Fortinet black logo

New Features

Add log field to identify ADVPN shortcuts in VPN logs

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:661245
Download PDF

Add log field to identify ADVPN shortcuts in VPN logs

The advpnsc log field in VPN event logs indicates that a VPN event is based on an ADVPN shortcut. A value of 1 indicates the tunnel is an ADVPN shortcut, and 0 indicates it is not.

Sample log
# execute log filter field advpnsc 1
# execute log display
35 logs found.
10 logs returned.
1: date=2022-01-05 time=11:37:15 eventtime=1641411435027292611 tz="-0800" logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=172.16.106.46 locip=192.168.15.3 remport=64916 locport=4500 outintf="port1" cookies="6ac548129ad085a6/9fb073b8e796e30b" user="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" group="N/A" useralt="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="_OCVPN3-0a_0" tunnelip=0.0.0.0 tunnelid=724776109 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0 advpnsc=1

This sample log is based on the following hub and spoke VPN configuration:

# diagnose vpn tunnel list
...
name=_OCVPN3-0a_0 ver=2 serial=c 192.168.15.3:4500->172.16.106.46:64916 tun_id=172.16.106.46 tun_id6=::172.16.106.46 dst_mtu=1500 dpd-link=on weight=1
bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/976 options[03d0]=create_dev no-sysctl rgwy-chg rport-chg frag-rfc accept_traffic=1 overlay_id=1
parent=_OCVPN3-0a index=0
proxyid_num=1 child_num=0 refcnt=6 ilast=9 olast=9 ad=r/2
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-idle on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=keepalive draft=0 interval=10 remote_port=64916
proxyid=_OCVPN3-0a proto=0 sa=1 ref=2 serial=1 auto-negotiate adr
  src: 0:0.0.0.0/0.0.0.0:0
  dst: 0:0.0.0.0/0.0.0.0:0
  SA: ref=3 options=1a203 type=00 soft=0 mtu=1422 expire=43176/0B replaywin=2048
       seqno=1 esn=0 replaywin_lastseq=00000000 itn=0 qat=0 hash_search_len=1
  life: type=01 bytes=0/0 timeout=43186/43200
  dec: spi=42f2d4c4 esp=aes key=16 84cbc50be871a5bbde4688621ae92101
       ah=sha1 key=20 5543e35e1cfe3cd59d9a5e3660adfe9d69e03ebb
  enc: spi=aceda538 esp=aes key=16 a0aa39ceadbaa5ef96644371bd39b5c7
       ah=sha1 key=20 c7dee396faa14ff2791bef8591ac82938f2e93fe
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0

Add log field to identify ADVPN shortcuts in VPN logs

The advpnsc log field in VPN event logs indicates that a VPN event is based on an ADVPN shortcut. A value of 1 indicates the tunnel is an ADVPN shortcut, and 0 indicates it is not.

Sample log
# execute log filter field advpnsc 1
# execute log display
35 logs found.
10 logs returned.
1: date=2022-01-05 time=11:37:15 eventtime=1641411435027292611 tz="-0800" logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=172.16.106.46 locip=192.168.15.3 remport=64916 locport=4500 outintf="port1" cookies="6ac548129ad085a6/9fb073b8e796e30b" user="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" group="N/A" useralt="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="_OCVPN3-0a_0" tunnelip=0.0.0.0 tunnelid=724776109 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0 advpnsc=1

This sample log is based on the following hub and spoke VPN configuration:

# diagnose vpn tunnel list
...
name=_OCVPN3-0a_0 ver=2 serial=c 192.168.15.3:4500->172.16.106.46:64916 tun_id=172.16.106.46 tun_id6=::172.16.106.46 dst_mtu=1500 dpd-link=on weight=1
bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/976 options[03d0]=create_dev no-sysctl rgwy-chg rport-chg frag-rfc accept_traffic=1 overlay_id=1
parent=_OCVPN3-0a index=0
proxyid_num=1 child_num=0 refcnt=6 ilast=9 olast=9 ad=r/2
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-idle on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=keepalive draft=0 interval=10 remote_port=64916
proxyid=_OCVPN3-0a proto=0 sa=1 ref=2 serial=1 auto-negotiate adr
  src: 0:0.0.0.0/0.0.0.0:0
  dst: 0:0.0.0.0/0.0.0.0:0
  SA: ref=3 options=1a203 type=00 soft=0 mtu=1422 expire=43176/0B replaywin=2048
       seqno=1 esn=0 replaywin_lastseq=00000000 itn=0 qat=0 hash_search_len=1
  life: type=01 bytes=0/0 timeout=43186/43200
  dec: spi=42f2d4c4 esp=aes key=16 84cbc50be871a5bbde4688621ae92101
       ah=sha1 key=20 5543e35e1cfe3cd59d9a5e3660adfe9d69e03ebb
  enc: spi=aceda538 esp=aes key=16 a0aa39ceadbaa5ef96644371bd39b5c7
       ah=sha1 key=20 c7dee396faa14ff2791bef8591ac82938f2e93fe
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0