IPSec VPN

自动 IKE IPSec VPN

 

 

为自动 IKE VPN 添加第一阶段配置

当您添加第一阶段配置的时候,您需要定义 FortiGate 设备和 VPN 远端 (网关或 客户)用于此认证以建立 IPSec VPN 通道的有关条件。

第一阶段配置和第二阶段配置此相关。在第一阶段中 VPN 的两端是经过认证的, 在第二阶段则建立了通道。您可以选择使用相同的第一阶段参数建立多个通道。换 话说,同一个远程 VPN 端点 (网关或客户)可以有多个连接到本地 VPN 端点

(FortiGate 设备)的多个通道。

当 FortiGate 设备收到一个 IPSec VPN 连接请求时,它先根据第一阶段参数认证 VPN 端点。然后,它根据请求的源地址和目的地址发一个 IPSec VPN 通道和应用加密 策略。

按以下步骤添加第一阶段配置:

1 进入 VPN > IPSEC > 第一段。

2 单击新建以添加新的第一阶段配置。

3 输入远程 VPN 端点的网关名称。

远端 VPN 端点可以是另一个网络的网关或者互联网上的一个独立的客户。

这个名称可以含有数字 (0-9),大写和小写字(A-Z,a-z),以及特字符 - 和 _。不能使用其它特字符或者格符。

4 选择远程网关地址类型。

·如果远程 VPN 端点有静态 IP 地址,选择静态 IP 地址。

·如果远程 VPN 端点使用动态 IP 地址 (DHCP 或 PPPoE),或者远程 VPN 端点有一个无 须端点识别处理的静态地址,选择拨号用户。

根据您所选择的远程网关地址类型,可能还要写其他栏目。

 

远程网关:静态 IP 地址

IP 地址

如果您选择了静态 IP 地址,将出现地址栏。输入连接到 FortiGate 设备的

 

远程 IPSec VPN 网关或者客户的 IP 地址。这个内容是须输入的。

 

远程网关:拨号用户

端点选项

如果您选择了拨号用户,在高级选项中将出现端点选项。可以使用端点选项

 

在第一阶段协商中认证远程 VPN 的 ID。详细信息请见步骤 2

5 选择进取模式或主模式 (ID 保护)。

当使用进取模式时,VPN 方使用明文交换识别信息。当使用主模式时,识别信息是隐 藏的。

VPN 须使用同一模式。

6 配置 P1 提议。

最多可以为第一阶段的提议选择三个加密算法和认证算法。 VPN 通道的两端须使用相同的 P1 阶段提议设置。

7 选择 DH 组。

选择一个或多个 Diffie-Hellman 组用于 IPSec VPN 连接的第一阶段中的提议。 一般来说,VPN 方应当使用相同的 DH 组设置。

FortiGate-500 安装和配置指南

185

Page 197
Image 197
Fortinet 500 manual 为自动 Ike Vpn 添加第一阶段配置, 185, 按以下步骤添加第一阶段配置:, 进入 VPN Ipsec 第一阶段。

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.