FortiGate s2s vpn cannot select aes256 now missing from original config
As of yesterday, in the phase2 settings for a site-site VPN connection to Azure I had the following:
set proposal aes128-sha256 aes256-sha256
Last night, the connection failed.
Looking at the saved config from a couple of hours before I see the "set " as it was.
Now, however, I am unable to modify the phase2 settings to anything other than aes128, either through the command line or the GUI. The drop down in the GUI will let me select AES256, and appears to save it, but if I go back, the setting reverts to AES128
In the CLI, I get a parse error for aes256.
Running V7.0.12 build8800
The FG seems to think the Phase1 connection is OK. Azure even still things the connection is good. But the phase2 connection is red.
As mentioned. This behavior did not occur yesterday. and the VPN configuration has been in place since 10:40am, but failed at 7pm
The only change made yesterday was enabling HA. But the saved configs showing the aes256 setting was from over an hour after the cluster was formed.
Brought the interface down and went to configure with "set proposal ?" and the only options which are shown are the various AES128 settings. Still get the parse error, "Command fail. Return code -61" when trying to set aes256-sha256
Also to note, I am running in fips-cc mode. Have been for a while.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.