| Description | This article describes how to fix an issue faced where the IPsec VPN configuration is lost after a device reboot or while restoring the old configuration file. |
| Scope | FortiGate. |
| Solution |
This can occur when the IPsec VPN tunnels are already configured and a password policy has been introduced. In cases where the pre-shared key does not match the newly enabled password policy requirements, the IPSec VPN tunnel configuration is missing the next time when the device reboots.
No matter how many times the deleted IPsec configuration is re-applied or copied and pasted, an error appears as in the example below.
In the below example, the minimum length of psksecret key was set to 15 in the password policy, but the entered key was only 10 characters long.
Error with ENC:
# config vpn ipsec phase1-interface Fortigate (phase1-interface) # edit "IPSec-VPN" Fortigate (IPSec-VPN) # Fortigate (IPSec-VPN) # set psksecret ENC sBDJpnncNr1QF7+7gWNBkJe1YtGFdg2gYP+gXObe1n0lJsnV7d4y+rZDNNmmKturGN65DMX6ABQ/tNY8RBZqrN39wccUIaJMnjyMLXib23ia9iorbAujGL3cml+luLj0P5DFXKW55JKONLRxMETfQzHZVFHIshvvrE16N0Y/vBL6hBN0AXD4xbMEAHm4hGMIPG33rg== value parse error before 'sBDJpnncNr1QF7+7gWNBkJe1YtGFdg2gYP+gX
# config vpn ipsec phase1-interface Fortigate (phase1-interface) # edit "IPSec-VPN" Fortigate (IPSec-VPN) # FortiGate (IPSec-VPN) # set psksecret Qwerty123# node_check_object fail! for psksecret Qwerty123#
It is possible to validate the parameters set by navigating to System -> Settings -> Password Policy. There, check the password scope to see if 'IPsec' or 'both' is enabled, then check the set parameters and adjust accordingly.
It is also possible to access this configuration in the CLI:
# config system password-policy |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Troubleshooting Tip: IPsec VPN configuration getti...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.