In the Log files I get "peer SA proposal not match local policy". I guess this means the Phase 1 Settings from the Android Client don't match these from the Fortigate?!? Which settings and Encryption proposals I need for the Client? The Windows Forticlient works perfectly with these Server Settings.
Worth also noting here that there is currently a bug on the Google Pixel phones build NDE63U and Pixel XL with the native IPSEC XAuth VPN client per 226180
This does not affect the 7.0 NRD91N builds on the Nexus phones.
Like I said, connection works with 'mode-cfg disable', but with wrong nameserver settings (not usable).
The connection itself doesn't come up with 'mode-cfg enable' at all! Thats the main issue.
Unfortunately we use a split tunnel configuration with external dns servers, so I'm not best qualified to provide any further pointers.
I did find this post for your reference though.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.