Updated: 2022 You can't really debug VPN problems with static show commands, if VPN fails to function you HAVE to see it happening real-time. Below I list few debug commands to do just that for IPSEC site-to-site tunnels in Fortigate. Here: 192.168.168.254 - IP address on the LAN …

Many times there is more than one solution to the problem, and the most obvious is not the best one. I reminded myself this when came to my care Fortigate 60 unit that was periodically blocking traffic, you know this not-saying-much system alert "..has reached connection limit" and then no …