Fortigate90D to Check Point NGX R75 IPSEC

Forum|Forum|7 years ago
November 19, 2018
1 reply
5464 views

Hi,

I have a problem creating a VPN tunnel between Fortigate90D to Check Point NGX R75 IPSEC.

The parameters between the two firewalls are the same but goes wrong.

I attach a screen shot. The LOG does not say much about the error so I do not have much information to provide you....

Thanks a lot to everyone

0.jpg

VPN

Toshi_Esumi

SuperUser

You can run "IKE" application debug described below to see what Phase1 parameters the FGT is receiving and what it's seeing as a problem. We always set a filter like "diag vpn ike log-filter dst-addr4 x.x.xx" even when only one IPsec is configured to avoid "noise" from random hacking attemps in the debug output.

https://cookbook.fortinet.com/ipsec-vpn-troubleshooting/

RiccardoProtiAuthor

New Member

Is it possible to have more detailed logs of vpn negotiation errors?

because the logs provided by fotigate are very few and not very detailed.

Is it possible to use a software or through shell to get more details?

Tanks

journeyman

New Member

Yes. See the link that Toshi provided above. Alternatively see this fortinet video which steps through solving common tunnel faults.

Within the cli use the following commands to collect logs, often you can find the problem.

# diagnose debug disable
# di de reset
# di vpn ike log-filter dst-addr4 x.x.x.x <---- remote gateway IP address
# di de application ike -1 
# di de enable
# di de di

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded