This error is usually seen when the configuration being applied on the IPSec tunnel is not supported.

There are a few possible reasons for seeing the error -9999 on GUI as it is a generic error message. To get more information on the error message, try making the same change through the CLI as it will show the detailed error message.

One of the popular reasons is changing the tunnel type once the tunnel is configured. If making the change from GUI it will show the error message as shown in the screenshot above. Making the same change through CLI will show the detailed description of the error as below.

It also shows the error message -9999 on GUI if the pre-shared key is configured with characters/symbols that are not supported on the IPSec tunnel.

Note: From the v7.6.0 option a new update is provided where the changes not supported on the IPSec tunnel are grayed out to further avoid confusion. In the below image, the option to change the tunnel type is grayed out as it is not allowed once the tunnel is configured.