FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to debug flow for traffic passing through IPsec tunnel.
Solution
id=20085 trace_id=671 func=print_pkt_detail line=5304 msg="vd-Internet received a packet(proto=1, 172.17.148.146:1->192.168.51.135:2048) from Inside-LAN-Int. type=8, code=0, id=1, seq=4720."<----- Has to match quick mode selectors (172.17.148.146:1->192.168.51.135:2048 ).
id=20085 trace_id=671 func=init_ip_session_common line=5463 msg="allocate a new session-301c0585" <----- New session gets created. id=20085 trace_id=671 func=vf_ip4_route_input line=1599 msg="find a route: flags=00000000 gw-192.168.51.135 via VPN_new" <----- Route match. id=20085 trace_id=671 func=fw_forward_handler line=737 msg="Allowed by Policy-5: SNAT" <----- Traffic allowed by VPN policy. id=20085 trace_id=671 func=__ip_session_run_tuple line=3208 msg="SNAT 172.17.148.146->192.168.200.200:60417" id=20085 trace_id=671 func=ipsecdev_hard_start_xmit line=583 msg="enter IPsec interface-VPN_new" " <----- Traffic entering the tunnel. id=20085 trace_id=671 func=esp_output4 line=1178 msg="IPsec encrypt/auth <----- Traffic encrypted and sent through tunnel.
