Fortigate - IPSEC VPN

Every once in a while you may experience some issues with certain IPSec VPN tunnels. For this reason it might be useful to know how to clear SA sessions that are stuck.**

To flush a tunnel use the following command:

diag vpn tunnel flush <phase1 name>

It is very important to specify the phase1 name, if you forget to specify this the Fortigate will flush ALL tunnels.

You can also reset a tunnel, in this case the Fortigate will completely re-negotiate the IPSec VPN:

diag vpn tunnel reset <phase1 name>

As with the flush do not forget the phase1 name or you will reset all your tunnels.


Sources:

  • https://itzecurity.blogspot.com/2013/07/ipsecvpn-flush-and-reset-tunnels.html