IPsec VPN troubleshooting in Fortigate Firewall


IPsec VPN troubleshooting in Fortigate Firewall-

Preshared key-

  • It is like a password and used for granting access to ipsec VPN
  • Its known by both two parties and used to identify each other.
  • It should be same at both end.

The pre-shared key does not match (PSK mismatch error).

It is possible to identify a PSK mismatch using the following combination of CLI commands:

diag vpn ike log filter name <phase1-name>
diagnose debug application ike -1
diagnose debug enable
diagnose vpn ike restrat

PSK mismatch error
PSK mismatch error

Now lets lets disable the debugging.

Enter the following CLI command to stop the output.

diagnose debug reset
diagnose debug disable

IPsec VPN Phase 2 Selectors Mismatch in Fortigate Firewall


  1. Hey there! I could have sworn I’ve been to this website
    before but after reading through some of the post I realized it’s new to me.
    Anyways, I’m definitely delighted I found it and I’ll be bookmarking and checking back often!


Please enter your comment!
Please enter your name here