Skip to main content
sw2090
SuperUser
sw2090
SuperUser
December 11, 2017
Question

IKE Log filters are still ignored by the FortiGate

  • December 11, 2017
  • 1 reply
  • 19545 views

Hiho,

 

unfortunately the FGTs seem to still ignore IKE Debug Log Filters. No matter if I set "diag vpn ike log-filter name ..." or "diag vpn ike log filter name ..." or "diag vpn ike filter name ..." or all four even, still if I switch on "diag application ike -1" and then "diag debug enable" I get the log outputted unfiltered even though there should be filters now. I see them if I use the corresponding option "list" to output the corresponding filter list.

This is very annoying as it makes ipsec debugging very hard once you have some more tunnels :(

    1 reply

    oheigl
    oheigl
    New Member
    December 11, 2017

    This is since I started working with these devices. Just filter on the dst-addr4 field, this works every time for me.

    sw2090
    SuperUser
    sw2090Author
    SuperUser
    December 11, 2017

    src-addr4 or dst-addr4 don't help me much since there is severy ipsec tunnels from and to the specific ip. 

    This would only work if I were testing from outside office.

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 11, 2017

    Only one IPSec can be established with a given source-and-destination pair.

    Terms & ConditionsAccessibility statement