Task: IPsec (v7.3.0)
==================================================
Category: Security
Description: IKE configuration and IPsec tunnels state
New: No  |  IPv6: No

Vendor Support:
  ✓ aws
  ✗ alcatel@aos
  ✓ azure
  ✗ brocade@fastiron
  ✓ cisco@ios
  ✓ cisco@ios-xe
  ✗ cisco@nx-os
  ✗ cisco@ios-xr
  ✓ cisco@asa
  ○ cisco@wlc-air
  ○ cisco@sg
  ✗ cisco@ftd
  ○ cisco@aci
  ✗ cisco@meraki
  ✓ cisco@viptela
  ○ cisco@apic
  ✗ cisco@encs
  ○ dell@ftos
  ○ dell@powerconnect
  ○ dell@os10
  ✗ fs@fsos
  ✓ gcp
  ✗ hpe@comware
  ○ hpe@aruba
  ○ hpe@arubasw
  ✗ hpe@arubacx
  ○ hpe@3com
  ○ hpe@aruba-iap
  ○ riverbed@steelhead
  ✓ fortinet@fortigate
  ✗ fortinet@fortiswitch
  ✓ forcepoint@ngfw
  ✓ paloalto@pan-os
  ✗ paloalto@prisma
  ✓ juniper@junos
  ○ juniper@mist
  ✗ checkpoint@gaia
  ✗ checkpoint@gaia-embedded
  ○ extreme@boss
  ○ extreme@enterasys
  ○ extreme@voss
  ○ extreme@exos
  ○ arista@eos
  ○ f5@big-ip
  ✗ huawei@vrp
  ✓ mikrotik@routeros
  ○ quagga
  ○ frr
  ✓ versa@vos
  ✗ silverpeak@unity
  ✗ vmware@nsx-t
  ✗ vmware@velocloud
  ✗ ruckus@vsz
  ✗ opengear@og
  ✗ opengear@og-om
  ✓ stormshield@sn
  ✗ nokia@timos
  ✗ citrix@adc

CLI Commands:
  mikrotik@routeros: /ip/dns/cache/print detail
  forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]/<id>
  forcepoint@ngfw: GET /elements
  forcepoint@ngfw: ip -s -s -d link
  forcepoint@ngfw: sg-status -l
  fortinet@fortigate: show system interface
  fortinet@fortigate: show vpn ipsec phase1-interface
  fortinet@fortigate: show vpn ipsec phase1
  fortinet@fortigate: diagnose vpn tunnel list
  fortinet@fortigate: diagnose vpn ike gateway list
  fortinet@fortigate: get system status
  forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]/<id>/internal_gateway/<id>
  mikrotik@routeros: /ip dns cache print detail
  mikrotik@routeros: /ip address print detail
  mikrotik@routeros: /ip ipsec proposal print detail
  mikrotik@routeros: /ip ipsec profile print detail
  mikrotik@routeros: /ip ipsec installed-sa print detail
  mikrotik@routeros: /ip ipsec identity print detail
  mikrotik@routeros: /ip ipsec policy print detail
  mikrotik@routeros: /ip ipsec active-peer print detail
  mikrotik@routeros: /ip ipsec peer print detail
  stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/<active_slot>
  stormshield@sn: netstat -rn -f inet
  stormshield@sn: ifconfig -a
  stormshield@sn: monitor getsa
  stormshield@sn: monitor getikesa
  stormshield@sn: config object list type=all
  stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/slotinfo
  stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/ph2profile
  stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/ph1profile
  stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/peer
  paloalto@pan-os: show inteface all
  versa@vos: GET /vnms/dashboard/appliance/<appliance>/live?command=interfaces?deep
  versa@vos: GET /vnms/dashboard/appliance/<appliance>/live?command=orgs/org-services/<organization>/ipsec/vpn-profile?deep
  forcepoint@ngfw: GET /elements/mgt_server/<id>
  forcepoint@ngfw: GET /elements/external_gateway/<gatewayId>/external_endpoint/<endpointId>
  forcepoint@ngfw: GET /elements/external_gateway/<id>
  forcepoint@ngfw: POST /monitoring_status
  forcepoint@ngfw: GET /elements/rbvpn_tunnel/<id>
  forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]/<fwId>/internal_gateway/<gatewayId>/internal_endpoint/<endpointId>
  forcepoint@ngfw: GET /elements/gateway_profile/<id>
  azure: GET /vpnSites
  cisco@ios-xe: show run | inc qos queue-stats-frame-count
  cisco@ios-xe: show interfaces
  cisco@ios-xe: show crypto ipsec sa
  cisco@ios-xe: show crypto ikev2 sa detailed
  cisco@ios-xe: show crypto isakmp sa detail
  cisco@ios: show interfaces
  cisco@ios: show crypto ipsec sa
  cisco@ios: show crypto ikev2 sa detailed
  cisco@ios: show crypto isakmp sa detail
  cisco@asa: show crypto isakmp sa detail
  azure: GET /vpnGateways/<vpnGwName>/vpnConnection/<connectionName>/vpnLinkConnections/<linkName>/getikesas
  azure: GET /vpnGateways
  azure: GET /virtualNetworkGateways
  azure: GET /virtualNetworks
  azure: GET /publicIPAddresses
  azure: GET /localNetworkGateways
  azure: GET /connections/<connectionName>/getikesas
  azure: GET /connections
  aws: SDK ec2:DescribeVpnConnectionsCommand
  gcp: GET /compute/v1/projects/<project>/aggregated/vpnTunnels
  paloalto@pan-os: show interface <name>
  paloalto@pan-os: show vpn tunnel
  paloalto@pan-os: show vpn ipsec-sa
  paloalto@pan-os: show vpn ike-sa
  paloalto@pan-os: show vpn gateway
  paloalto@pan-os: show vpn flow tunnel-id <id>
  juniper@junos: show configuration | display set | except "^deactivate"
  juniper@junos: show security ipsec security-associations detail
  juniper@junos: show security ike security-associations detail
  aws: SDK ec2:DescribeCustomerGatewaysCommand
  gcp: GET /compute/v1/projects/<project>/aggregated/vpnGateways
  gcp: GET /compute/v1/projects/<project>/aggregated/targetVpnGateways
  gcp: GET /compute/v1/projects/<project>/aggregated/forwardingRules
  gcp: GET /compute/v1/projects/<project>/global/networks
  cisco@viptela: GET /dataservice/device/interface?deviceId=<deviceId>
  cisco@viptela: GET /dataservice/device/ipsec/ike/outbound?deviceId=<deviceId>
  cisco@viptela: GET /dataservice/device/ipsec/ike/sessions?deviceId=<deviceId>
  cisco@asa: show interfaces detail
  cisco@asa: show crypto ipsec sa

Legend: ✓=Full, ✗=Not Yet, ○=N/A