Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arrehaman
New Contributor

debugging of the SSLVPN negotiation

The CLI real-time debugger allows monitoring of the SSLVPN negotiation:
diagnose debug enable
diagnose debug application sslvpn -1
(now try to establish the SSLVPN connection)
(once the negotiation is done or stopped you can disable the debugger)
diagnose debug application sslvpn 0
diagnose debug disable

MovieBox Pro app TopFollow app
4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Is there any KB explaining how to read/decipher the sslvpn debug output to troubleshoot?

 

Toshi

priariver
New Contributor

Overall, troubleshooting SSLVPN issues can be complex and challenging. It's important to have a good understanding of SSLVPN technology and debug output to effectively troubleshoot issues. You can Use Wireshark to analyze SSL traffic: Wireshark is a free and open-source network protocol analyzer that can capture and analyze SSL traffic. By capturing SSL traffic using Wireshark, you can analyze the traffic and identify any issues with the SSLVPN connection.

 

---------

Moviebox Pro

Toshi_Esumi

The interface level of all SSL VPN negotiation after TCP is established is encrypted with TLS on both sides at the FGT and the client machine. Not much you can see with Wireshark. That's why I asked the question in 2021.

 

Toshi

akanibek

Hi @priariver

@Toshi_Esumi  is right, after having experience maybe he responded correctly. We can see on the Wireshark everything before tls established, nothing after we are not able to see, it is encrypted. 

Asset
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors