The CLI real-time debugger allows monitoring of the SSLVPN negotiation:
diagnose debug enable
diagnose debug application sslvpn -1
(now try to establish the SSLVPN connection)
(once the negotiation is done or stopped you can disable the debugger)
diagnose debug application sslvpn 0
diagnose debug disable
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is there any KB explaining how to read/decipher the sslvpn debug output to troubleshoot?
Toshi
Overall, troubleshooting SSLVPN issues can be complex and challenging. It's important to have a good understanding of SSLVPN technology and debug output to effectively troubleshoot issues. You can Use Wireshark to analyze SSL traffic: Wireshark is a free and open-source network protocol analyzer that can capture and analyze SSL traffic. By capturing SSL traffic using Wireshark, you can analyze the traffic and identify any issues with the SSLVPN connection.
---------
The interface level of all SSL VPN negotiation after TCP is established is encrypted with TLS on both sides at the FGT and the client machine. Not much you can see with Wireshark. That's why I asked the question in 2021.
Toshi
Hi @priariver,
@Toshi_Esumi is right, after having experience maybe he responded correctly. We can see on the Wireshark everything before tls established, nothing after we are not able to see, it is encrypted.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.