Verifying tunnels

GRE tunnels

To check whether the unencrypted GRE tunnel is functioning between both firewalls:

  1. Disable the IPSec rule on each site by turning it off.
  2. Activate the IPSec policy.
  3. From a workstation on the local network of site A, ping a host located on the local network of site B.
    This host should respond to requests.

Encrypted GRE tunnel in an IPSec tunnel

On each firewall:

  1. Enable the IPSec rule by turning it on:
  2. Activate the IPSec policy.
  3. From a workstation on the local network of site A, ping from a host located on the local network of site B.
    This host should respond to requests.

Verification from the web interface on firewalls

In the firewall web administration interface, click on Monitoring > IPsec VPN tunnel monitoring.
The window displays tunnels that have been set up as well as details about these tunnels:

  • Name of the tunnel's local endpoint,
  • Name of the tunnel's remote endpoint,
  • Lifetime,
  • Bytes in,
  • Bytes out,
  • Status of the tunnel,
  • Encryption algorithm used,
  • Authentication algorithm used.

Logs about the setup of the IPSec tunnel can be looked up in the Monitoring > Logs - Audit logs > VPN tab.