Hey guys, thanks for the replies so far. So regarding the command "config log device ...", this isn't available anymore in the 5.4.1 FAZ. Nonetheless, I think I found the issue, it seems to be a bug in the firmware. The interface of the FAZ is set to DHCP, and there is no local listening port, which results in the ICMP message. If I look at the netstat of the FAZ, the only listening port for the IPsec is on the loopback interface:
udp 0 0 127.0.0.1:500 0.0.0.0:*
There is no listening port on the actual interface IP, I guess the VPN daemon starts up before the FAZ acquires an IP from the DHCP. Anybody know how I could restart the process handling the VPN service? I couldn't find a name in the process lists which could have something to do with it, otherwise I would try to kill it and see if it works after that.
Another thing I recognized during the troubleshooting: Why the hell did they remove the IPsec logging in the 5.4 FGT release? How can I be sure that nobody checks on my logs with the usual SSL encryption, there are no options which SSL certificate is used or which certificate the FGT should trust. Are there any options to configure peer certificates?