Hi,

I have never used Fortigate FW with VMware SD-WAN.

It may be  PFS setting.

Have you tried "no PFS" setting?

Good day,

I have just had the same issue but when connecting to a Cisco ISR.

I have since resolved this but you will need to know the limitations:

The setup is limited to what the Gateway supports. For example, to connect to a Cisco ISR, you are limited to using a Tunnel interface routing method, and cannot use a Crypto ACL. Also in my case, I am stuck with IKEv1, and with SHA hashing. SHA-256 and above are not supported.

Trying to connect a Cisco ISR router to the Gateway using the "Generic IKEv1/2 Router" method has failed so far. 

What option did you use to connect to your Fortigate? I could not spot such an option?

Can you share the configuration on your Fortigate and on Orchestrator?

I might be able to spot some discrepancies. 

regards,

Talal

Hi,
I have successfully configured a VPN between Fortigate and VMware SD-WAN Gateway.
Fortigate interface had a public IP address.
I have not tested it in a NAT environment.
Initially, I tried using AES128, SHA-1, and DH2.
After confirming the VPN was established, I switched to stronger parameters.
After setting NSD in the profile, the VPN was established.
I think VMware SD-WAN Gateway is the responder and Fortigate is the Initiator.