Description |
This article describes how to reference an IPSec tunnel using the CLI. |
Scope | FortiGate. |
Solution |
In this example, the IPSec tunnel is named 'IPSECtunnel' and has five references, as displayed in the next image.
Expanding the references reveals that it includes two firewall policies, one static route, and two phase 2 selectors.
However, it is not always possible to access the FortiGate GUI, so the following commands are used to find the references of the IPSec tunnel through CLI.
diagnose sys cmdb refcnt show system.interface.name < IPsec Tunnel Name>
As shown in the GUI, the tunnel has five references, however, the previous image displays only three. This suggests that the FortiGate is configured with two Phase 2 selectors. To view them, the following command can be used:
show vpn ipsec phase2-interface | grep IPSECtunnel -f
Use the grep command to filter phase 2 proposals containing the IPSec tunnel name.
Related article: Troubleshooting Tip: Verifying FortiGate configuration object references and dependencies |