What special characters are not allowed in IPsec PSK?

albaker1 · ‎03-27-2023

We recently performed a conversion from a Firepower to a FortiGate, and we had one tunnel that wouldn't come up. We found out during troubleshooting an authentication error that a special character in the PSK was not permitted, but we didn't have time to work with the vendor to remove them one at a time - we removed them all and just went with a long alphanumeric key, and it worked. Is there a list as to what isn't allowed? We have another conversion coming up in a few weeks that has between 30 and 40 IPsec tunnels, and we can't have surprises with this conversion. Thank you.

albaker1 · ‎03-29-2023

I know that either ~, ", ;, (, or > is not allowed. I ran across a Fortinet document for an old version (I think 6.2 - there was no option to select 7.x code) that said single quotes, double quotes, <, and > were not allowed. We have another tunnel that uses a >, and it's working, so I presume with the current version it's the single and double quotes that are a problem.

View solution in original post

abarushka · ‎03-28-2023

Hello,

Normally ASCII should be supported.

https://docs.fortinet.com/document/fortigate/7.0.9/cli-reference/362620/config-vpn-ipsec-phase1

FortiGate

albaker1 · ‎03-29-2023

I know that either ~, ", ;, (, or > is not allowed. I ran across a Fortinet document for an old version (I think 6.2 - there was no option to select 7.x code) that said single quotes, double quotes, <, and > were not allowed. We have another tunnel that uses a >, and it's working, so I presume with the current version it's the single and double quotes that are a problem.

What special characters are not allowed in IPsec PSK?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website