Statistics IPSec
Remote IP
The remote IP address of the IPSec SA.
Encryption
The encryption algorithm that the IPSec SA employs.
Authentication
The authentication algorithm that the IPSec SA employs.
Used time (s)
The past time since the IPSec SA is established.
Life time (s)
The time interval (in seconds) that the secret key of the IPSec SA is
valid during. For the expiration of a key, IKE Phase 2 is performed auto-
matically to establish a new IPSec SA (a new key is negotiated). The
value here is equal to value of Keylife of the correspondent Phase 2 con-
figuration.
Change time (s)
The time point that system starts to establish a new IPSec SA for
replacing the current IPSec SA which is going to expire. New IPSec SA
will be prepared in advance so that it takes over the expired IPSec SA in
time. This value is related to Life time and determined by system.
Status
States of the IPSec SA:
l larval: an IKE Phase 2 is in progress to establish an IPSec SA
l mature: the IPSec SA is established and still within validity
l dying: the IPSec SA is about to expire, and another IKE Phase 2 is in
progress for taking over
l dead: the connectivity between two endpoints communicating through
the IPSec SA is down; the peer is unavailable.
Security Policy Database
List information of Quick Mode selector of each IPSec SA and the related time stamps.
Name
The unique name of the IPSec SA (the name configured to the Phase 2)
Source[port]
For IPSec in Tunnel mode, this is the Source and Source Port of the
Quick Mode selector of the IPSec SA (the Source and Port configured to
the Phase 2).
For IPSec in Transport mode, this is the source IP address of the Tunnel
Routing packets (GRE encapsulated), which is equal to the Local IP of
the IPSec SA (the Local IP configured to the Phase 1). Port information
will not be list for this case.
252 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
