ipsec vip

VPN

 

 

ipsec phase2 command keywords and variables (Continued)

Keywords and variables

Description

Default

Availability

selector { policy

Enter the method for choosing

policy

All models.

wildcard specify}

selectors for IKE negotiations:

 

 

 

• Select policy to choose a selector

 

 

 

from a firewall encryption policy. The

 

 

 

VPN tunnel referenced in the firewall

 

 

 

encryption policy will be referenced.

 

 

 

• Select wildcard to disable selector

 

 

 

negotiation for this tunnel. Use this

 

 

 

option to avoid negotiation errors

 

 

 

(such as invalid ID Information) that

 

 

 

may occur during quick mode when

 

 

 

the set of policies between the peers

 

 

 

is not symmetric.

 

 

 

• Select specify to specify the

 

 

 

firewall encryption policy source and

 

 

 

destination IP addresses, ports, and

 

 

 

IP protocol to use for selector

 

 

 

negotiation. When you choose

 

 

 

specify, you must also enter

 

 

 

values for the srcaddr, dstaddr,

 

 

 

protocol, srcport, and dstport

 

 

 

keywords.

 

 

single-source

Enable or disable all dialup clients to

disable

All models.

{disable enable}

connect using the same phase 2

 

 

 

tunnel definition.

 

 

srcaddr <name_str>

Enter the name of the firewall source

No

All models.

 

IP address that corresponds to the

default.

selector

 

local sender or network behind the

 

must be set

 

local VPN peer. You must create the

 

to

 

firewall address before you can select

 

specify.

 

it here. For more information, see

 

 

“Adding firewall policies for IPSec VPN

 

 

 

tunnels” on page 266.

 

 

srcport

Enter the port number that the local

No

All models.

<port_integer>

VPN peer uses to transport traffic

default.

selector

 

related to the specified service (see

 

must be set

 

protocol). The srcport range is 1

 

to

 

to 65535. To specify all ports, type 0.

 

.

 

 

 

specify

ipsec vip

A FortiGate unit can act as a proxy by answering ARP requests locally and forwarding the associated traffic to the intended destination host over an IPSec VPN tunnel. The feature is intended to enable IPSec VPN communications between two hosts that coordinate the same private address space on physically separate networks. The IP addresses of both the source host and the destination host must be unique. The ipsec vip command lets you specify the IP addresses that can be accessed at the remote end of the VPN tunnel. You must configure IPSec virtual IP (VIP) addresses at both ends of the IPSec VPN tunnel.

Adding an IPSec VIP entry to the VIP table enables a FortiGate unit to respond to ARP requests destined for remote servers and route traffic to the intended destinations automatically. Each IPSec VIP entry is identified by an integer. An entry identifies the name of the FortiGate interface to the destination network, and the IP address of a destination host on the destination network. Specify an IP address for every host that needs to be accessed on the other side of the tunnel—you can define a maximum of 32 IPSec VIP addresses on the same interface.

272

01-28007-0068-20041203

Fortinet Inc.

Page 271 Page 273
Page 272
Image 272
Fortinet 100A manual Ipsec vip, 272, Local sender or network behind
Page 271 Page 273

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.
Top Page Image Contents