Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hazim
Staff
Staff

Created on ‎02-26-2023 11:59 PM Edited on ‎09-24-2023 08:57 PM By Community Manager

Article Id 247271

Technical Tip: Restore the FortiGate configuration and IPsec VPN missing

Description

This article describes how to restore the FortiGate configuration and IPsec VPN missing with the error:

'vpn.ipsec.phase1-interface'.Test-IPSec-VPN:failed command'
Scope FortiGate version 6.4, 7.0, and 7.2 above.
Solution

When restoring the FortiGate configuration and found in the config error log as below: 

 

KVM # diagnose debug config-error-log read

>>> "next" @ 4162:vpn.ipsec.phase1-interface.Test-IPSec-VPN:failed command (error 1)

 

This is due to the password policy being enabled for IPsec VPN pre-shared key as below:

 

# config system password-policy
    set status enable
    set apply-to ipsec-preshared-key
    set minimum-length 15
end

 

Remove this password policy in the configuration file and restore back the configuration file to the FortiGate.

 

After the restore, it will be possible to retrieve the IPsec configuration as expected. 

 

If it is needed to apply the 'password policy' again, it can be configured through GUI as shown below :

 

passwordpolicy.PNG
857
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.