config vpn ipsec phase1-interface edit "IPSEC-XXX-PROD" set type static set interface "WAN-OCWs" set ip-version 4 set ike-version 1 set local-gw 0.0.0.0 set keylife 86400 set authmethod psk set mode main set peertype any set passive-mode disable set exchange-interface-ip disable set mode-cfg disable set proposal aes256-sha1 set localid '' set localid-type auto set auto-negotiate enable set negotiate-timeout 30 set fragmentation enable set dpd disable set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 2 set suite-b disable set wizard-type custom set xauthtype disable set mesh-selector-type disable set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender disable set auto-discovery-receiver disable set auto-discovery-forwarder disable set encapsulation none set nattraversal enable set rekey enable set remote-gw IP-PFSENSE-P1 set monitor '' set add-gw-route disable set psksecret ENC XXXXXXXXXXXX set keepalive 10 next end config vpn ipsec phase2-interface edit "IPSEC-XXX-PROD" set phase1name "IPSEC-XXX-PROD" set proposal aes256-sha1 set pfs disable set replay enable set keepalive disable set auto-negotiate disable set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type ip set src-port 0 set dst-addr-type ip set dst-port 0 set keylifeseconds 1800 set src-start-ip IP-FORTI-P2 set dst-start-ip IP-PFSENSE-P2 next end -----------------------------------------------------------------------------------