Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
janonuevo
Staff
Staff

Created on ‎10-02-2024 02:09 AM

Article Id 342645

Troubleshooting Tip: IKE negotiation error between FortiGate and Sonicwall

Description This article describes how to deal with the IKE negotiation error between FortiGate and Sonicwall.
Scope FortiOS v7.
Solution

CLI commands:


diagnose debug reset
diagnose vpn ike log filter clear
diagnose vpn ike log filter name "IPsec_Tunnel_Name"
diagnose debug application ike -1
diagnose debug enable

 

  1. If the IKE debug message contains the error 'probable pre-shared secret mismatch'.

 

Solution:
Check if the 'Peer ID' on FortiGate matches the 'Local IKE ID' on Sonicwall.

 

On FortiGate:

 

Fortigate1.JPG

 

On Sonicwall:


Sonicwall1.JPG

 

  1. If the IKE debug message contains a 'malformed responder cookie'.

     

     

Solution: (If FortiGate is behind the NAT device).
Check if the 'Peer IKE ID' configured on Sonicwall is the IPv4 interface IP of FortiGate connected to the uplink device.

 

On FortiGate:

                                                      
Fortigate2.JPG
                           
On Sonicwall:
                               

Sonicwall2.JPG
472
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.