FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Umer221
Staff
Staff
Article Id 360975
Description

This article provides guidance on enabling or disabling alert emails for the 'IPsec Phase 1 negotiation error' event. Such alerts may occur even when unauthorized users attempt to negotiate or match the IPsec configuration settings for a connection.

 

Below is an example of a log entry generated for an 'IPsec Phase 1 negotiation error':

 

date=2023-06-16 time=07:54:44 devname=FortiGate1 devid=FGTSERIALNUMBER eventtime=1686898483530925968 tz="+0100" logid="0101037128" type="event" subtype="vpn" level="error" vd="root" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="wan2" cookies="55656d6764527746/0000000000000000" user="N/A" group="N/A" useralt="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="failure" init="remote" exch="SA_INIT" dir="inbound" role="responder" result="ERROR" version="IKEv2" advpnsc=0

Scope FortiGate, IPsec.
Solution

To manage whether alert emails for 'IPsec Phase 1 negotiation errors' are sent, use the following steps to enable or disable the IPsec-errors-logs setting in the alert email configuration. Below are the steps to configure this setting based on your requirements.

 

To receive email notifications for IPsec VPN errors, including "IPsec Phase 1 negotiation errors," execute the following commands:

 

config alertemail setting
    set IPsec-errors-logs enable
end

 

This ensures that all IPsec VPN error logs, including 'IPsec Phase 1 negotiation errors,' are sent to the configured email addresses.

 

To stop receiving email notifications for IPsec VPN errors, run the following commands. Note that the notification setting is disabled by default:

 

config alertemail setting
    set IPsec-errors-logs disable
end

 

This disables all IPsec VPN error logs, preventing these emails from being sent to the configured email addresses.