u/Comprehensive-Food-3 — reddlx

I can't believe IPSec Over TCP was introduced to FortiGate over a year ago and it is still crappy.
I can't get it to work using latest FCT 7.4.3 and FGT 7.6.6, I've been all over the internet with no working solution.
Anyway here are the technical details:
Packet sniffer:

2026-04-30 17:19:41.833800 port1 in [Client IP].63796 -&gt; [FGT IP].1443: syn 636204853 
2026-04-30 17:19:41.833921 port1 out [FGT IP].1443 -&gt; [Client IP].63796: syn 3059362733 ack 636204854 
2026-04-30 17:19:41.931376 port1 in [Client IP].63796 -&gt; [FGT IP].1443: ack 3059362734 
2026-04-30 17:19:59.330901 port1 in [Client IP].63796 -&gt; [FGT IP].1443: rst 636204854 ack 3059362734

IKE Debug:

ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:3, [FGT IP]:1443-&gt;[Client IP]:63796 sock=41 refcnt=2 ph1=(nil)) (1).
ike V=root:deletes tcp-transport(vd=0, vrf=0, intf=0:3, [FGT IP]:1443-&gt;[Client IP]:63796 sock=41 refcnt=2 ph1=(nil)) (1).
ike V=root:destroys tcp-transport(vd=0, vrf=0, intf=0:3, [FGT IP]:1443-&gt;[Client IP]:63796 sock=41 refcnt=0 ph1=(nil)) (0).

There is a time period of around 10-15 seconds between "accepts ike tcp-transport" and the other 2.

I would really appreciate your help, I really think this community is more helpful than the paid Fortinet support!