Transparent mode | Introduction |
|
|
Transparent mode
Transparent mode provides the same basic firewall protection as NAT mode. Packets received by the FortiGate unit are intelligently forwarded or blocked according to firewall policies. The FortiGate unit can be inserted in your network at any point without the need to make changes to your network or any of its components. However, VPN and some advanced firewall features are only available in NAT/Route mode.
Network intrusion detection
The FortiGate Network Intrusion Detection System (NIDS) is a
NIDS prevention detects and prevents many common denial of service and packet- based attacks. You can enable and disable prevention attack signatures and customize attack signature thresholds and other parameters.
To notify system administrators of the attack, the NIDS records the attack and any suspicious traffic to the attack log and can be configured to send alert emails.
Fortinet updates NIDS attack definitions periodically. You can download and install updated attack definitions manually, or you can configure the FortiGate to automatically check for and download attack definition updates.
VPN
Using FortiGate virtual private networking (VPN), you can provide a secure connection between widely separated office networks or securely link telecommuters or travellers to an office network.
FortiGate VPN features include the following:
•Industry standard and
•IPSec, ESP security in tunnel mode,
•DES, 3DES
•HMAC MD5 and HMAC SHA1 authentication and data integrity,
•AutoIKE key based on
•IPSec VPN using local or CA certificates,
•Manual Keys tunnels,
•
•Aggressive and Main Mode,
•Replay Detection,
•Perfect Forward Secrecy,
•XAuth authentication,
•Dead peer detection.
16 | Fortinet Inc. |
