fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Index<br />
Numerics<br />
3DES-Triple-DES, 51<br />
A<br />
Accept peer certificate, 46<br />
Accept this peer certificate<br />
group only, 46<br />
adding, configuring defining<br />
IPSec VPN phase 1, 26<br />
IPSec VPN phase 1 advanced options, 28<br />
IPSec VPN phase 2, 31<br />
IPSec VPN phase 2 advanced options, 31<br />
AES128,192 ,256, 51<br />
aggregated subnets<br />
for hub-and-spoke VPN, 86<br />
aggressive mode, 39<br />
Allow inbound, encryption policy, 65<br />
Allow outbound, encryption policy, 65<br />
ambiguous routing<br />
resolving in FortiGate dialup-client configuration, 134<br />
VPN routing, 76<br />
antireplay, 230<br />
authenticating<br />
based on peer IDs, 46<br />
FortiGate unit pre-shared key, 43<br />
IPsec VPN peers and clients, 44<br />
through IPsec certificate, 41<br />
through XAuth settings, 54<br />
authentication<br />
SHA-1, 256, 384, 512, 51<br />
Authentication Algorithm<br />
Manual Key, 184<br />
Authentication Key, Manual Key, 185<br />
authentication server, XAuth, 54<br />
Autokey<br />
IPSec VPN, 25<br />
keep alive, 59<br />
Keep Alive, IPsec interface mode, 61<br />
B<br />
backup VPN, 173<br />
C<br />
Certificate Name, Phase 1, 42<br />
certificate, IPsec<br />
group, 45<br />
Local ID setting, 46<br />
using DN to establish access, 44<br />
viewing local DN, 45<br />
FortiOS Handbook<br />
Challenge-Handshake Authentication Protocol (CHAP), 55<br />
Cisco VPN, 211<br />
client IP<br />
assigning with RADIUS, 119<br />
concentrator, 90<br />
IPSec tunnel mode, 36<br />
IPSec VPN, policy-based, 36<br />
configuring<br />
dynamic DNS VPN, 104<br />
FortiClient dialup-client VPN, 120<br />
FortiClient in dialup-client VPN, 125<br />
FortiGate dialup-client VPN, 136<br />
FortiGate in dialup-client IPsec VPN, 138<br />
gateway-to-gateway IPsec VPN, 71<br />
hub-and-spoke IPsec VPN, 85<br />
manual keys, 184<br />
transparent mode IPsec VPN, 179<br />
cryptographic load, 229<br />
FortiOS Handbook v3: IPsec VPNs<br />
01-434-112804-20120111 243<br />
http://docs.fortinet.com/<br />
D<br />
dead gateway detection, 83<br />
Dead Peer Detection (DPD), 53, 83<br />
Phase 1, 52, 53<br />
designated router (DR), OSPF, 223<br />
DH Group<br />
IPsec interface mode, 61<br />
Phase 1, 49, 52<br />
Phase 2, 58<br />
DH key size, FIPS-CC, 49<br />
DHCP relay<br />
in FortiClient dialup-client configuration, 123<br />
in FortiGate dialup client configuration, 135<br />
DHCP server, 59<br />
in FortiClient dialup-client configuration, 123<br />
DHCP-IPsec<br />
IPsec interface mode, 61<br />
IPSec VPN, phase 2, 33<br />
phase 2, 59<br />
dialup-client IPsec configuration<br />
DHCP server and relay, FortiClient VIP, 123<br />
dialup server for FortiClient dialup clients, 120<br />
dialup server for FortiGate dialup clients, 136<br />
FortiGate client configuration, 138<br />
FortiGate dialup client configuration, 136<br />
requirements for FortiClient access, 119<br />
requirements for FortiGate client access, 135<br />
Diffie-Hellman algorithm, 49, 58<br />
Digital Encryption Standard, 17<br />
DNS server, dynamic DNS configuration, 104<br />
domain name, dynamic DNS configuration, 103, 105