FORTIGATE - SSLVPN Troubleshoot: Difference between revisions
From IT-Arts.net
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' " |
No edit summary |
||
| Line 2: | Line 2: | ||
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | ||
== SSL VPN debug command == | == SSL VPN debug command == | ||
Latest revision as of 13:17, 17 January 2026
SSL VPN debug command
Use the following diagnose commands to identify SSL VPN issues. These commands enable debugging of SSL VPN with a debug level of -1 for detailed results.
diagnose debug application sslvpn -1 diagnose debug enable
The CLI displays debug output similar to the following:
[282:root]SSL state:before/accept initialization (172.20.120.12) [282:root]SSL state:SSLv3 read client hello A (172.20.120.12) [282:root]SSL state:SSLv3 write server hello A (172.20.120.12) [282:root]SSL state:SSLv3 write change cipher spec A (172.20.120.12) [282:root]SSL state:SSLv3 write finished B (172.20.120.12) [282:root]SSL state:SSLv3 flush data (172.20.120.12) [282:root]SSL state:SSLv3 read finished A:system lib(172.20.120.12) [282:root]SSL state:SSLv3 read finished A (172.20.120.12) [282:root]SSL state:SSL negotiation finished successfully (172.20.120.12) [282:root]SSL established: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
To disable the debug :
diagnose debug disable diagnose debug reset
Remote User Authentication Debug Command
Use the following diagnose commands to identify remote user authentication issues :
diagnose debug application fnbamd -1 diagnose debug enable
Use the following diagnose commands to identify SAML user authentication issues :
diagnose debug application samld -1 diagnose debug enable
