How to find Fortinet PSK!

In Fortinet devices, pre-shared keys (PSKs) are stored in an encrypted format for security reasons and cannot be viewed in plain text directly through the GUI or CLI. If you’ve forgotten a PSK, consider the following approaches:

  1. Retrieve from Backup Configuration: If you have a backup of your Fortinet device’s configuration, the PSK may be included in the backup file. However, be aware that the PSK will still be in its encrypted form.
  2. Attempt Decryption: While Fortinet does not provide an official method to decrypt PSKs, some users have discussed the possibility of decryption. Note that attempting to decrypt PSKs may violate Fortinet’s terms of service and could compromise the security of your system. Proceed with caution and at your own risk. This articles does now show you how to decrypt the PSK, instead the step by step below if how you can reset it.

To find the Pre-Shared Key (PSK) for a Fortinet device (FortiGate firewall or VPN), follow these steps:

For an Existing VPN Configuration:

  1. Log into FortiGate:
    • Use the web-based management interface or SSH into the FortiGate device.
  2. Navigate to the VPN Settings:
    • From the web interface, go to VPN > IPsec Tunnels (or VPN > IPsec).
    • In the command-line interface (CLI), use:
      config vpn ipsec phase1-interface
  3. Locate the Tunnel:
    • Find the VPN tunnel for which you want to find the PSK.
  4. View or Retrieve the PSK:
    • If you’re in the web interface, the PSK may be hidden (in “****” format), but you can reset it by editing the tunnel and entering a new one.
    • Using the CLI, you can view the PSK by running:
      show full-configuration | grep -A 5 -B 5 "set psksecret"

      This command will display the PSK for the VPN tunnel.

  5. Note:
    • For security reasons, the PSK is typically not visible in the web interface once it is set. You’ll need to reset it if you can’t retrieve it from the CLI.

Make sure to have proper permissions to view and modify VPN configurations on your FortiGate device.

You might also be interested in:

Cannot access FortiGate Web GUI (web admin interface)

Cyber Security, Networking
Total 0 Votes
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?