This recipe describes how to decrypt Encapsulated Security Payload (ESP) traffic on a FortiGate using the Security Association (SA) information from diag vpn tunnel list. This is useful for tracking whether the FortiGate is properly encrypting/decrypting IPsec VPN packets, and whether there is any packet loss. This recipe assumes that NPU offloading is disabled on phase1-interface...
↧