Sunday, February 1, 2015

Fortigate how to dumpsa information IPSEC

A cool command that's available from the cli  for IPSEC SA ids,   dumpsa


diag vpn   tunnel  dumpsa

Why this command is great, it only show you SA related details for all active tunnels. A simple command to get the SPI for in/out and  by  the defined phase2 configurations.

e.g ( if the ipsec tunnel is up  details similar to this will be present)

Pretty  & everything you need outside of packet tx/rcv and bytes sent/received has been provided.
  •    IPSEC-PH2  details
  •    SPI
  •    cipher type
  •    src/dst subnets
  •    phase2 name
  •    ipsec key-life 

Ken Felix
Freelance Network/Security Engineer
kfelix  -----a----t---- socpuppets ---dot---com

    ^    ^
=( #  # )=
      /   \

No comments:

Post a Comment