Connecting a local FortiGate to an Azure FortiGate via site-to-site VPN Troubleshooting Commands

-


Connecting a local FortiGate to an Azure FortiGate via site-to-site VPN Troubleshooting Commands.

Following information capture to help identify the issue.


# get sys status
# exec ping <peer IP>
# show full vpn ipsec phase1-interface <tunnel name>
# show full vpn ipsec phase2-interface <tunnel name>
# get vpn ipsec tunnel summary
# diag vpn ike gateway list name <tunnel name>
# diag vpn tunnel list name <tunnel name>

Please run packet sniffer capture and ike debug in the event the VPN tunnel is down.
# diag sniffer packet any 'host <peer IP> and port (500 or 4500)' 4 0 1

# diagnose vpn ike log-filter dst-addr4 <remote peer IP>
# diagnose debug application ike -1
# diagnose debug enable


=== Try initial VPN tunnel from remote peer===

To disable Debug:
diag debug disable
diag debug reset

Please use the below link to save the output of the putty:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-using-PuTTY/ta-p/194148?cmd=displayKC&docType=kc&externalId=FD36043

Troubleshooting Tip: IPsec VPNs tunnels
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

When troubleshooting a site-to-site VPN connection between a local FortiGate and an Azure FortiGate, there are several commands that can be used to gather information and help identify the root cause of the issue.

  1. diagnose vpn ike log-filter - This command will display the IKE (Internet Key Exchange) logs for the VPN connection, which can be useful in identifying any issues with the initial VPN negotiation.

  2. diagnose vpn ipsec log-filter - This command will display the IPsec (Internet Protocol Security) logs for the VPN connection, which can be useful in identifying issues with the encrypted data traffic.

  3. diagnose vpn tunnel list - This command will show the current status of all VPN tunnels, including the peer IP address and the negotiated encryption and authentication settings.

  4. get vpn ipsec phase1-interface - This command will display the Phase 1 settings for the VPN connection, including the encryption and authentication settings, the local and remote subnets, and the IKE version.

  5. get vpn ipsec phase2-interface - This command will display the Phase 2 settings for the VPN connection, including the encryption and authentication settings, the local and remote subnets, and the IPsec protocol.

  6. diag sys connection list - This command will show all current IPsec connections, including the source and destination IP addresses, the encryption and authentication settings, and the connection status.

It is important to also check the Azure FortiGate's logs and configuration, firewall rules and network configurations in Azure.

It is also recommended to check the routes and firewall policies on both the local and Azure FortiGates, and to verify that the public IP addresses and pre-shared keys are configured correctly.

Comments

Post a Comment

Popular posts from this blog

What is Microsoft SharePoint ?

-
Microsoft SharePoint is a web-based collaborative platform that integrates with Microsoft Office. It's primarily used for document management and storage but also offers a wide range of capabilities such as intranet, content management, workflow management, business intelligence, and enterprise search. SharePoint allows users to create sites where they can share documents, information, and ideas within their organization. These sites can be customized to fit specific needs, such as team collaboration, project management, or departmental portals. Some key features of SharePoint include: Document Management: Users can upload, store, organize, and share documents within SharePoint sites. Version control ensures that users are always working with the latest version of a document. Collaboration: SharePoint facilitates collaboration among team members through features like document co-authoring, discussion boards, calendars, and task lists. Intranet and Portals: SharePoint can be used...
Read more

General Cybersecurity

-
What is perimeter security?  Perimeter security, in the context of cybersecurity, refers to the measures and strategies implemented to protect an organization's internal network from external threats. It establishes a boundary, or perimeter, between the organization's internal network and the external environment, such as the internet. The goal of perimeter security is to prevent unauthorized access, attacks, and breaches from reaching the internal network and its resources. Here are some key components and concepts related to perimeter security: Firewalls: Firewalls are the cornerstone of perimeter security. They inspect incoming and outgoing network traffic based on predefined rules and policies. Firewalls can block or allow traffic based on factors such as IP addresses, port numbers, and protocols. Intrusion Detection and Prevention Systems (IDPS): IDPS solutions monitor network traffic for signs of malicious activity or known attack patterns. They can detect and prevent i...
Read more

Well-Architected Framework | Solution Architect

-
The Well-Architected Framework is a set of best practices and guidelines designed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. The framework is developed by AWS (Amazon Web Services), but similar principles can be applied to other cloud platforms. The Well-Architected Framework consists of five pillars, each addressing a key aspect of building well-designed and well-operated systems. These pillars are: Operational Excellence: Focuses on operational practices that ensure efficient and effective use of cloud resources. Key considerations include monitoring, incident response, automation, and overall operational health. Security: Emphasizes the importance of implementing robust security measures to protect data, systems, and assets. Covers data protection, identity and access management, and incident response, among other security aspects. Reliability: Aims to ensure a system's ability to recover from failures ...
Read more