Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
5q46n2te8jPWJY
Contributor

Created on ‎06-26-2024 07:16 AM

Increasing Log Visibility for IPSEC VPN Issues on VDOM in Fortigate 7.4.4

Hello,

 

I am a user of Fortigate 7.4.4. I have an architecture based on a root VDOM, where my WAN connections arrive, and then interconnection links with my child VDOMs (as shown in this diagram visible in the Fortigate documentation).

 

4b71aa7a1dc7259b927ed41ff8afe22f_Topology_Inter VDOM Routing Ex_Internet access_Updated-01 (1).png

My infrastructure is shared with a client. My client wants to set up an IPSEC VPN on their VDOM but is encountering problems and needs logs.

 

The logs are not very verbose, and there are even no logs in the FortiGate GUI for their VDOM. I have to use the CLI (still within their VDOM) to provide them with traces. What can I do to give my client more visibility?

 

Thank you for your help.

Labels:
938
0 Kudos
1 Solution
Quint021
Staff
Staff
In response to 5q46n2te8jPWJY

Created on ‎07-01-2024 05:16 AM

Hello @5q46n2te8jPWJY,

By design, the VPN event logs provide a generic overview/error messages of issues concerning the VPN but ultimately you will require CLI debugs to obtain more detailed information when investigating.

Best Regards,

View solution in original post

809
5 REPLIES 5
fricci_FTNT
Staff
Staff

Created on ‎06-26-2024 07:44 AM

Hi @5q46n2te8jPWJY ,

 

Your client could use the debug commands from CLI to troubleshoot, they are more useful than simple logs:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955


Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
929
5q46n2te8jPWJY
Contributor
In response to fricci_FTNT

Created on ‎06-27-2024 02:11 AM

Yes, I already read that. But my client don't want to use CLI and want to use GUI logs. Is there a way he can use ?

864
0 Kudos
Quint021
Staff
Staff
In response to 5q46n2te8jPWJY

Created on ‎07-01-2024 05:16 AM

Hello @5q46n2te8jPWJY,

By design, the VPN event logs provide a generic overview/error messages of issues concerning the VPN but ultimately you will require CLI debugs to obtain more detailed information when investigating.

Best Regards,

810
fricci_FTNT
Staff
Staff
In response to 5q46n2te8jPWJY

Created on ‎07-01-2024 06:00 AM

Hi @5q46n2te8jPWJY ,

 

As previously suggested the CLI provides you much more useful outputs for troubleshooting. If your customer wants to use only GUI logs, they will be very limited in troubleshooting, majority of the debug outputs are available only from CLI.

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
797
smkml
Staff
Staff

Created on ‎06-26-2024 11:37 PM

Hi @5q46n2te8jPWJY ,

 

Kindly refer below KB where it might be thing that you are looking for.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-stop-sending-logs-to-FortiAnalyzer-...

875
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.