Fortinet black logo

New Features

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Add log field to identify ADVPN shortcuts in VPN logs

Add log field to identify ADVPN shortcuts in VPN logs

The advpnsc log field in VPN event logs indicates that a VPN event is based on an ADVPN shortcut. A value of 1 indicates the tunnel is an ADVPN shortcut, and 0 indicates it is not.

Sample log
# execute log filter field advpnsc 1
# execute log display
35 logs found.
10 logs returned.
1: date=2022-01-05 time=11:37:15 eventtime=1641411435027292611 tz="-0800" logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=172.16.106.46 locip=192.168.15.3 remport=64916 locport=4500 outintf="port1" cookies="6ac548129ad085a6/9fb073b8e796e30b" user="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" group="N/A" useralt="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="_OCVPN3-0a_0" tunnelip=0.0.0.0 tunnelid=724776109 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0 advpnsc=1

This sample log is based on the following hub and spoke VPN configuration:

# diagnose vpn tunnel list
...
name=_OCVPN3-0a_0 ver=2 serial=c 192.168.15.3:4500->172.16.106.46:64916 tun_id=172.16.106.46 tun_id6=::172.16.106.46 dst_mtu=1500 dpd-link=on weight=1
bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/976 options[03d0]=create_dev no-sysctl rgwy-chg rport-chg frag-rfc accept_traffic=1 overlay_id=1
parent=_OCVPN3-0a index=0
proxyid_num=1 child_num=0 refcnt=6 ilast=9 olast=9 ad=r/2
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-idle on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=keepalive draft=0 interval=10 remote_port=64916
proxyid=_OCVPN3-0a proto=0 sa=1 ref=2 serial=1 auto-negotiate adr
  src: 0:0.0.0.0/0.0.0.0:0
  dst: 0:0.0.0.0/0.0.0.0:0
  SA: ref=3 options=1a203 type=00 soft=0 mtu=1422 expire=43176/0B replaywin=2048
       seqno=1 esn=0 replaywin_lastseq=00000000 itn=0 qat=0 hash_search_len=1
  life: type=01 bytes=0/0 timeout=43186/43200
  dec: spi=42f2d4c4 esp=aes key=16 84cbc50be871a5bbde4688621ae92101
       ah=sha1 key=20 5543e35e1cfe3cd59d9a5e3660adfe9d69e03ebb
  enc: spi=aceda538 esp=aes key=16 a0aa39ceadbaa5ef96644371bd39b5c7
       ah=sha1 key=20 c7dee396faa14ff2791bef8591ac82938f2e93fe
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0
Previous
Next

Add log field to identify ADVPN shortcuts in VPN logs

The advpnsc log field in VPN event logs indicates that a VPN event is based on an ADVPN shortcut. A value of 1 indicates the tunnel is an ADVPN shortcut, and 0 indicates it is not.

Sample log
# execute log filter field advpnsc 1
# execute log display
35 logs found.
10 logs returned.
1: date=2022-01-05 time=11:37:15 eventtime=1641411435027292611 tz="-0800" logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=172.16.106.46 locip=192.168.15.3 remport=64916 locport=4500 outintf="port1" cookies="6ac548129ad085a6/9fb073b8e796e30b" user="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" group="N/A" useralt="C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGVMSLTM20003739, emailAddress = support@fortinet.com" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="_OCVPN3-0a_0" tunnelip=0.0.0.0 tunnelid=724776109 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0 advpnsc=1

This sample log is based on the following hub and spoke VPN configuration:

# diagnose vpn tunnel list
...
name=_OCVPN3-0a_0 ver=2 serial=c 192.168.15.3:4500->172.16.106.46:64916 tun_id=172.16.106.46 tun_id6=::172.16.106.46 dst_mtu=1500 dpd-link=on weight=1
bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/976 options[03d0]=create_dev no-sysctl rgwy-chg rport-chg frag-rfc accept_traffic=1 overlay_id=1
parent=_OCVPN3-0a index=0
proxyid_num=1 child_num=0 refcnt=6 ilast=9 olast=9 ad=r/2
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-idle on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=keepalive draft=0 interval=10 remote_port=64916
proxyid=_OCVPN3-0a proto=0 sa=1 ref=2 serial=1 auto-negotiate adr
  src: 0:0.0.0.0/0.0.0.0:0
  dst: 0:0.0.0.0/0.0.0.0:0
  SA: ref=3 options=1a203 type=00 soft=0 mtu=1422 expire=43176/0B replaywin=2048
       seqno=1 esn=0 replaywin_lastseq=00000000 itn=0 qat=0 hash_search_len=1
  life: type=01 bytes=0/0 timeout=43186/43200
  dec: spi=42f2d4c4 esp=aes key=16 84cbc50be871a5bbde4688621ae92101
       ah=sha1 key=20 5543e35e1cfe3cd59d9a5e3660adfe9d69e03ebb
  enc: spi=aceda538 esp=aes key=16 a0aa39ceadbaa5ef96644371bd39b5c7
       ah=sha1 key=20 c7dee396faa14ff2791bef8591ac82938f2e93fe
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0
Previous
Next