VPN

IPSec configuration procedures

 

 

2In the Address Name field, type a name that represents the local network, server(s), or host(s) from which IP packets may originate on the private network behind the local FortiGate unit.

3In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for example, 172.16.5.0/24 for a subnet, or 172.16.5.1/32 for a server or host) or IP address range (for example, 192.168.10.[80-100]).

4Select OK.

To define an IP destination address

1Go to Firewall > Address and select Create New.

2In the Address Name field, type a name that represents the remote network, server(s), or host(s) to which IP packets may be delivered.

3In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for example, 192.168.20.0/24 for a subnet, or 192.168.20.2/32 for a server or host), or IP address range (for example, 192.168.20.[10-25]).

4Select OK.

To define the firewall encryption policy

1Go to Firewall > Policy and select Create New.

2Include appropriate entries as follows:

Interface/Zone

Source

 

Select the local interface to the internal (private) network.

 

Destination

 

Select the local interface to the external (public) network.

Address Name

Source

 

Select the name that corresponds to the local network, server(s), or

 

host(s) from which IP packets may originate.

 

Destination

 

Select the name that corresponds to the remote network, server(s), or

 

host(s) to which IP packets may be delivered. The name may correspond

 

to a VIP-address range for dialup clients.

Schedule

Keep the default setting (always) unless changes are needed to meet

 

specific requirements.

Service

Keep the default setting (ANY) unless changes are needed to meet your

 

specific requirements.

Action

Select ENCRYPT.

VPN Tunnel

Select the name of the phase 2 tunnel configuration to which this policy

 

will apply.

 

Select Allow inbound if traffic from the remote network will be allowed to

 

initiate the tunnel.

 

Select Allow outbound if traffic from the local network will be allowed to

 

initiate the tunnel.

 

Select Inbound NAT to translate the source IP addresses of inbound

 

decrypted packets into the IP address of the FortiGate internal interface.

 

Select Outbound NAT to translate the source address of outbound

 

encrypted packets into the IP address of the FortiGate public interface.

FortiGate-100A Administration Guide

01-28007-0068-20041203

267

Page 267
Image 267
Fortinet 100A manual 267, To define an IP destination address, To define the firewall encryption policy, Interface/Zone

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.