How to view Pre-shared Key

Anand_Narayana · ‎08-21-2010

Hi, I have setup a site-to-site vpn between 2 FG. I wanted to view the pre-shared key of the vpn tunnel. Is there any way to view that similar to cisco pix/asa?

Anand

ede_pfau · ‎08-21-2010

Not that I know of. Not even in the config file. Wouldn' t make sense anyway. What about this option with Cisco - wouldn' t they see this as a massive security breach?

Ede Kernel panic: Aiee, killing interrupt handler!

Anand_Narayana · ‎08-21-2010

In Cisco, there is no way to view the pre-shared using the config file, but can be viewed by typing " more:system run" command in CLI through which the pre-shared key can be viewed. Similarly just wanting to know that in FG. Reason to know this is my x-colleague has created several tunnels on the FG & he has updated me only few of the pre-shared keyz the rest he doesn' t have any clues as what the keys might be.

Anand

Carl_Wallmark · ‎08-22-2010

you cant view the preshared key, but you can copy them,

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Anand_Narayana · ‎08-23-2010

How to copy then?

Anand

emnoc · ‎08-23-2010

If you forgot the PSK, just recreate them on the FG. Cisco gives you the luxury to more the PSK out starting with PIX/ASA code 6.5 and higher and the keys are in plaintext if you should copy the config thru tftp.

PCNSE

NSE

StrongSwan

ede_pfau · ‎08-24-2010

Just copy the hashes from the config file, strings starting with " ENC" . That is, from a config file which itself is un-encrypted = plain text.

Ede Kernel panic: Aiee, killing interrupt handler!

How to view Pre-shared Key

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website