Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPSEC VPN for remote users - no matching gateway for new request

I' m new to FortiGate firewalls, but a client just got a 60C (MR3 Patch 12) they want to use with the FortiClient for remote IPSEC VPN connections. I found a how-to guide for this in the FortiOS Cookbook (, but when i try to have a client connect it fails, and the console log shows the following: Virtual Domain root Message IPsec phase 1 error Action negotiate IPSec Remote IP [] IPSec Local IP [] Remote Port 6893 Outgoing Interface wan1 Local Port 500 Cookies 34f19195f36324fa/0000000000000000 User N/A Group N/A XAUTH User N/A XAUTH Group N/A Status negotiate_error VPN Tunnel N/A Error Reason no matching gateway for new request Peer Notification N/A Any ideas what i missed? I tried 2x following the cookbook so far, but same results each time. Thanks for your thoughts!
New Contributor III

The FortiOS Cookbook describes IPSEC Configuration in Tunnel Mode. However the recommended mode is Interface Mode. Where each IPSEC Phase1 is created as a Sub-Interface. Leaving " Interface Mode" apart let' s talk about your Tunnel Mode. The Tunnel Mode will not work until a corresponding Firewall Policy is created. Please create a Firewall Policy to bring the Tunnel Up.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D