diagnose debug application sslvpn -1

julianhaines · ‎08-06-2024

Hi,

I am trying to debug the SSL VPN using the commands below but they only last 30 minutes, is there a way of making debug last longer or turn on at a certain point?

sw2090 · ‎08-06-2024

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-debug-duration/ta-p/191069

its a bit older so not sure if that still works in current FortiOSes.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

spoojary · ‎08-06-2024

Yes I tried and it still works fine.

Siddhanth Poojary

kumarh · ‎08-06-2024

You can refer to the following commands:
# diagnose debug application fnbamd 255
#diagnose debug duration 0 ----------------------> For unlimited duration (You can also change to specific time. Instead of 0 add any digits that will count as minute)
# diagnose debug application sslvpn -1
# diagnose debug console timestamp enable
# diagnose debug enable

Toshi_Esumi · ‎08-06-2024

Also combine below if you have too many users and want to see only one user's log.

# diag vpn ssl debug-filter src-addr4 <user_public_ip>

Toshi

jiyong · ‎08-07-2024

If you checked something trigger, I think utilizing automation would also be useful. (like eventlog or memory)

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-run-auto-script-and-send-the-output...

diagnose debug application sslvpn -1

Nominate a Forum Post for Knowledge Article Creation