自动 IKE IPSec VPN

IPSec VPN

 

 

8 输入密钥寿命。

指定在第一阶段密钥的有效期。密钥有效期是在第一阶段加密密钥过期之前以秒为单 位计算的时间。当密钥过期之后,无须中断服务就可以生成一个新的密钥。P1 提议中 的密钥有效期可以从 120 秒到 172800 秒。

9 认证方式可以设置为预置密钥或者 RSA 签名。

·如果您选择了预置密钥,输入一个由 VPN 双方共享的密钥。这个密钥可以包含任何字 符但是长度不能少于 6 个字符。只有网络管理员有权知道这个密钥。要防御密码猜 测攻击,一个好的预置密钥应当包含至少 16 个随机选择的字符。

·如果您选择了 RSA 签名,选择一个由认证中心 (CA)进行数字签名的本地认证。要 为 FortiGate 设备添加一个本地认证,请见 第 190 页 获得签名的本地证 书

10(可选的)输入 FortiGate 设备的本地 ID。

只有当 FortiGate 设备作为客户并用它的本地 ID 对 VPN 远端认证它自己的时候,才需 要输入本地 ID。(如果您没有添加本地 ID,FortiGate 设备将发送它的 IP 地址。)

只能在预置密钥和进取模式下配置本地 ID,不要在证书或者主模式下配置本地 ID。

 

配置高级选项

 

 

1

单击高级选项。

 

 

2

( 可选的)选择对等选项。

 

 

选择对等选项可以使用远程 VPN 端点在第一阶段发送的 ID 对它们进行认证。

 

接受任何端点 ID

 

选择接受任何端点 ID ( 从而不认证远程 VPN 端点的 ID)。

 

接受这个端点 ID

 

选择使用一个共享的用户名 (ID)和密码 (预置密钥)认证

 

 

 

指定的 VPN 端点或一组 VPN 端点。同时还需要输入端点 ID。

 

接受拨号组的端点 ID

选择使用一的用户名 (ID)和密码 (预置密钥)认证每一

 

 

 

个远程 VPN 端点。还需要选择一个拨号组 (用户组)。

 

 

 

在配置这一选项之前先配置这个用户组。

3

(可选的)配置 XAuth。

 

 

XAuth (IKE 扩展认证 ) 在用户层认证 VPN 双方。如果 FortiGate 设备 (本地 VPN 端

 

点)被配置为一个 XAuth 服务器,它将通过在用户组中查询来验证远程 VPN 端点。包

 

含在用户组中的这个用户可以是 FortiGate 设备中配置的本地用户,或者远程的 LDAP

 

或 RADIUS 服务器中的用户。如果 FortiGate 设备被配置为 XAuth 客户端,当它被查询

 

的时候将提供一个用户名和密码。

 

 

 

XAuth: 作为客户端

 

名称

输入本地 VPN 端点用于对远程 VPN 端点认证它自的用户名。

 

密码

输入本地 VPN 端点用于对远程 VPN 端点认证它自的密码。

XAuth: 作为服务器

186

美国飞塔有限公司

Page 198
Image 198
Fortinet 500 manual 186, 配置高级选项

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.