I am configuring ipsec vpn on FortiGate 60F firewall and 200F firewall. In 60F, fortiguard option, it says, "firmware and general update is expired. Firmware version is v6.4.6 build 6083 (GA). Do I need to update the firmware, because IP sec phase1 is down. If not, what can be the reason for ipsec phase 1 for being down?
In phase 1 proposal check if encryption-authentication pairs and Diffie-Hellman Groups match between the two FortiGates.
Run the below commands on the receiver while initiating the tunnel on the initiator FG.
diagnose debug console timestamp enable
diagnose debug application ike -1
diagnose debug enable
Hi @Israt24Fortinet,
Your "firmware and general update" license is expired but it shouldn't affect the IPsec tunnel. You can run ike debug to see why it is failing.
Regards,
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.