Task: IPsec (v6.2.0) ================================================== Category: Security Description: IKE configuration and IPsec tunnels state New: No | IPv6: No Vendor Support: ✓ aws@ec2 ✗ alcatel@aos ✓ azure ✗ brocade@fastiron ✓ cisco@ios ✓ cisco@ios-xe ✗ cisco@nx-os ✗ cisco@ios-xr ✓ cisco@asa ○ cisco@wlc-air ○ cisco@sg ✗ cisco@ftd ○ cisco@aci ✗ cisco@meraki ✓ cisco@viptela ○ cisco@apic ○ dell@ftos ○ dell@powerconnect ○ dell@os10 ✗ fs@fsos ✗ hp@comware ○ hp@aruba ○ hp@arubasw ✗ hp@arubacx ○ hp@3com ○ hp@aruba-iap ○ riverbed@steelhead ✓ fortinet@fortigate ✓ forcepoint@ngfw ✓ paloalto@pan-os ✗ paloalto@prisma ✓ juniper@junos ○ juniper@mist ✗ checkpoint@gaia ✗ checkpoint@gaia-embedded ○ extreme@boss ○ extreme@enterasys ○ extreme@voss ○ extreme@exos ○ arista@eos ○ f5@big-ip ✗ huawei@vrp ✓ mikrotik@routeros ○ quagga ○ frr ✓ versa@vos ○ silverpeak@unity ✗ vmware@nsx-t ✗ ruckus@vsz CLI Commands: fortinet@fortigate: show vpn ipsec phase1 paloalto@pan-os: show vpn ipsec-sa paloalto@pan-os: show vpn tunnel paloalto@pan-os: show interface paloalto@pan-os: show inteface all mikrotik@routeros: /ip ipsec peer print detail mikrotik@routeros: /ip ipsec active-peer print detail mikrotik@routeros: /ip ipsec policy print detail mikrotik@routeros: /ip ipsec identity print detail mikrotik@routeros: /ip ipsec installed-sa print detail mikrotik@routeros: /ip ipsec profile print detail mikrotik@routeros: /ip ipsec proposal print detail mikrotik@routeros: /ip address print detail fortinet@fortigate: get system status fortinet@fortigate: diagnose vpn ike gateway list fortinet@fortigate: diagnose vpn tunnel list paloalto@pan-os: show vpn ike-sa fortinet@fortigate: show vpn ipsec phase1-interface forcepoint@ngfw: sg-status -l forcepoint@ngfw: ip -s -s -d link forcepoint@ngfw: GET /elements forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]/ forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]//internal_gateway/ forcepoint@ngfw: GET /elements/gateway_profile/ forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]//internal_gateway//internal_endpoint/ forcepoint@ngfw: GET /elements/rbvpn_tunnel/ forcepoint@ngfw: POST /monitoring_status forcepoint@ngfw: GET /elements/external_gateway/ forcepoint@ngfw: GET /elements/external_gateway//external_endpoint/ forcepoint@ngfw: GET /elements/mgt_server/ versa@vos: GET /vnms/dashboard/appliance//live?command=orgs/org-services//ipsec/vpn-profile?deep versa@vos: GET /vnms/dashboard/appliance//live?command=interfaces?deep cisco@ios-xe: show crypto ikev2 sa detailed aws@ec2: SDK DescribeVpnConnectionsCommand azure: GET /connections azure: GET /connections//getikesas azure: GET /localNetworkGateways azure: GET /publicIPAddresses azure: GET /virtualNetworks azure: GET /virtualNetworkGateways azure: GET /vpnGateways azure: GET /vpnGateways//vpnConnection//vpnLinkConnections//getikesas azure: GET /vpnSites cisco@ios: show crypto isakmp sa detail cisco@ios: show crypto ikev2 sa detailed cisco@ios: show crypto ipsec sa cisco@ios: show interfaces cisco@ios-xe: show crypto isakmp sa detail aws@ec2: SDK DescribeCustomerGatewaysCommand cisco@ios-xe: show crypto ipsec sa cisco@ios-xe: show interfaces cisco@ios-xe: show run | inc qos queue-stats-frame-count cisco@asa: show crypto isakmp sa detail cisco@asa: show crypto ipsec sa cisco@asa: show interfaces detail cisco@viptela: GET /dataservice/device/ipsec/ike/sessions?deviceId= cisco@viptela: GET /dataservice/device/ipsec/ike/outbound?deviceId= cisco@viptela: GET /dataservice/device/interface?deviceId= juniper@junos: show security ike security-associations detail juniper@junos: show security ipsec security-associations detail juniper@junos: show configuration | display set | except "^deactivate" paloalto@pan-os: show vpn flow tunnel-id paloalto@pan-os: show vpn gateway Legend: ✓=Full, ✗=Not Yet, ○=N/A