Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AnthonyH
Staff
Staff

Created on ‎04-29-2025 07:15 AM

Article Id 389644

Troubleshooting Tip: Error when unsetting Local Gateway 6 '-651 input value is invalid.' in GUI

Description This article describes an issue where trying to remove the Local Gateway IPv6 address from the IPSec configuration in GUI displays the error message '-651 input value is invalid'.
Scope FortiGate.
Solution

When an IPSec tunnel has been configured with a local gateway 6 address, the issue '-651 input value is invalid' may be encountered when attempting to unset the configuration.

 

IPsec-local-gateway-6.JPG

 

config vpn ipsec phase1-interface

    edit "VPN_Access"

        set type dynamic

        set interface "wan1"

        set ip-version 6

        set local-gw6 2001:1:1::101

        set peertype any

        set net-device disable

        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

        set dpd on-idle

        set psksecret ENC <PasswordMask>

        set dpd-retryinterval 60

    next

end

 

The local gateway 6 address can be unset in the CLI:

 

config vpn ipsec phase1-interface

    edit "VPN_Tunnel_Name"

        unset local-gw6

    next

end

 

For further investigation, open a ticket with the collected HTTPS debugs using the Fortinet Support Tool.
327
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.