During a Fortinet 100D to Fortinet 100F upgrade migration, the Fortinet Firewall Migration Tool cannot recover the Fortinet IPsec VPN Pre-shared key for you, we cannot find the IPsec VPN Pre-shared key from the previous document
Searching and testing around seem the only fix is to update the key on both ends, however, for this particular environment, we are required to minimize the impact.
After digging into the Fortinet document and internet forms, someone mentioned you can use the below command to decrypt the key, but it is still not the Pre-share key that I am after:
di sys ha checksum sho root vpn.ipsec.phase1-interface xxxxx
The key is 47756573744d653132330d0a
Looking at decrypted keys carefully, they are actually Hex! To recover the key, simply go to a Hex to Text converter online, such as https://www.rapidtables.com/convert/number/hex-to-ascii.html
This method is NOT working on the newer version of Fortinet Firmware anymore (such as 6.4.7), it is simply not a best of practice for a security product to view the password!
2 thoughts on “How to Recover Fortigate IPsec VPN Pre-shared Key”
An outstanding shаre! I have just forwarded this
onto а friend who had been conducting a little research
on this. And he in fact ordｅred me lunch because I stumbled upon it for
him… lol. So let me reworԁ this…. Thank YOU for
the meal!! But yeah, thanks for spending some time to discuss this issue here on yoᥙr web
Buenas tardes, tendrán algún método para las versiones de firmware mas actuales?