Hello, I´m doing a migration from an box 600C to 100F but I don´t have save any PSK on my IPsec tunnels.
I wonder if there is any way I get theses PSK or copy and paste the Encode PSK from 5.2 version to 6.0.
I did a test copy and paste PSK encode but didn´t work.
any tipe is welcome.
thanks
Solved! Go to Solution.
copy paste will not work becuase the encoding changedsomwhere between 5.2 and 6.0.
What should work ist: first upgrade your current FGT to 6.0 using the recommended upgrade path and then copy paste the tunnels/psks.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
He can't, the 600C doesn't upgrade to 6.0. Maybe he could go to the 5.6.12 but i don't know if the encoding would be the same.
Starting to agree with emnoc. It's probably be better to rekey these tunnels.
Hello!
I did this before, but not with different firmware versions.
Using the config file, I copied the line where the psk is, pasted on the fgt ad it worked.
You lost the psk on the upgrade? There was a bug that caused that.
regards,
tioeudes
I´m doing migration the config by hand because my currently box is an 600C version 5.2 and my new box is an 100F version 6.0.4
Sure, been there too! Another thing you can do, is to download config file of the 600C and extract the the ipsec tunnel (phase1 and phase2) configuration and then upload it on the 100F(with the necessary adjustments) as a script. Or you can just paste it on a terminal when conected through ssh.
regards,
tioeudes
If it 1 or 3 tunnels I would waste any time and just rekey the PSK. I seen a lot of customer who would spend 6 hours trying to recover a key when they could just rekey the PSK on a handful of tunnels and been done.
just my 2cts observation
Ken Felix
PCNSE
NSE
StrongSwan
copy paste will not work becuase the encoding changedsomwhere between 5.2 and 6.0.
What should work ist: first upgrade your current FGT to 6.0 using the recommended upgrade path and then copy paste the tunnels/psks.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
He can't, the 600C doesn't upgrade to 6.0. Maybe he could go to the 5.6.12 but i don't know if the encoding would be the same.
Starting to agree with emnoc. It's probably be better to rekey these tunnels.
hm his post read like that. I didn't check that in support portal. But if it is like that I agree the best way is to rekey the tunnels.
I can only confirm that an Ipsec Tunnel from 5.6.12 to 6.0.9 works fine. But that don't say anything about encoding on both sides does it ;)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello, thank you. this the point.
I will go do the update.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.