Hey,
for years, I was always able to take the config from a Fortigate 40/50/60 and to implement it on a new device including all site2site VPN data, so I don't have to reset all VPN phase1 passwords.
Today, I got a new 60F and wanted to copy the config from the older 60D to it:
config vpn ipsec phase1 edit "whatever" set interface "wan1" set keylife 900 set proposal 3des-sha1 3des-md5 set localid-type address set dpd disable set dhgrp 2 set nattraversal disable set remote-gw 1.1.1.1 set psksecret ENC vvvx5Q2mPYfi7vfBUxq30IFVQhx183v+0E77nmfsdfsdfzARCLziSGN8wTwPioZV7Owt5xmTLBZdjNSuxeaDmFiIZHmtoO+JbdmTIMXGs+adRNuvQyVquvtN5hz1zKTYtQEL/l5e3hCcT3t0KkyuQyTNkU2mkuYLIyJsyS+CeXsdfv
This was ALWAYS working (no, it is not my real IP, nor psksecret), but guess what I got now?
"Password is too long, max length is 128."
So... How do I suppose to change hardware, if I am not able to copy the passwords? There are 8 active VPN and I can't do it live one-by-one.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes you can.
There have been fundamental changes in the way VPN PSKs and WiFi PSKs are stored on a FGT. If you followed the upgrade path step-by-step (from which version?) and encounter this error then you will have to create new PSKs and store them afresh. It's not about the length of the plaintext PSK, just the algorithm to encode it has changed.
This is the opportunity to get rid of outdated encryption algorithms as well (3DES? MD5?? really?) and to generate safe, random PSKs of suitable length (say, > 30 chars). Sorry, but.
That's just a very old setup - The rest of the VPN tunnels were done with the latest wizard (v5.4.0) - So that's just that.
I can't follow any upgrade path, as I just have the old Forti without support and the new one.
So there is no way to "convert" the passwords to the new format?
I'm afraid, no. Just put in a new password.
BTW, v5.4 is already 'old' - the switch in PSK encryption was between v6.0 and v6.2 IIRC.
You could have a look at the Upgrade Path tool with just one valid support contract, all you need is an account.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.