January 25th, 2012 
admin Hello,
This is my first post regarding troubleshooting Fortigate devices.
To troubleshoot the VPN configuration of a Fortigate we will use the following commands:
#diag debug enable
#diag debug console timestamp en #this command shows the time-stamp
#diag debug app ike -1 # used for v4.0MR1
#diag vpn ike log-filter dst-addr4 ; #used from v4.0MR2 to the latest version
#diag debug app ike -1
<IP_PEER> is the ip of the remote peer.
To disable the VPN logging we can use:
#diag debug disable
#diag debug console timestamp dis
#diag debug app ike 0
The following commands show the active VPN tunnels:
#diag vpn tunnel list
#diag vpn gw list
