IPSec VPN PSK

If you copy the config from the existing fortigate into the new then the psk will be copied over. You still won' t know what it is, but it should work. Is this a system you configured or inherited? Do you have any idea what the psk might be? If you can make an educated guess, you can prove if you are right in the cli. Compare the existing encoded psk

show vpn ipsec phase1 (-interface)  edit my-ipsec-tunnel  [..]      set psksecret ENC <existing psk encoded>  next  end

then enter what you think it is

config vpn ipsec phase1 (-interface)  edit my-ipsec-tunnel      set psksecret new-secret-dont-tell  end

and check if they match

show vpn ipsec phase1 (-interface)  edit my-ipsec-tunnel  [..]      set psksecret ENC <new psk encoded>  next  end

If the two encoded strings match, you know the psk.

I inherited it and do not have a clue what the current configured PSK' s are. I was hopeful there was a way to de-hash the value and be able to view it for documentation purposes.

I' m not suggesting you try to guess on an inherited system, unless you have some good clues handy. Can you change the psk? (Obviously you need to do both ends). The outage to the tunnel shouldn' t be long. If you have admin access you can do the remote end (tunnel breaks), then your end and it should come up fine.

That looks like my only option at this time. I had hope to not have to go this route as I have about 12 S2S I will have to coordinate to rebuild with new PSK.