Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Israt24Fortinet
New Contributor

firmware

I am configuring ipsec vpn on FortiGate 60F firewall and 200F firewall. In 60F, fortiguard option, it says, "firmware and general update is expired. Firmware version is v6.4.6 build 6083 (GA). Do I need to update the firmware, because IP sec phase1 is down. If not, what can be the reason for ipsec phase 1 for being down?

2 REPLIES 2
AEK
SuperUser
SuperUser

In phase 1 proposal check if encryption-authentication pairs and Diffie-Hellman Groups match between the two FortiGates.

 

Run the below commands on the receiver while initiating the tunnel on the initiator FG.

diagnose debug console timestamp enable
diagnose debug application ike -1
diagnose debug enable

 

AEK
AEK
hbac
Staff
Staff

Hi @Israt24Fortinet,

 

Your "firmware and general update" license is expired but it shouldn't affect the IPsec tunnel. You can run ike debug to see why it is failing. 

 

Regards, 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors