Hiho,
unfortunately the FGTs seem to still ignore IKE Debug Log Filters. No matter if I set "diag vpn ike log-filter name ..." or "diag vpn ike log filter name ..." or "diag vpn ike filter name ..." or all four even, still if I switch on "diag application ike -1" and then "diag debug enable" I get the log outputted unfiltered even though there should be filters now. I see them if I use the corresponding option "list" to output the corresponding filter list.
This is very annoying as it makes ipsec debugging very hard once you have some more tunnels :(
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
sw2090 wrote:the last time i used it it did not really work :(
I set: diag vpn ike log filter name "name-of-phase1"
and then started diag debug app ike -1
And in the output I still see a lot of lines that contain different p1 names. I wouldn't mind lines with no name because e.g. the handshake of the proposals at the beginning of p1 doesn't have a name yet.
But I would like to be able to filter all containing either no name or the given p1 name and that at my side did not work.
Just tried again...does not work...diag debug app ike -1 seems not to care for that filter
I agree, this would be very useful to have. Open a ticket with Fortinet, so they see that people actually want this.
I did just that long time ago and TAC then told me that's a known bug...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090 wrote:Apparently, now it is "by design".I did just that long time ago and TAC then told me that's a known bug...
They should update the documentation to reflect the actual functionality or fix the filter.
I am afraid that if we, the customers, are not persistent, Fortinet will never address the things that we actually care about, but instead cram in another feature that only a minor subset of their customer base cares about.
would be nice to be fixed in 2021.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1029 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.