| FortiGate Parameter |
FortiGate Parameter Description |
Corresponding Sangfor NGAF Module/Parameter |
Notes / Migration Suggestions |
| interface |
Local binding interface |
Network > Sangfor/IPsec VPN > General Settings > VPN Paths |
Directly corresponds |
| ike-version |
IKE version |
Network > Sangfor/IPsec VPN > IPsec VPN |
Recommended to keep consistent |
| peertype |
Peer type (static/dynamic) |
Network > Sangfor/IPsec VPN > IPsec VPN |
Same as original |
| remote-gw |
Remote gateway address |
Network > Sangfor/IPsec VPN > IPsec VPN |
Must be consistent |
| local-gw |
Local public address (optional) |
Network > Sangfor/IPsec VPN > IPsec VPN |
Corresponds to “Local IP” |
| psksecret |
Pre-shared key |
Network > Sangfor/IPsec VPN > IPsec VPN |
Keep the same |
| proposal |
Encryption/authentication algorithms |
Network > Sangfor/IPsec VPN > IPsec VPN |
NGAF supports AES, 3DES, SHA1/256 |
| dpd |
Dead Peer Detection (DPD) |
Network > Sangfor/IPsec VPN > IPsec VPN |
Enable dead link detection |
| dpd-retrycount / dpd-retryinterval |
DPD retry count / interval |
Network > Sangfor/IPsec VPN > IPsec VPN |
Corresponds to “Probe Retry Count” |
| localid / peerid |
Identity identifier |
Network > Sangfor/IPsec VPN > IPsec VPN |
Keep consistent |
| nattraversal |
NAT traversal |
Network > Sangfor/IPsec VPN > IPsec VPN |
Recommended to enable |
| keylife |
IKE SA lifetime |
Network > Sangfor/IPsec VPN > IPsec VPN |
Recommended to match (default 28800s) |
| proposal (Phase2) |
Data channel algorithms |
Network > Sangfor/IPsec VPN > IPsec VPN |
Keep consistent |
| src-subnet / dst-subnet |
Protected subnets |
Network > Sangfor/IPsec VPN > IPsec VPN |
Keep consistent |
| pfs / dhgrp |
PFS enable and group |
Network > Sangfor/IPsec VPN > IPsec VPN |
Recommended to enable |
| auto-negotiate |
Auto start |
Network > Sangfor/IPsec VPN > IPsec VPN |
Enable |
{{ $t('index.defaultHeader.chromeBrowserTip') }}