Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pginete
Staff
Staff

Created on ‎01-19-2026 11:11 PM Edited on ‎01-22-2026 02:07 AM By Community Manager

Article Id 427145

Troubleshooting Tip: IPsec tunnels are down on FortiGate with FIPS enabled after the firmware upgrade to v7.6.3

Description

This article describes how to fix the IPsec tunnels that are down on FortiGate with FIPS enabled after the firmware upgrade to v7.6.3.
Scope FortiGate.
Solution

ipsec tunnel down 7.6.3.png

 

The following errors are seen on the IKE debug.

 

2026-01-20 05:45:00.856557 ike V=root:0:site1:934: generate DH public value request pending

2026-01-20 05:45:00.923568 ike V=root:0:site1:934: compute DH shared secret request pending

 

Change the IPsec VPN tunnel PSK secret to have at least 14 characters to fix the IPsec VPN tunnels that are down.

 

Starting on FortiOS v7.6.1 with FIPS enabled, the IPsec VPN PSK secret needs to be at least 14 characters. This also affects dialup IPsec tunnel.

 

How to change the PSK secret on an IPsec VPN tunnel via CLI:

 

config vpn ipsec phase1-interface
    edit "VPN tunnel name"
        set psksecret ****
    next
end
116
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.