What a pain in the neck this upgrade is going to be. I tried going from 8.1.6 to 9.0.5 on one firewall while the other remains at 8.1.6 and my SHA256 IPsec tunnel would not reconnect. I had to switch to PSK. Now that I know what the problem is, I'll be switching back to SHA256 certificate after upgrading all of my firewall routers. It shouldn't matter what version these firewalls are. Obviously a bug introduced after 8.1.6 that impacted SHA256 certficate-based VPNs.
... View more