FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Index Encryption Algorithm, Manual Key 112 Encryption Key, Manual Key 112 encryption policy allow outbound and inbound 150 defining IP addresses 149 defining IPSec 152 defining multiple for same IPSec tunnel 152 enabling specific services 151 evaluating multiple 153 outbound and inbound NAT 150 traffic direction 151 examples gateway-to-gateway VPN 23 hub-and-spoke VPN 42 F firewall IP addresses defining 149 firewall policy defining for policy-based VPN 150 defining for route-based VPN 153 hub to spoke 40 policy-based, for FortiGate dialup client 77 policy-based, for gateway-to-gateway 22 policy-based, for hub-and-spoke 36 route-based, for FortiGate dialup client 78 route-based, for gateway-to-gateway 22 route-based, for hub-and-spoke 37 spoke to spoke 41 using as route-based "concentrator" 39 FortiClient dialup client configuration example 66 FortiClient dialup-client configuration configuration steps 59 FortiClient configuration 64 overview 55 FortiClient dialup-client IPSec configuration VIP address assignment 57 FortiGate dialup client IPSec configuration policy-based firewall policy 77 route-based firewall policy 78 FortiGate dialup-client IPSec configuration FortiGate acting as client 71 using DHCP relay in 73 FortiGate documentation commenting on 14 Fortinet customer service 14 Fortinet documentation 12 Fortinet Knowledge Center 14 G gateway-to-gateway IPSec configuration configuration example 23 configuration steps 21 infrastructure requirements 20 overview 19 policy-based firewall policy 22 route-based firewall policy 22 generating IPSec phase 1 keys 137 IPSec phase 2 keys 144 H hub-and-spoke spoke subnet addressing 34 hub-and-spoke IPSec configuration concentrator, defining 37 configuration example 42 hub configuration 35 infrastructure requirements 34 overview 33 policy-based concentrator 37 policy-based firewall policy 36 route-based firewall policy 37 route-based inter-spoke communication 38 spoke configuration 40 I IKE negotiation parameters 137 Inbound NAT, encryption policy 150 Internet-browsing configuring FortiClient 82 Internet-browsing firewall policy VPN server 80 Internet-browsing IPSec configuration FortiClient dialup-client configuration 81 gateway-to-gateway configuration 80 infrastructure requirements 80 overview 79 introduction FortiGate IPSec VPNs 9 Fortinet documentation 12 IPSec VPN Guide 10 IPSec VPN authentication methods 131 authentication options 131 backup 104 certificates 132 extended authentication (XAuth) 141 firewall IP addresses, defining 149 firewall IPSec policy 150 FortiGate implementation 9 keeping tunnel open 145 logging events 158 monitoring IKE sessions 157 monitoring, dialup connection 156 monitoring, static or DDNS connection 155 peer identification 135 phase 1 parameters 127 phase 2 parameters 143 role of encryption policy 151 route-based firewall policy 153 testing 157 troubleshooting 159 IPv6 IPSec configurations certificates 116 configuration 116 firewall policies 116 IPv4-over-IPv6 example 120 IPv6-over-IPv4 example 124 IPv6-over-IPv6 example 117 overview 115 phase 1 116 FortiGate IPSec VPN Version 3.0 User Guide 162 01-30005-0065-20070716
Index IPv6 IPSec configurations (continued) phase 2 116 routing 117 K Keepalive Frequency, Phase 1 139, 140 Keylife IPSec interface mode 147 Keylife, Phase 1 137, 139 Keylife, Phase 2 144 L LDAP server, external for XAuth 141 Local ID for certificates 134 for peer IDs 135 to identify FortiGate dialup clients 72 Local SPI, Manual Key 112 loging VPN events 158 M manual key IPSec configuration configuration steps 112 overview 111 meshed VPN 20 Mode, Phase 1 129, 131 N NAT keepalive frequency 140 traversal 140, 160 Nat-traversal, Phase 1 139, 140 negotiating IPSec phase 1 parameters 137 IPSec phase 2 parameters 144 network topology dynamic DNS 49 FortiClient dialup-client 55 FortiGate dialup-client 71 fully meshed network 20 gateway-to-gateway 19 hub-and-spoke 33 Internet-browsing 79 manual key 111 partially meshed network 20 redundant-tunnel 83 supported IPSec VPNs 16 transparent mode VPN 105 O Outbound NAT, encryption policy 150 overlap resolving