FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Contents Authentication ............................................................................................. 35 Configure the hub............................................................................................ 35 Define the hub-spoke VPNs........................................................................ 35 Define the hub-spoke firewall policies......................................................... 36 Configuring communication between spokes (policy-based VPN) ............. 37 Configuring communication between spokes (route-based VPN) .............. 38 Using a zone as a concentrator............................................................ 38 Using a zone with a policy as a concentrator ....................................... 38 Using firewall policies as a concentrator .............................................. 39 Configure the spokes ..................................................................................... 40 Configuring firewall policies for hub-to-spoke communication .................... 40 Configuring firewall policies for spoke-to-spoke communication ................ 41 Dynamic spokes configuration example....................................................... 42 Configure the hub (FortiGate_1) ................................................................. 43 Define the IPsec configuration.............................................................. 43 Define the firewall policies .................................................................... 43 Configure communication between spokes.......................................... 44 Configure the spokes .................................................................................. 45 Define the IPsec configuration.............................................................. 45 Define the firewall policies .................................................................... 46 Dynamic DNS configurations ......................................................... 49 Configuration overview................................................................................... 49 Dynamic DNS infrastructure requirements ................................................ 50 General configuration steps .......................................................................... 50 Configure the dynamically-addressed VPN peer ......................................... 51 Configure the fixed-address VPN peer ......................................................... 53 FortiClient dialup-client configurations......................................... 55 Configuration overview................................................................................... 55 Peer identification ....................................................................................... 56 Automatic configuration of FortiClient dialup clients ................................... 56 How the FortiGate unit determines which settings to apply .......... 56 Using virtual IP addresses .......................................................................... 57 FortiClient dialup-client infrastructure requirements .................................. 58 FortiClient-to-FortiGate VPN configuration steps ....................................... 59 Configure the FortiGate unit........................................................................... 59 Configuring FortiGate unit VPN settings ..................................................... 60 Configuring the FortiGate unit as a VPN policy server ............................... 62 Configuring DHCP service on the FortiGate unit ........................................ 62 Configure the FortiClient Host Security application ................................... 64 Configuring FortiClient to work with VPN policy distribution ....................... 64 Configuring FortiClient manually................................................................. 64 FortiGate IPSec VPN Version 3.0 User Guide 4 01-30005-0065-20070716
Contents Adding XAuth authentication ......................................................................... 65 FortiClient dialup-client configuration example ........................................... 66 Configuring FortiGate_1.............................................................................. 66 Define the phase 1 parameters ............................................................ 67 Define the phase 2 parameters ............................................................ 67 Define the IPSec firewall policy ............................................................ 68 Configure FortiGate_1 to assign VIPs .................................................. 69 Configuring the FortiClient Host Security application.................................. 69 FortiGate dialup-client configurations .......................................... 71 Configuration overview................................................................................... 71 FortiGate dialup-client infrastructure requirements .................................... 73 FortiGate dialup-client configuration steps ................................................. 74 Configure the server to accept FortiGate dialup-client connections ......... 75 Configure the FortiGate dialup client ........................................................... 76 Internet-browsing configuration..................................................... 79 Configuration overview................................................................................... 79 Creating an Internet browsing firewall policy............................................... 80 Routing all remote traffic through the VPN tunnel ....................................... 81 Configuring a FortiGate remote peer to support Internet browsing............. 82 Configuring a FortiClient application to support Internet browsing.............. 82 Redundant VPN configurations ...................................................... 83 Configuration overview................................................................................... 83 General configuration steps ........................................................................ 84 Configure the VPN peers - route-based VPN ................................................ 85 Redundant route-based VPN configuration example................................... 87 Configuring FortiGate_1.............................................................................. 87 Configuring FortiGate_2.............................................................................. 92 Partially-redundant route-based VPN example............................................. 98 Configuring FortiGate_1.............................................................................. 99 Configuring FortiGate_2............................................................................ 101 Creating a backup IPSec interface............................................................... 104 Transparent mode VPNs ............................................................... 105 Configuration overview................................................................................. 105 Transparent VPN infrastructure requirements ......................................... 108 Before you begin ................................................................................ 108 Configure the VPN peers ............................................................................. 109 FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 5
Page 1 and 2: USER GUIDE FortiGate IPSec VPN Vers
Page 3: Contents Contents Introduction ....
Page 7 and 8: Contents Defining IKE negotiation p
Page 9 and 10: Introduction About FortiGate IPSec
Page 11 and 12: Introduction About this document
Page 13 and 14: Introduction Fortinet documentation
Page 15 and 16: Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18: Configuring IPSec VPNs General prep
Page 19 and 20: Gateway-to-gateway configurations C
Page 21 and 22: Gateway-to-gateway configurations G
Page 29 and 30: Gateway-to-gateway configurations H
Page 31 and 32: Gateway-to-gateway configurations H
Page 33 and 34: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56:
FortiClient dialup-client configura
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
FortiGate dialup-client configurati
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Internet-browsing configuration Con
Page 81 and 82:
Internet-browsing configuration Rou
Page 83 and 84:
Redundant VPN configurations Config
Page 85 and 86:
Redundant VPN configurations Config
Page 87 and 88:
Redundant VPN configurations Redund
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Redundant VPN configurations Partia
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Transparent mode VPNs Configuration
Page 107 and 108:
Transparent mode VPNs Configuration
Page 109 and 110:
Transparent mode VPNs Configure the
Page 111 and 112:
Manual-key configurations Configura
Page 113 and 114:
Manual-key configurations Specify t
Page 115 and 116:
IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118:
IPv6 IPSec VPNs Site-to-site IPv6 o
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Auto Key phase 1 parameters Overvie
Page 129 and 130:
Auto Key phase 1 parameters Authent
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Auto Key phase 1 parameters Definin
Page 139 and 140:
Auto Key phase 1 parameters Definin
Page 141 and 142:
Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

Create successful ePaper yourself

Delete template?

Save as template?