Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ted
Staff
Staff

Created on ‎06-09-2023 01:12 AM Edited on ‎11-19-2024 10:22 PM By Staff

Article Id 259618

Technical Tip: How to configure psksecret with leading 0x

Description

This article describes how to configure psksecret with leading 0x.
Scope FortiGate.
Solution

An IKE password starting with '0x' is interpreted as HEX to comply with RFC 4306, which requires the ability to define a HEX encoding. So FortiGate regards psksecret starting with '0x' as a hex-encoded value.

 

For instance, if configuring psksecret with '0x466f7274696e6574', then FortiGate regards it as hex-encoded '466f7274696e6574'.

 

config vpn ipsec phase1-interface

    edit "phase1-interface"

        set psksecret 0x466f7274696e6574

    next

end

 

If it is wanted to have a string password start with 0x, then it is necessary to add an extra 0 at the beginning of the string.

 

For instance, if configuring psksecret with '00x466f7274696e6574', then FortiGate regards it as a string '0x466f7274696e6574', not hex-encoded.

 

config vpn ipsec phase1-interface

    edit "phase1-interface"

        set psksecret 00x466f7274696e6574

    next

end

 

Related document:

FortiOS CLI Reference: config vpn ipsec phase1-interface
1866
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.