I have a problem with a IPSEC VPN between 2 Fortigate Firewalls.
On one side I have a FG110C, on the other side a FG60C.
The VPN was working well until I made a firmware update on the FG110C form
v3 MR1 to v4.0 (MR3) Patch 15.
Now the VPN remains down, the rest of the configuration works without
any problem. The FG60C hat the firmware v4.0,build5849,110804 (MR2).
Is it possible that the MR3 on the 110C isn' t compatible with
Thanks in advice,
I wouldn' t think they are ' incompatible' . IPsec is a standard. But... 4.2 in the beginning was not too stable, the release you' re using might have a bug in the VPN code. Try to upgrade to the latest MR2 patch (4.2.15).
One other explanation would be that the VPN config is not 100% correct but you got away with it in v3 code. You would have to debug the setup via ' diag debug app ike -1' on the console. There have been numerous postings on the forums about this which might give you the right commands.
I admit that debugging a VPN setup is not well supported through logging. The error messages mostly are cryptic or misleading, Microsoft style.
Hi to everybody,
thanks for the answers!
I think first of all I' ll make a Firmware Upgrade to check if this is the problem.
Yes, I followed the upgrade path on the 110C.
The option " Enable perfect forward secrecy(PFS)" is selected.
In the event log of the 60C I get the following messages:
negotiate IPsec phase 1 error
egotiate progress IPsec phase 1
The last step will be the reconstruction of the IPSEC Tunnel.
Thank you guys!
Hi to everybody,
so I found the solution and now I' m ashamed
I just reentered a new Pre-shared Key in Phase 1 on both sides
and now it works again...
I hate those errors...spending extrem alot of time, disturbing
other people and then a solution like that...
Thanks and sorry!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.