FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JCPL
Staff
Staff
Article Id 368649
Description

This article describes how to reference an IPSec tunnel using the CLI.

Scope FortiGate.
Solution

In this example, the IPSec tunnel is named 'IPSECtunnel' and has five references, as displayed in the next image.

 

Picture1.png

 

Expanding the references reveals that it includes two firewall policies, one static route, and two phase 2 selectors.

 

Picture2.png

 

However, it is not always possible to access the FortiGate GUI, so the following commands are used to find the references of the IPSec tunnel through CLI.

 

diagnose sys cmdb refcnt show system.interface.name < IPsec Tunnel Name>

 

Picture3.png

 

As shown in the GUI, the tunnel has five references, however, the previous image displays only three. This suggests that the FortiGate is configured with two Phase 2 selectors. To view them, the following command can be used:

 

show vpn ipsec phase2-interface | grep  IPSECtunnel -f

 

Picture4.png

 

Use the grep command to filter phase 2 proposals containing the IPSec tunnel name.

 

Related article:

Troubleshooting Tip: Verifying FortiGate configuration object references and dependencies

Contributors