My current approach is to do a packet capture on the SSL VPN client remote IP to see if their packets are TCP or UDP. Is there a way to query the FortiGate for this? My search for an answer on the Internet comes up empty.
I found no SSL-VPN-specific diagnostic command, or any GUI dashboard status, that would show the type of the connection.
The only two places which show the difference I found are:
- session table: the traffic session for —> fgt-ip:sslvpn-port will show TCP or UDP.
- VPN log event ID 39947 (“SSL VPN tunnel up”, action=tunnel-up) will show Reason=“DTLS tunnel established” for DTLS connection only
With the two above, be aware that there is always an initial standard TLS connection for authentication and setup, followed by the actual tunnel session (DTLS or TLS), so you will always see one TCP connection at the beginning regardless of the final connection type.
I believe the VPN connection logs will indicate if they’re using DTLS or not. I remember building out a ELK dashboard showing this a few years back but not longer work for that company so can’t check off hand.