Beware - Upgrade to FortiOS 5.6.3+ with IPSec VPNs

If you are upgrading from version 5.4.5, 5.4.6, or 5.4.7 to FortiOS 5.6.3, the IPsec phase1 psksecret setting might be lost. To avoid this, upgrade to FortiOS 5.6.2 and then to 5.6.3. If the psksecret setting is lost, you will need to reconfigure it after upgrading.

Even if you have saved configs you will need to reset the passwords since FortiOS 5.6.3 will not allow you to paste the encrypted passwords from 5.4.x versions.

Ironically Fortinet on their Support site states that the "recommended" upgrade path is from 5.4.5 directly to 5.6.3 - see screenshot below.