Fortinet FortiOS 3.0 manual IPSec, Certificates

Page 23

 

 

 

New features and changes

VPN

VPN

The VPN menu contains the following menus:

IPSec

SSL

Certificates

The VPN menu has several significant changes for FortiOS 3.0. Configuration of

VPNs has also significantly changed. It is recommended you read the Release

Notes FortiOS 3.0MR1 to review known issues and changes for configuring

VPNs.

Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade.

Note: The CLI command auto-negotiatereplaces the Ping generator feature. The auto-negotiateis disabled by default and is available for both IPSec tunnels in the IPSec Phase 2 configuration for both IPSec tunnels.

IPSec

The IPSec menu has changed to reflect the way you configure VPNs. Phase 1 and Phase 2 tabs are merged with the new AutoKey (IKE) tab. The Ping Generator tab is now available in the CLI. See the FortiGate CLI Reference for more information.

SSL

The SSL menu is new for FortiOS 3.0. There are two tabs, Config and Monitor where you can configure SSL VPNs and monitor

The Secure Socket Layer uses a cryptographic system that uses two keys to encrypt data, a public key and private key.

If you require SSL version 2 encryption for compatibility with older browsers, you can enable this protocol through the CLI, in the VPN chapter. See the FortiGate CLI Reference for more information on SSL. Also, you can enable the use of digital certificates for authenticating remote clients.

Certificates

The Certificates menu has a new tab, Certificate Revocation List (CRL). The FortiGate unit uses CRLs to ensure certificates belonging to CAs and remote clients are valid.

From the CRL tab you can also import these types of certificates. It is important to periodically retrieve certificate revocation lists from CA web sites to ensure clients that have revoked certificates cannot establish a connection with the FortiGate unit.

Note: After downloading a CRL from a CA web site, save the CRL on a computer that has management access to the FortiGate unit.

Upgrade Guide for FortiOS v3.0

23

01-30000-0317-20060424

Image 23
Contents G R a D E G U I D E Regulatory compliance TrademarksContents AntiSpam formerly Spam Filter Backing up your configurationUpgrading to FortiOS Intrusion Protection formerly IPSIndex Reverting to FortiOS v2.80MR11Contents Upgrade Guide for FortiOS 01-30000-0317-20060424 Document conventions IntroductionAbout this document Typographic conventions Fortinet documentationComments on Fortinet technical documentation Customer service and technical supportFortinet Knowledge Center Customer service and technical support FortiLog name change Upgrade NotesBacking up configuration files Setup Wizard01-30000-0317-20060424 Web-based manager changesChanges to the web-based manager Command Line Interface changesOther USB supportUpgrade Notes Other Other System New features and changesNetwork ConfigStatus SessionsMaintenance AdminShutdown is now located on System Status System Operation Virtual DomainDynamic RouterStatic Firewall Certificates IPSecWindows AD UserLocal RadiusQuarantine AntivirusIntrusion Protection formerly IPS File PatternWeb Filter Banned word Black/White list AntiSpam formerly Spam FilterBlack/White list IM/P2P newBanned word User Log ConfigLog & Report StatisticsReport Log AccessIn-depth Snmp trap changes To upgrade the clusterSnmp MIBs and traps changes Upgrading the HA cluster for FortiOSOptions Upgrading to FortiOS Backing up your configurationBacking up your configuration using the web-based manager Upgrading your FortiGate unit Backing up your configuration using the CLIUpgrading using the web-based manager To upgrade to FortiOS 3.0 using the CLI Upgrading using the CLIVerifying the upgrade Backing up to a FortiUSB key Backing up your FortiOS 3.0 configurationReverting to FortiOS v2.80MR11 Verifying the downgrade Downgrading to FortiOS v2.80MR11 using web-based managerTo downgrade using the CLI Downgrading to FortiOS v2.80MR11 using the CLITo restore configuration settings using the CLI Restoring your configurationRestoring your configuration settings using the CLI Execute restore allconfig confall 192.168.1.168 ghrffdt123 Restoring your configuration Index 01-30000-0317-20060424

FortiOS 3.0 specifications

Fortinet FortiOS 3.0 is a robust network operating system designed to provide a comprehensive security solution for enterprise environments. Released as part of Fortinet's commitment to advancing cybersecurity, FortiOS 3.0 integrates several cutting-edge technologies and features to enhance network performance and protection against emerging threats.

One of the main features of FortiOS 3.0 is its advanced threat management capabilities. This includes intrusion prevention systems (IPS), application control, and web filtering, which work in tandem to identify and mitigate risks in real-time. The IPS component utilizes deep packet inspection to analyze traffic patterns and block malicious activity, ensuring that sensitive data remains secure.

Another key characteristic of FortiOS 3.0 is its unified threat management (UTM) approach. By consolidating multiple security functions into a single platform, organizations can simplify their infrastructure, reduce costs, and streamline administration. This consolidation is particularly beneficial for businesses looking to enhance their security posture without overwhelming their IT resources.

FortiOS 3.0 also incorporates advanced VPN capabilities, allowing remote access to secure corporate networks. With support for both IPsec and SSL VPN technologies, users can enjoy secure connections from virtually any location, which is essential in today's increasingly mobile work environment. This flexibility promotes productivity while maintaining stringent security standards.

Additionally, FortiOS 3.0 includes sophisticated logging and reporting features. These provide critical insights into network activity, helping organizations to analyze potential threats and compliance with industry regulations. Customizable alerts and reports empower IT teams to remain vigilant and responsive to any irregularities or breaches in security.

Moreover, FortiOS 3.0 leverages Fortinet's proprietary security processor technology, which accelerates threat processing and reduces latency. This hardware acceleration ensures that even in high-volume traffic situations, security measures do not compromise network speed.

In summary, Fortinet FortiOS 3.0 stands out due to its comprehensive security features, unified threat management capabilities, advanced VPN functionalities, and robust logging and reporting tools. These characteristics make it an ideal solution for organizations seeking to enhance their cybersecurity measures while maintaining operational efficiency. As cyber threats continue to evolve, FortiOS 3.0 equips enterprises with the tools necessary to safeguard their networks effectively.