Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mpandya
Staff
Staff

Created on ‎10-29-2025 10:56 PM

Article Id 412911

Technical Tip: Collect IKE Debug Logs for IPsec VPN Directly from the GUI

Description This article describes the process of collecting IKE debug logs using the FortiGate GUI.
Skope FortiGate v7.6.3 and later.
Solution

In environments where multiple IPsec tunnels are configured, managing diagnostics through the CLI can be complex. The FortiGate GUI provides a simplified and more efficient method for collecting IKE debug logs.

 

Steps to collect IKE debug from the GUI:

  1. Log in to the FortiGate GUI.
  2. Navigate to VPN -> IPsec Tunnels.
  3. Locate the specific IPsec tunnel that requires debugging.
  4. 'Right-click' the tunnel and select CLI Diagnostics.

 Screenshot 2025-09-27 025811.png

 

  1. In the opened diagnostics window, select IKE Debug from the available options.
  2. Start the debug process and reproduce the issue or initiate the tunnel connection.
  3. Once the debug session is complete, stop the debug 'diagnose deb reset' to avoid unnecessary log generation.
  4. The collected debug output can be reviewed directly in the GUI or exported for further analysis.
284
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.