Description |
This article describes the scenario where an IPsec VPN is built to a third-party firewall or VPN appliance and the phase2 is failing. The issue is caused by the spi keys that are not read in the same order by the third-party device. This does not occur from FortiGate to FortiGate. |
Scope | FortiGate. |
Solution |
To solve this issue set specific phase2 selectors. It is not recommended to use address groups just manually type out phase 2 selectors.
See the image below for the example.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.