Use the VPN Diagnostic Report

You can use the VPN Diagnostic Report to see configuration and status information about a gateway and its associated tunnels for a period of time. This is helpful if you want to troubleshoot a branch office VPN tunnel problem.

To run the VPN diagnostic report:

  1. Select System Status > Diagnostics.
    The Diagnostics page appears.
  2. Click the VPN tab.
  3. From the Gateway drop-down list, select a branch office VPN gateway.
  4. In the Duration text box, type or select a duration for the test.
  5. Click Start Report.

The Firebox or XTM device temporarily increases the log level for the selected gateway and collects log messages for the specified duration. The finished report shows the gateway and tunnel configuration, and information about the status of any active tunnels for the selected gateway.

The VPN Diagnostic Report presents information in six sections:

Gateway Summary

This section shows a summary of the gateway configuration, and each configured gateway endpoint.

Tunnel Summary

This section shows a summary of the tunnel configuration for all tunnels that use the selected gateway. This includes both active and inactive tunnels.

Run-time Info (bvpn routes)

When you run the diagnostic report for a BOVPN virtual interface, this section shows the static and dynamic routes that use the selected BOVPN virtual interface, and the metric for each route.

Run-time Info (gateway IKE_SA)

This section shows information about the status of the IKE (Phase 1) security association for the selected gateway.

Run-time Info (tunnel IPSEC_SA)

This section shows information about the status of the IPSec tunnel (Phase 2) security association for active tunnels that use the selected gateway.

Run-time Info (tunnel IPSec_SP)

This section shows information about the status of the IPSec tunnel (Phase 2) security policy for active tunnels that use the selected gateway.

Related Logs

This section shows tunnel negotiation log messages, if a tunnel negotiation occurs during the time period that you run the diagnostic report. This section can show more informative log messages if the remote device attempts to negotiate or rekey the tunnel while the report runs.

See Also

Filter Branch Office VPN Log Messages

Use the BOVPN Configuration Reports

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base