Phase 1 advanced settings

VPN

 

 

DH Group

Select one or more Diffie-Hellman groups from DH group 1, 2, and 5.

 

When using aggressive mode, DH groups cannot be negotiated.

 

If both VPN peers have static IP addresses and use aggressive mode,

 

select a single DH group. The setting on the FortiGate unit must be

 

identical to the setting on the remote peer or client.

 

When the VPN peer or client has a dynamic IP address and uses

 

aggressive mode, select up to three DH groups on the FortiGate unit and

 

one DH group on the remote peer or dialup client. The setting on the

 

remote peer or client must be identical to one of the selections on the

 

FortiGate unit.

 

If the VPN peer or client employs main mode, you can select multiple DH

 

groups. At least one of the settings on the remote peer or client must be

 

identical to the selections on the FortiGate unit.

Keylife

Type the amount of time (in seconds) that will be allowed to pass before the

 

IKE encryption key expires. When the key expires, a new key is generated

 

without interrupting service. The keylife can be from 120 to 172800 seconds.

Local ID

If you are using peer IDs for authentication, enter the peer ID that the local

 

FortiGate unit will use to authenticate itself to remote VPN peers.

 

If you are using certificates for authentication, select the distinguished name

 

(DN) of the local certificate.

XAuth

If you select Enable as Client, type the user name and password that the

 

FortiGate unit will need to authenticate itself to the remote peer.

 

To select Enable as Server, you must first create user groups to identify the

 

remote peers and dialup clients that need access to the network behind the

 

FortiGate unit. You must also configure the FortiGate unit to forward

 

authentication requests to an external RADIUS or LDAP authentication

 

server. For information about these topics, see the “Users and Authentication”

 

chapter of the FortiGate Administration Guide. Select a Server Type setting to

 

determine the type of encryption method to use between the FortiGate unit,

 

the XAuth client and the external authentication server, and then select the

 

user group from the User Group list.

Nat-traversal

Enable this option if a NAT device exists between the local FortiGate unit and

 

the VPN peer or client. The local FortiGate unit and the VPN peer or client

 

must have the same NAT traversal setting (both selected or both cleared).

Keepalive

Frequency

Dead Peer

Detection

If you enabled NAT traversal, enter a keepalive frequency setting. The value represents an interval from 0 to 900 seconds.

Enable this option to reestablish VPN tunnels on idle connections and clean up dead IKE peers if required.

Phase 2

You configure phase 2 settings to specify the parameters for creating and maintaining a VPN tunnel between the FortiGate unit and the remote peer or client. In most cases, you only need to configure the basic phase 2 settings.

To configure phase 2 settings

1 Go to VPN > IPSEC > Phase 2.

250

01-28007-0068-20041203

Fortinet Inc.

Page 250
Image 250
Fortinet 100A manual 250, To configure phase 2 settings Go to VPN Ipsec Phase

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.