IP address 72 resolving through FortiGate DHCP relay 72 P P1 Proposal, Phase 1 137, 139 P2 Proposal Phase 2 IPSec interface mode 147 P2 Proposal, Phase 2 144 partially meshed VPN 20 peer ID assigning to FortiGate unit 135 enabling 135 Local ID setting 135 perfect forward secrecy, enabling 144 phase 1 parameters authenticating with certificates 129 authenticating with preshared keys 130 authentication method 131 authentication options 131 defining 127 defining the tunnel ends 128 IKE proposals 138 main or aggressive mode 128 negotiating 137 overview 127 peer identifiers 134 user accounts 135 phase 2 parameters autokey keep alive 145 auto-negotiate 144 configuring 146 defining 143 DHCP-IPSec 145 keylife 144 negotiating 144 perfect forward secrecy (PFS) 144 quick mode selectors 145 replay detection 144 planning VPN configuration 15 policy server, VPN configuring FortiGate unit as 62 policy-based VPN vs route-based 16 pre-shared key authenticating FortiGate unit with 130 Pre-shared Key, Phase 1 131 Q Quick Mode Selector IPSec interface mode 148 Quick mode selectors, Phase 2 145 R RADIUS server, external for XAuth 141 redundant VPNs configuration 84 example, fully redundant configuration 87 example, partially-redundant configuration 98 overview 83 remote client authenticating with certificates 129 FortiGate dialup-client 71 in Internet-browsing IPSec configuration 79 Remote Gateway, Phase 1 129, 130 FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 163
Page 1 and 2:
USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4:
Contents Contents Introduction ....
Page 5 and 6:
Contents Adding XAuth authenticatio
Page 7 and 8:
Contents Defining IKE negotiation p
Page 9 and 10:
Introduction About FortiGate IPSec
Page 11 and 12:
Introduction About this document
Page 13 and 14:
Introduction Fortinet documentation
Page 15 and 16:
Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18:
Configuring IPSec VPNs General prep
Page 19 and 20:
Gateway-to-gateway configurations C
Page 21 and 22:
Gateway-to-gateway configurations G
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Gateway-to-gateway configurations H
Page 31 and 32:
Gateway-to-gateway configurations H
Page 33 and 34:
Hub-and-spoke configurations Config
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Hub-and-spoke configurations Dynami
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Dynamic DNS configurations Configur
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
FortiClient dialup-client configura
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
FortiGate dialup-client configurati
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Internet-browsing configuration Con
Page 81 and 82:
Internet-browsing configuration Rou
Page 83 and 84:
Redundant VPN configurations Config
Page 85 and 86:
Redundant VPN configurations Config
Page 87 and 88:
Redundant VPN configurations Redund
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Redundant VPN configurations Partia
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Transparent mode VPNs Configuration
Page 107 and 108:
Transparent mode VPNs Configuration
Page 109 and 110:
Transparent mode VPNs Configure the
Page 111 and 112: Manual-key configurations Configura
Page 113 and 114: Manual-key configurations Specify t
Page 115 and 116: IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118: IPv6 IPSec VPNs Site-to-site IPv6 o
Page 127 and 128: Auto Key phase 1 parameters Overvie
Page 129 and 130: Auto Key phase 1 parameters Authent
Page 137 and 138: Auto Key phase 1 parameters Definin
Page 139 and 140: Auto Key phase 1 parameters Definin
Page 141 and 142: Auto Key phase 1 parameters Using X
Page 143 and 144: Phase 2 parameters Basic phase 2 se
Page 145: Phase 2 parameters Advanced phase 2
Page 148 and 149: Configure the phase 2 parameters Ph
Page 150 and 151: Defining firewall policies Defining
Page 156 and 157: Monitoring VPN connections Monitori
Page 158 and 159: Logging VPN events Monitoring and t
Page 160 and 161: VPN troubleshooting tips Monitoring
Page 164 and 165: Index remote peer authenticating wi
Page 166: www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?