IPsec Status

The IPsec status page at Status > IPsec displays the current state of all IPsec tunnels configured on the firewall.

This page is divided into four tabs.

Overview Tab

This tab lists all enabled IPsec tunnels. Each entry contains the tunnel description, links to its settings, outer and inner IP addresses, various properties of the tunnel, counters, and current status.


Connected Tunnel with Child SA List expanded

Connected tunnels are listed first, followed by disconnected tunnels. There are buttons on each row to connect or disconnect entries manually.


Disconnected Tunnel

By default only the IKE portion of a tunnel (phase 1) is listed to keep the display compact. Click fa-plus Show child SA entries to display the child SA (phase 2) entries.

Leases Tab

Lists current usage statistics for mobile IPsec client leases from configured pools. Current and recently connected clients are also listed along with the IP address they were assigned by the firewall.


Shows the contents of the IPsec Security Association Database (SAD) which contains data about current IKE SA entries and corresponds with active phase 1 entries.

The page contains one entry in the list for each direction between public peer addresses of an active IPsec tunnel. For example, one entry for x.x.x.x to y.y.y.y and a corresponding entry for y.y.y.y to x.x.x.x.


Shows the contents of the IPsec Security Policy Database (SPD). These policies define the networks which are interesting to IPsec and corresponds with phase 2 entries.

The page contains one entry for each direction between private networks of all IPsec tunnels whether or not they are connected.