Hi

You can use any proposals which include algorithms suported on both ends.

For testing, you can try for example 3des-md5 for both ike phase 1 and phase 2.

By standard proposal, do you mean "proposal-set standard" on srx? What was configured

on Fortigate at that time?

When VPN is configured, check if phase 1 have successfully established (on SRX, "show security

ike security-associations"). If yes, check phase 2 ("sh sec ipsec security-associations").

Also use "establish-tunnels immediately" option so the tunnel will be established even if there

is no user traffic.

Here's an app note that desribes vpn configuration and troubleshooting (policy-based vpn case)

http://www.juniper.net/us/en/local/pdf/app-notes/3500175-en.pdf

Not sure if there is something SRX-Fortinet specific, but troubleshooting steps are always

the same.

Hi

This should be ok with these proposals, other prolems on SRX side that can prevent
phase 1 from establishihng are
- Mismatched preshared key (and check key type: ascii/hex)
- Wrong external-interface
- Lack of host-inboud-traffic system-services ike on external-interface

If ckecking these does not help, you can try to enable traceoptions on the
srx side, as app note (see link above) tells and post log here.

Is there more kb and doc links to share on this?