IPsec Status¶
The IPsec status page at Status > IPsec displays the current state of all IPsec tunnels configured on the firewall.
This page is divided into four tabs.
See also
Overview Tab¶
This tab lists all enabled IPsec tunnels. Each entry contains the tunnel description, links to its settings, outer and inner IP addresses, various properties of the tunnel, counters, and current status.
Connected Tunnel with Child SA List expanded¶
Connected tunnels are listed first, followed by disconnected tunnels. There are buttons on each row to connect or disconnect entries manually.
Disconnected Tunnel¶
By default only the IKE portion of a tunnel (phase 1) is listed to keep the
display compact. Click 
Show child SA entries to display the child
SA (phase 2) entries.
Leases Tab¶
Lists current usage statistics for mobile IPsec client leases from configured pools. Current and recently connected clients are also listed along with the IP address they were assigned by the firewall.
SAD Tab¶
Shows the contents of the IPsec Security Association Database (SAD) which contains data about current IKE SA entries and corresponds with active phase 1 entries.
The page contains one entry in the list for each direction between public peer
addresses of an active IPsec tunnel. For example, one entry for x.x.x.x to
y.y.y.y and a corresponding entry for y.y.y.y to x.x.x.x.
SPD Tab¶
Shows the contents of the IPsec Security Policy Database (SPD). These policies define the networks which are interesting to IPsec and corresponds with phase 2 entries.
The page contains one entry for each direction between private networks of all IPsec tunnels whether or not they are connected.