Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

debugging of the SSLVPN negotiation

The CLI real-time debugger allows monitoring of the SSLVPN negotiation:
diagnose debug enable
diagnose debug application sslvpn -1
(now try to establish the SSLVPN connection)
(once the negotiation is done or stopped you can disable the debugger)
diagnose debug application sslvpn 0
diagnose debug disable

Esteemed Contributor III

Is there any KB explaining how to read/decipher the sslvpn debug output to troubleshoot?



New Contributor

Overall, troubleshooting SSLVPN issues can be complex and challenging. It's important to have a good understanding of SSLVPN technology and debug output to effectively troubleshoot issues. You can Use Wireshark to analyze SSL traffic: Wireshark is a free and open-source network protocol analyzer that can capture and analyze SSL traffic. By capturing SSL traffic using Wireshark, you can analyze the traffic and identify any issues with the SSLVPN connection.



Moviebox Pro

Esteemed Contributor III

The interface level of all SSL VPN negotiation after TCP is established is encrypted with TLS on both sides at the FGT and the client machine. Not much you can see with Wireshark. That's why I asked the question in 2021.




Hi @priariver

@Toshi_Esumi  is right, after having experience maybe he responded correctly. We can see on the Wireshark everything before tls established, nothing after we are not able to see, it is encrypted.