To check the status of the VPN tunnels on the Fortigate device

The "get vpn ipsec tunnel summary" command is used in the CLI (Command Line Interface) of a Fortigate device to retrieve a summary of the IPsec VPN tunnels configured on the device. This command provides essential information about each VPN tunnel, including its current status, uptime, data transfer statistics, and more.

To use this command:

1. Access the CLI of your Fortigate device. This typically involves connecting to the device via SSH or accessing the console directly.

2. Enter the command "get vpn ipsec tunnel summary" and press Enter.

3. The device will display the summary information for all configured IPsec VPN tunnels.

Here's an example of what the output might look like:

Fortigate-Device # get vpn ipsec tunnel summary

Tunnel Name     Local Gateway      Remote Gateway     Phase 1 Status    Phase 2 Status    Uptime       Data Transferred
-------------   --------------     --------------     --------------    --------------    ----------   -----------------
VPN-Tunnel-1    203.0.113.10       198.51.100.20     Established       Established       12h:35m:42s  500.2 MB
VPN-Tunnel-2    203.0.113.10       203.0.113.20      Established       Down              1d:2h:15m:20s  1.2 GB

In this example:

• "Tunnel Name": Name of the VPN tunnel.
• "Local Gateway": Local IP address of the FortiGate device.
• "Remote Gateway": Remote IP address of the peer device.
• "Phase 1 Status": Status of Phase 1 negotiation (usually "Established" or "Down").
• "Phase 2 Status": Status of Phase 2 negotiation (usually "Established" or "Down").
• "Uptime": Duration since the tunnel was established.
• "Data Transferred": Amount of data transferred through the tunnel.

This summary can help you quickly assess the status of your VPN tunnels.

The "diagnose vpn tunnel list" command is used in the CLI (Command Line Interface) of a Fortigate device to list all VPN tunnels along with detailed information about each tunnel. This command provides comprehensive information about each VPN tunnel, including tunnel ID, local and remote gateway addresses, phase 1 and phase 2 status, encryption algorithms, NAT traversal (NAT-T) status, and data transfer statistics.

To use this command:

Here's an example of what the output might look like:

Fortigate-Device # diagnose vpn tunnel list

tunnel_list
-----------

tunnel_id     |    local-gw   | remote-gw     | phase-1-status | phase-2-status | enc-algorithm | nat-traversal | data-transfer
------------- | --------------| --------------| ---------------| ---------------| --------------| --------------| --------------
1             | 203.0.113.10  | 198.51.100.20 | established    | established    | aes256        | enabled       | 500.2 MB
2             | 203.0.113.10  | 203.0.113.20  | established    | down           | aes256        | enabled       | 1.2 GB

In this example:

• "tunnel_id": Unique identifier for the VPN tunnel.
• "local-gw": Local IP address of the Fortigate device.
• "remote-gw": Remote IP address of the peer device.
• "phase-1-status": Status of Phase 1 negotiation (usually "established" or "down").
• "phase-2-status": Status of Phase 2 negotiation (usually "established" or "down").
• "enc-algorithm": Encryption algorithm used for the VPN tunnel.
• "nat-traversal": Status of NAT traversal (usually "enabled" or "disabled").
• "data-transfer": Amount of data transferred through the tunnel.