Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
whyouwannaknow
New Contributor

Monitore IPSec VPN bandwidth usage (inbound/outbound) using the Fortigate CLI

Hello,

 

I have a Fortigate firewall (for security purposes, I won't tell the model and firmware version, but be sure that it's a recent one with latest version installed) and I would like to monitore the bandwidth usage of my IPSec VPN (inbound/outbound traffic).

 

What is the command that will give me that output (I don't want the bandwidth usage of a physical port like port1 or wan2), I need to check the bandwidth usage on a specific IPSec VPN. And also, is it possible to get that output in MB?

 

Thank you in advance.

 

PS: I need to have that output using CLI only not GUI.

4 REPLIES 4
whyouwannaknow
New Contributor

I found the command "diagnose netlink interface list XXX" (where XXX is the name of my IPSec VPN) but the output seems to be the overall amount of traffic that passed through the tunnel.

I would like this type of output, but having the actual usage of the traffic that goes through the tunnel when I send the command (real time).

 

Thanks.

emnoc
Esteemed Contributor III

Is it's a route-base just run any std mibs to collect in/out packets by bytes for that ifIndex.#  If you have a single policy for src/dst-subnet for example, you could also do  the following

 

http://socpuppet.blogspot.com/2014/09/howto-find-out-how-many-bps-policy-is.html

 

YMMV, you have to be creative.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Filip011
New Contributor

"I won't tell the model and firmware version". Why? So somebody can't hack you based on the model and firmware? Sigh.

They are right when they say the human stupidity is the only thing that is infinite, besides the Universe.

esalija
Staff
Staff

Hi @whyouwannaknow 

Please follow the doc to check the IPsec tunnel statistics

https://docs.fortinet.com/document/fortigate/6.4.4/administration-guide/834425/understanding-vpn-rel...

https://docs.fortinet.com/document/fortigate/6.4.4/administration-guide/44240/ipsec-related-diagnose...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955?exter...

IPsec tunnel statistics
logid="0101037141" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544131118 logdesc="IPsec tunnel statistics" msg="IPsec tunnel statistics" action="tunnel-stats" remip=10.1.100.15 locip=172.16.200.4 remport=500 locport=500 outintf="mgmt1" cookies="3539884dbd8f3567/c32e4c1beca91b36"
user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="L2tpoIPsec_0" tunnelip=10.1.100.15 tunnelid=1530910802 tunneltype="ipsec" duration=6231 sentbyte=57343 rcvdbyte=142640 nextstat=60

Best regards,

Erlin

 

Labels
Top Kudoed Authors