Validate Basic Visibility
-
Connect VPN client and establish tunnel.
-
Once VPN session is established, login to FortiNAC CLI as root and type
RemoteAccess -remoteIP <client VPN IP>
Example:
> RemoteAccess -remoteIP 172.16.196.10
At this time, the resulting output should list:
IP Address
User Name
If this information was returned, the syslog message was processed correctly.
If “No remote user entry” message appears, the syslog message was not processed. See KB article Troubleshooting syslog for Palo Alto VPN for troubleshooting instructions.
-
Disconnect the client from the VPN session.
-
Re-run the RemoteAccess tool to verify the message “No remote user entry” is returned.
Example:
> RemoteAccess -remoteIP 172.16.196.10
No remote user entry for IP 172.16.196.10
If the results are the same as before, the syslog message was not processed. See KB article for troubleshooting instructions.