Task: IPsec (v7.9.0) ================================================== Category: Security Description: IKE configuration and IPsec tunnels state New: No | IPv6: Yes Vendor Support: ✓ aws (IPv6: ✗) ✗ alcatel@aos (IPv6: ✗) ✓ azure (IPv6: ✗) ✗ brocade@fastiron (IPv6: ✗) ✓ cisco@ios (IPv6: ✓) ✓ cisco@ios-xe (IPv6: ✓) ✗ cisco@nx-os (IPv6: ✗) ✗ cisco@ios-xr (IPv6: ✗) ✓ cisco@asa (IPv6: ✓) ○ cisco@wlc-air (IPv6: ○) ○ cisco@sg (IPv6: ○) ✗ cisco@ftd (IPv6: ✗) ○ cisco@aci (IPv6: ○) ✗ cisco@meraki (IPv6: ✗) ✓ cisco@viptela (IPv6: ✗) ○ cisco@apic (IPv6: ○) ✗ cisco@encs (IPv6: ✗) ○ dell@ftos (IPv6: ○) ○ dell@powerconnect (IPv6: ○) ○ dell@os10 (IPv6: ○) ✗ fs@fsos (IPv6: ✗) ✓ gcp (IPv6: ✗) ✗ hpe@comware (IPv6: ✗) ○ hpe@aruba (IPv6: ○) ○ hpe@arubasw (IPv6: ○) ✗ hpe@arubacx (IPv6: ✗) ○ hpe@3com (IPv6: ○) ○ hpe@aruba-iap (IPv6: ○) ○ riverbed@steelhead (IPv6: ○) ✓ fortinet@fortigate (IPv6: ✓) ✗ fortinet@fortiswitch (IPv6: ✗) ✓ forcepoint@ngfw (IPv6: ✗) ✓ paloalto@pan-os (IPv6: ✓) ✗ paloalto@prisma (IPv6: ✗) ✓ juniper@junos (IPv6: ✗) ○ juniper@mist (IPv6: ○) ✗ checkpoint@gaia (IPv6: ✗) ✗ checkpoint@gaia-embedded (IPv6: ✗) ○ extreme@boss (IPv6: ○) ○ extreme@enterasys (IPv6: ○) ○ extreme@voss (IPv6: ○) ○ extreme@exos (IPv6: ○) ○ arista@eos (IPv6: ○) ○ f5@big-ip (IPv6: ○) ○ f5@f5osa (IPv6: ○) ○ f5@f5osc (IPv6: ○) ✗ huawei@vrp (IPv6: ✗) ✓ mikrotik@routeros (IPv6: ✗) ○ quagga (IPv6: ○) ○ frr (IPv6: ○) ✓ versa@vos (IPv6: ✗) ✗ silverpeak@unity (IPv6: ✗) ✗ vmware@nsx-t (IPv6: ✗) ✗ vmware@velocloud (IPv6: ✗) ✗ ruckus@vsz (IPv6: ✗) ✗ opengear@og (IPv6: ✗) ✗ opengear@og-om (IPv6: ✗) ✓ stormshield@sn (IPv6: ✗) ✗ nokia@timos (IPv6: ✗) ✗ citrix@adc (IPv6: ✗) CLI Commands: mikrotik@routeros: /ip/dns/cache/print detail forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]/ forcepoint@ngfw: GET /elements forcepoint@ngfw: ip -s -s -d link forcepoint@ngfw: sg-status -l fortinet@fortigate: show system interface fortinet@fortigate: show vpn ipsec phase1-interface fortinet@fortigate: show vpn ipsec phase1 fortinet@fortigate: diagnose vpn tunnel list fortinet@fortigate: diagnose vpn ike gateway list fortinet@fortigate: get system status forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]//internal_gateway/ mikrotik@routeros: /ip dns cache print detail mikrotik@routeros: /ip address print detail mikrotik@routeros: /ip ipsec proposal print detail mikrotik@routeros: /ip ipsec profile print detail mikrotik@routeros: /ip ipsec installed-sa print detail mikrotik@routeros: /ip ipsec identity print detail mikrotik@routeros: /ip ipsec policy print detail mikrotik@routeros: /ip ipsec active-peer print detail mikrotik@routeros: /ip ipsec peer print detail stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/ stormshield@sn: netstat -rn -f inet stormshield@sn: ifconfig -a stormshield@sn: monitor getsa stormshield@sn: monitor getikesa stormshield@sn: config object list type=all stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/slotinfo stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/ph2profile stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/ph1profile stormshield@sn: cat /usr/Firewall/ConfigFiles/VPN/peer paloalto@pan-os: show inteface all versa@vos: GET /vnms/dashboard/appliance//live?command=interfaces?deep versa@vos: GET /vnms/dashboard/appliance//live?command=orgs/org-services//ipsec/vpn-profile?deep forcepoint@ngfw: GET /elements/mgt_server/ forcepoint@ngfw: GET /elements/external_gateway//external_endpoint/ forcepoint@ngfw: GET /elements/external_gateway/ forcepoint@ngfw: POST /monitoring_status forcepoint@ngfw: GET /elements/rbvpn_tunnel/ forcepoint@ngfw: GET /elements/[single_fw|virtual_fw|fw_cluster]//internal_gateway//internal_endpoint/ forcepoint@ngfw: GET /elements/gateway_profile/ azure: GET /vpnSites cisco@ios-xe: show run | inc qos queue-stats-frame-count cisco@ios-xe: show interfaces cisco@ios-xe: show crypto ipsec sa cisco@ios-xe: show crypto ikev2 sa detailed cisco@ios-xe: show crypto isakmp sa detail cisco@ios: show interfaces cisco@ios: show crypto ipsec sa cisco@ios: show crypto ikev2 sa detailed cisco@ios: show crypto isakmp sa detail cisco@asa: show crypto isakmp sa detail azure: GET /vpnGateways//vpnConnection//vpnLinkConnections//getikesas azure: GET /vpnGateways azure: GET /virtualNetworkGateways azure: GET /virtualNetworks azure: GET /publicIPAddresses azure: GET /localNetworkGateways azure: GET /connections//getikesas azure: GET /connections aws: SDK ec2:DescribeVpnConnectionsCommand gcp: GET compute.googleapis.com/compute/v1/projects//aggregated/vpnTunnels paloalto@pan-os: show interface paloalto@pan-os: show vpn tunnel paloalto@pan-os: show vpn ipsec-sa paloalto@pan-os: show vpn ike-sa paloalto@pan-os: show vpn gateway paloalto@pan-os: show vpn flow tunnel-id juniper@junos: show configuration | display set | except "^deactivate" juniper@junos: show security ipsec security-associations detail juniper@junos: show security ike security-associations detail aws: SDK ec2:DescribeCustomerGatewaysCommand gcp: GET compute.googleapis.com/compute/v1/projects//aggregated/vpnGateways gcp: GET compute.googleapis.com/compute/v1/projects//aggregated/targetVpnGateways gcp: GET compute.googleapis.com/compute/v1/projects//aggregated/forwardingRules gcp: GET compute.googleapis.com/compute/v1/projects//global/networks cisco@viptela: GET /dataservice/device/interface?deviceId= cisco@viptela: GET /dataservice/device/ipsec/ike/outbound?deviceId= cisco@viptela: GET /dataservice/device/ipsec/ike/sessions?deviceId= cisco@asa: show interfaces detail cisco@asa: show crypto ipsec sa Legend: ✓=Full, ✗=Not Yet, ○=N/A