Hello, in the Fortigate GUI under IPsec Monitor, you can select a phase 2 vpn tunnel and choose “Bring up” or “Bring down”. Very useful commands, except when one doesn’t have access to the GUI. What is the CLI equivalent of these 2 actions?
I think the equivalent of “Bring down” may be “diag vpn ike gateway flush ”, can anyone confirm if this command does exactly the same thing as “Bring down”?
And also, what is the equivalent of “Bring up”?
diag vpn ike gateway flush <name> tears down the specified phase1.
diag vpn tunnel up|down <phase2-name> bring the specified phase2 up|down.
diag vpn tunnel flush should nuke all phase2s.
For all of the above, keep in mind that they may be immediately re-negotiated, depending on configuration/traffic/type of the tunnel. None of the commands guarantees that the tunnel will stay down afterwards.
You can run the below command to see the CLI commands run when you do something in the GUI, it might catch this:
diag debug enable
diag debug cli 6
This is very good to create an automation that keeps tunnels up all the time. Thank you for sharing!