num=0 refcnt=22 ilast=0 olast=0 ad=/0

stat: rxp=66693 txp=29183 rxb=33487128 txb=1908427

dpd: mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

proxyid=To-HQ-MPLS proto=0 sa=1 ref=6 serial=1 adr

src: 0:0.0.0.0/0.0.0.0:0

dst: 0:0.0.0.0/0.0.0.0:0

SA: ref=3 options=32203 type=00 soft=0 mtu=1438 expire=266/0B replaywin=2048

seqno=2c5e esn=0 replaywin_lastseq=00002ea3 itn=0 qat=0 hash_search_len=1

life: type=01 bytes=0/0 timeout=1773/1800

dec: spi=700c9198 esp=aes key=16 ebd04605de6148c8a92ced48b30930fa

ah=sha1 key=20 5f0201f67d7c714a046025a1df41d40376437f6a

enc: spi=5aaccc20 esp=aes key=16 13d5d4b46e5e9c42eef509f2d9879188

ah=sha1 key=20 2dde67ef7a2a78b622d9a7ec6d75ad3c55d241e1

dec:pkts/bytes=11938/5226964, enc:pkts/bytes=11357/1312184

IPsec monitor

The IPsec monitor displays all connected Site to Site VPN and Dial-up VPNs. You can use the monitor to bring a phase 2 tunnel up or down or disconnect dial-up users.

To view the IPSEC monitor in the GUI:
  1. Go to Dashboard > Network.
  2. Hover over the IPsec widget, and click Expand to Full Screen.
Tooltip

To filter or configure a column in the table, hover over the column heading and click Filter/Configure Column.

To reset statistics:
  1. Select a tunnel in the table.
  2. In the toolbar, click Reset Statistics or right-click the tunnel, and click Reset Statistics. The Confirm window opens.
  3. Click OK.
To bring a tunnel up:
  1. Select a tunnel in the table.
  2. Click Bring Up, or right-click the tunnel, and click Bring Up. The Confirm window opens.
  3. Click OK.
To bring a tunnel down:
  1. Select a tunnel in the table.
  2. Click Bring Down, or right-click the tunnel, and click Bring Down. The Confirm window opens.
  3. Click OK.
To locate a tunnel on the VPN Map:
  1. Select a tunnel in the table.
  2. Click Locate on VPN Map, or right-click the tunnel, and click Locate on VPN Map. You are taken to VPN > VPN Location Map.
To view the IPsec monitor in the CLI:

# diagnose vpn tunnel list

Sample output:

list all ipsec tunnel in vd 0

------------------------------------------------------

name=fct-dialup ver=1 serial=4 10.100.67.5:0->0.0.0.0:0 dst_mtu=0

bound_if=3 lgwy=static/1 tun=intf/0 mode=dialup/2 encap=none/512 options[0200]=frag-rfc accept_traffic=1 overlay_id=0

proxyid_num=0 child_num=0 refcnt=12 ilast=5545 olast=5545 ad=/0

stat: rxp=0 txp=0 rxb=0 txb=0

dpd: mode=on-demand on=0 idle=20000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

run_tally=0

------------------------------------------------------

name=To-HQ-MPLS ver=2 serial=3 192.168.0.14:0->192.168.0.1:0 dst_mtu=1500

bound_if=7 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/528 options[0210]=create_dev frag-rfc accept_traffic=1 overlay_id=0

proxyid_num=1 child_num=0 refcnt=22 ilast=0 olast=0 ad=/0

stat: rxp=66693 txp=29183 rxb=33487128 txb=1908427

dpd: mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

proxyid=To-HQ-MPLS proto=0 sa=1 ref=6 serial=1 adr

src: 0:0.0.0.0/0.0.0.0:0

dst: 0:0.0.0.0/0.0.0.0:0

SA: ref=3 options=32203 type=00 soft=0 mtu=1438 expire=266/0B replaywin=2048

seqno=2c5e esn=0 replaywin_lastseq=00002ea3 itn=0 qat=0 hash_search_len=1

life: type=01 bytes=0/0 timeout=1773/1800

dec: spi=700c9198 esp=aes key=16 ebd04605de6148c8a92ced48b30930fa

ah=sha1 key=20 5f0201f67d7c714a046025a1df41d40376437f6a

enc: spi=5aaccc20 esp=aes key=16 13d5d4b46e5e9c42eef509f2d9879188

ah=sha1 key=20 2dde67ef7a2a78b622d9a7ec6d75ad3c55d241e1

dec:pkts/bytes=11938/5226964, enc:pkts/bytes=11357/1312184