Hi there;

We have deployed several Fortigate IPSec Hardware boxes accross 5 regions and more than 10 DC's.

The configuration procedure being supplied as a backup/restore into the official fortigate client appears to be un-usable across all three major platforms with the official client.

I.e It appears to include Windows Specific secrets scripting and Certifcate store information.

Attempting to import/restore it into either the MacOSX or Linux fortigate clients results in no population of remote access selection that appears when testing with a Privileged Windows 10 account. Also note that even our Corporate Win10 Image with default Group Security policy is unable to use the config.

The irony of needing an insecure privileged windows10 machine to administer a Secure Linux Cluster is not lost on me.

This is a major issue, and since this is a large deployment and the local Fortigate support personnel (which I believe are Singapore based, this project spans 5 countries in SE Asia) have been unable or unwilling to advise the local BU's on how to create Platform Agnostic configuration examples I am reaching out to the wider community here.

Having studied the XML format there are several sections which are likely the problem. There appears to be a hashing/encoding scheme used to protect the user and pre-shared key sections. What is this? Since this is an IPSec firewall knowing these values and what hash scheme is used by the forticlient to read these would enable any ipsec client to be used in place.

The following screenshots show ones of the suspect sections in the XML. However removing these and other windows specific references does not resolve the non-population of client in either macosx or linux.