FortiGate Installation and Configuration Guide

IPSec VPN Monitoring and Troubleshooting VPNs

FortiGate-50A Installation and Configuration Guide 201

Monitoring and Troubleshooting VPNs

• Viewing VPN tunnel status

• Viewing dialup VPN connection status

• Testing a VPN

Viewing VPN tunnel status

You can use the IPSec VPN tunnel list to view the status of all IPSec AutoIKE key

VPN tunnels. For each tunnel, the list shows the status and the tunnel time out.

To view VPN tunnel status

1 Go to VPN > IPSEC > Phase 2.

2 View the status and timeout for each VPN tunnel.

Figure 27: AutoIKE key tunnel status

Viewing dialup VPN connection status

You can use the dialup monitor to view the status of dialup VPNs. The dialup monitor

lists the remote gateways and the active VPN tunnels for each gateway. The monitor

also lists the tunnel lifetime, timeout, proxy ID source, and proxy ID destination for

each tunnel.

To view dialup connection status

1 Go to VPN > IPSec > Dialup Monitor.

2 View the dialup connection status information for the FortiGate unit:

Status The status of each tunnel. If Status is Up, the tunnel is active. If Status is

Down, the tunnel is not active. If Status is Connecting, the tunnel is

attempting to start a VPN connection with a remote VPN gateway or client.

Timeout

The time before the next key exchange. The time is calculated by

subtracting the time elapsed since the last key exchange from the keylife.

Remote gateway The IP address of the remote dialup remote gateway on the FortiGate unit.

Lifetime The amount of time that the dialup VPN connection has been active.

Timeout The time before the next key exchange. The time is calculated by

subtracting the time elapsed since the last key exchange from the keylife.