Hello every one. I believe i found a bug. so setting up a site to site IPSEC VPN between 100D 5.2.1 and 60D 5.2.0.
When I tried using the below DH groups for the phase1 the devices kept giving me some weird errors..
DH Group 19: 256-bit random ECP Group
DH Group 20: 384-bit random ECP Group
DH Group 21: 521-bit random ECP Group
When I take the DH group down to DH18 its works right away.
Has anyone else ran across this? From what i've been reading ECC is going to be the wave of the future.
JNCIA, CCNP R/S, NSE4 , NSE7, Associate of (ISC)²
You might need to try with the newiest FortiOS version. I have seen the exact same thing with dhgrp-20 and Fortigate to PaloAlto. Can you upgrade to 5.2.3 or 5.2.4 for both devices and give it a try?
FWIW Also seen the same things with other firewall appliance and dhgrp 24.
I just upgraded both Fortigates to 5.2.4 and it fixed the issue.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.