FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 225491

This article describes how to monitor the individual VPN by SNMP (OID).


OID '' is used to get the IPsec VPN Phase1 name and OID '' is used to monitor IPsec VPN Phase2. x is phase1 serial and y is phase2 serial.


Both of them are used as indexes in the VPN tunnel list, the serial number can be identified by running the CLI command  'dia vpn tunnel list':

name=p1 ver=1 serial=1> dst_mtu=0 <-- x= phase1 serial.
bound_if=5 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/528 options[0210]=create_dev frag-rfc accept_traffic=1 overlay_id=0

proxyid_num=2 child_num=0 refcnt=11 ilast=9 olast=29 ad=/0
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=p2 proto=0 sa=0 ref=1 serial=1 <-- y= phase2 serial.
src: 0:
dst: 0:
proxyid=t2 proto=0 sa=0 ref=1 serial=2 <-- y= phase2 serial.
src: 0:
dst: 0:


If this OID returns the INTEGER: 1 means the tunnel is down and INTEGER: 2, means the tunnel is up.
Monitoring the status of the IPsec tunnel is possible only for 'static' tunnels. For Dialup it is not possible to monitor the status.