If you want to troubleshoot issues with a branch office VPN tunnel for a period of time longer than set in the VPN Diagnostic Report, it can be useful to look at the log messages to find information about the status of the VPN connection. You can use the gateway IP addresses that appear in the log message header to filter the log messages.
Branch office VPN log messages have a header that shows the IP addresses of the local and remote gateway. The format of the header is:
To see log messages from your XTM device as they are generated, select Dashboard > Traffic Monitor. You can then use the IP address of a gateway endpoint to filter the log messages so only the log messages related to a specific gateway appear in the Traffic Monitor list.
To filter your log messages on a specific gateway, in the filter text box, type the IP address of the local or remote VPN gateway.
For more information, see Traffic Monitor.
To see more detailed log messages, you can change the diagnostic log level that is specified for IKE traffic in the diagnostic log level settings for the VPN category. When you increase the IKE diagnostic log level, the log file contains diagnostic log messages for all branch office VPN gateways. If you have several VPN gateways, you can filter the log messages by the gateway IP address to see only the log messages for a specific gateway.
In Fireware XTM v11.9 and higher, you can disable a BOVPN gateway or BOVPN virtual interface. If another VPN endpoint attempts to negotiate a tunnel with a disabled BOVPN gateway or virtual interface, tunnel negotiation fails. When this happens, an Information level log message indicates that the IKE policy for the gateway is not enabled. To see this log message, the diagnostic log level for VPN log messages must be set to Information or Debug.
For more information about how to set the diagnostic log level, see Set the Diagnostic Log Level.
Use the VPN Diagnostic Report