Chapter 18 Troubleshooting : ­Troubleshooting tools : FortiOS diagnostics : Debug command : Debug output example
  
Debug output example
This example shows the IKE negotiation for a secure logging connection from a FortiGate unit to a FortiAnalyzer system.
diag debug reset
diag vpn ike log-filter src-addr4 192.168.11.2
diag debug enable
Sample Output:
FGh_FtiLog1: IPsec SA connect 0 192.168.11.2->192.168.10.201:500, natt_mode=0 rekey=0 phase2=FGh_FtiLog1
FGh_FtiLog1: using existing connection, dpd_fail=0
FGh_FtiLog1: found phase2 FGh_FtiLog1
FGh_FtiLog1: IPsec SA connect 0 192.168.11.2 -> 192.168.10.201:500 negotiating
FGh_FtiLog1: overriding selector 225.30.5.8 with 192.168.11.2
FGh_FtiLog1: initiator quick-mode set pfs=1536...
FGh_FtiLog1: try to negotiate with 1800 life seconds.
FGh_FtiLog1: initiate an SA with selectors: 192.168.11.2/0.0.0.0->192.168.10.201, ports=0/0, protocol=0/0
Send IKE Packet(quick_outI1):192.168.11.2:500(if0) -> 192.168.10.201:500, len=348
Initiator: sent 192.168.10.201 quick mode message #1 (OK)
FGh_FtiLog1: set retransmit: st=168, timeout=6.
In this example:
192.168.11.2->192.168.10.201:500
Source and Destination gateway IP address
dpd_fail=0
Found existing Phase 1
pfs=1536...
Create new Phase 2 tunnel