IPSec VPN

手工密钥 IPSec VPN

 

 

本地和远端的加密和认证密钥必须匹配;并且彼此的 SPI 值也必须互为镜像。当您 输入了这些值之后,无须再协商认证和加密算法即可发起 VPN 通道。只要您正确、完 整地输入了所有的值,双方之间即可建立通道。实质上通道一直存在于双方之间。结 果是当被一个策略所匹配的通讯请求通道时,它可以立刻被认证和加密。

·手工密钥 VPN 的一般配置步骤

·添加一个手工密钥 VPN 通道

手工密钥 VPN 的一配置步骤

一个手工密钥 VPN 的配置由手工密钥通道、通道两端的源和目的地址、以及用于控 制对这个 VPN 通道访问的加密策略组成。

按以下步骤创建手工密钥 VPN 配置:

1 添加一个手工密钥 VPN 通道。请见 第 183 页 添加一个手工密钥 VPN 通道

2 配置一个包含了这个通道、通道两端的源地址和目的地址的加密策略。请见 第 194 页 配置加密策略

添加一个手工密钥 VPN 通道

配置手工密钥通道可以在 FortiGate 和同样使用手工密钥的远程 IPSec VPN 客户或 网关之间建立 IPSec VPN 通道。

按照以下步骤添加一个手工密钥 VPN 通道:

1 进入 VPN > IPSec > 手工密钥

2 单击新建以添加一个新的手工密钥 VPN 通道。

3 输入 VPN 通道名称。

这个名称可以含有数字 (0-9),大写和小写字母 (A-Z,a-z),以及特殊字符 - 和 _。不能使用其它特殊字符或者空格符。

4 输入本地 SPI。

本地安全参数索引是一个不多于八位的十六进制数 (数字 0 到 9, 字母 a 到 f)。这个 十六进制数必须添加到通道另一端的远程 SPI 中。本地 SPI 的取值范围是 bb8 到

FFFFFFF。

5 输入远程安全参数索引。

远程安全参数索引是一个不多于八位的一个十六进制数 (数字 0 到 9, 字母 a 到 f)。 这个十六进制数必须添加到通道另一端的本地 SPI 中。远程 SPI 的取值范围是 bb8 到

FFFFFFF。

6 输入远程网关。

这是通道另一端的 FortiGate 或者 IPSec 网关的外部 IP 地址。

7 从列表中选择一个算法。

在通道的两端选择相同的算法。

8 输入加密密钥。

每两个字符的组合表示十六进制格式中的一个字节。根据您所指定的加密算法,您可 能需要输入十六进制的加密密钥的多个部分。在通道的两端需要使用相同的加密密钥。

DES 入一个由 16 个字符 (8 节 ) 的十六进制数 (0-9, A-F)

3DES 入一个 48 个字符 (24 节 ) 的十六进制数 (0- 9, A- F)。将数分成三16 个字的部

FortiGate-500 安装和配置指南

183

Page 195
Image 195
Fortinet 500 manual 手工密钥 Vpn 的一般配置步骤, 添加一个手工密钥 Vpn 通道, 183, 进入 VPN IPSec 手工密钥。

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.