fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
O<br />
OSPF<br />
protecting with IPsec, 221<br />
with redundant IPsec tunnels, 227<br />
Outbound NAT, encryption policy, 65<br />
overlap<br />
resolving IP address, 134<br />
resolving through FortiGate DHCP relay, 134<br />
overlapping VPN subnets, 76<br />
P<br />
P1 Proposal, Phase 1, 49, 51<br />
P2 Proposal<br />
IPSec VPN, phase 2, 32<br />
P2 Proposal, Phase 2, 58<br />
partially meshed VPN, 69<br />
Password Authentication Protocol (PAP), 55<br />
peer ID<br />
assigning to FortiGate unit, 46<br />
enabling, 47<br />
Peer option<br />
IPSec VPN, phase 1, 27<br />
Peer Options, 41<br />
perfect forward secrecy (PFS), 80<br />
perfect forward secrecy, enabling, 58<br />
Phase, 31<br />
phase 1<br />
IPSec VPN, 26, 31<br />
phase 1 advanced options<br />
IPSec VPN, 28<br />
phase 1 parameters<br />
authenticating with certificates, 41<br />
authenticating with preshared keys, 42<br />
authentication method, 44<br />
authentication options, 44<br />
defining, 39<br />
defining the tunnel ends, <strong>40</strong><br />
IKE proposals, 50<br />
main or aggressive mode, <strong>40</strong><br />
negotiating, 49<br />
overview, 39<br />
peer identifiers, 46<br />
user accounts, 47<br />
phase 2<br />
Autokey keep alive, 59<br />
IPSec VPN, 31<br />
key expires, 58<br />
PFS, 80<br />
phase 2 advanced options<br />
IPSec VPN, 31<br />
phase 2 parameters<br />
autokey keep alive, 59<br />
auto-negotiate, 58<br />
configuring, 60<br />
defining, 57<br />
DHCP-IPsec, 59<br />
keylife, 58<br />
negotiating, 58<br />
perfect forward secrecy (PFS), 58<br />
quick mode selectors, 59<br />
replay detection, 58<br />
Phase I, 229<br />
Phase II, 230<br />
planning VPN configuration, 22<br />
policy server, VPN<br />
configuring FortiGate unit as, 123<br />
policy-based VPN<br />
vs. route-based, 22<br />
port 1701, 200<br />
port 4500, 52<br />
port 500, 52<br />
pre-shared key<br />
authenticating FortiGate unit with, 43<br />
preshared key, 17<br />
Pre-shared Key, Phase 1, 43<br />
proposal<br />
IPSec VPN, phase 2, 32<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
246 01-434-112804-20120111<br />
http://docs.fortinet.com/<br />
Q<br />
Quick mode selectors, Phase 2, 59<br />
R<br />
RADIUS, 144<br />
assigning client IPs with, 119<br />
RADIUS server, external<br />
for XAuth, 54<br />
redundant VPNs<br />
configuration, 152<br />
example, fully redundant configuration, 155<br />
example, partially-redundant configuration, 166<br />
overview, 151<br />
remote client<br />
authenticating with certificates, 41<br />
FortiGate dialup-client, 133<br />
in Internet-browsing IPsec configuration, 147<br />
Remote Gateway<br />
IPSec manual key setting, 35<br />
remote gateway<br />
dialup user, 59<br />
Remote Gateway, Phase 1, 41, 43<br />
remote peer<br />
authenticating with certificates, 41<br />
dynamic DNS configuration, 110<br />
gateway-to-gateway IPsec configuration, 71<br />
manual key configuration, 35<br />
manual key IPsec configuration, 183<br />
transparent IPsec VPN configuration, 176<br />
Remote SPI<br />
IPSec VPN, manual key, 35<br />
Remote SPI, Manual Key, 184<br />
replay detection, 230<br />
replay detection, enabling, 58<br />
RFC 317, 237<br />
route-based VPN<br />
firewall policy, 68<br />
vs. policy-based, 22<br />
routing, transparent VPN IPsec configuration, 178<br />
S<br />
Security Association (SA), 58, 183<br />
Index