Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Wallerson
Staff
Staff

Created on ‎09-02-2024 07:43 AM Edited on ‎05-12-2025 11:52 PM By Community Manager

Article Id 338436

Troubleshooting Tip: How to filter logs for ADVPN Shortcut tunnels on the FortiGate

Description This article describes how to filter VPN logs on the FortiGate (in both the GUI and the CLI) to show/hide ADVPN Shortcut tunnels (versus regular IPsec tunnels and/or the parent ADVPN tunnels).
Scope FortiGate v7.2 and above.
Solution

In the FortiGate GUI, the ADVPN Shortcut field can be used to filter VPN event logs (Log & Report -> System Events -> VPN Events) to include/exclude ADVPN Shortcut tunnels (aka dynamic spoke-to-spoke tunnels). This can be done in two ways:

  • Option 1: In the search bar, specify ADVPN Shortcut, then specify either 0 (log IS NOT for a shortcut tunnel) or 1 (log IS for a shortcut tunnel).
  • Option 2: Add the ADVPN Shortcut column to the VPN Event log table (see steps further below).

In the CLI, the advpnsc log field can be used to filter for logs that are/not ADVPN shortcuts. For example:

 

execute log filter category event

execute log filter field advpnsc <0 or 1>

execute log display

 

Note that this field may also be used when filtering FortiGate logs on FortiAnalyzer.

 

For more information on filtering/displaying logs in the FortiGate CLI, refer to the following KB article: Technical Tip: Displaying logs via FortiGate's CLI

 

Adding the ADVPN Shortcut column to the GUI

 

The ADVPN Shortcut column is hidden by default, and it can be useful for troubleshooting ADVPN issues on Spoke FortiGates. In particular, it can be useful for identifying which tunnels are shortcuts to other spokes vs. which tunnels go to the ADVPN Hub(s), especially when spokes have multiple redundant links and/or a lot of spoke-to-spoke communication. To add the column to the GUI:

 

  1. In the Spoke FortiGate GUI, navigate to Log & Report -> System Events, then select the VPN Events section.
  2. Right-click on the top header bar, find and select ADVPN Shortcut in the Select Columns list, then select the Apply button.

 

01.png

 

  1. The ADVPN Shortcut column should now be displayed. A value of 1 will be displayed for all established spoke-to-spoke shortcut tunnels, whereas a value of 0 means that this is not a shortcut tunnel:

 

02.png

 

  1. It is possible to filter logs further by selecting the funnel icon next to the column name. For example, filtering for '1' results in logs only being displayed for shortcut tunnels:

 

3.png

 

Important Note: 

On the Hub side, the ADVPN Shortcut column will always display '0' because shortcut tunnels are only ever established between ADVPN Spokes.
613
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.