配置加密策略

IPSec VPN

 

 

4 单击确定。

在本地证书列表中将显示签名的本地证书,其状态为 OK。

获得一个 CA 证书

VPN 双方为了让对方认证自己,必须从同一个证书授权获得 CA 证书。CA 认证为

VPN 双方提供了坚定他们从其他设备中收到的数字证书是否有效的方法。

FortiGate 设备为了验证它从远程 VPN 端点获得的数字证书而获取 CA 证书。远程

VPN 端点为了验证它从 FortiGate 设备收到的数字证书而获取 CA 证书。

注意:CA 证书遵循 X.509 标准。

领取一个 CA 证书

连接到 CA 网页服务器并将 CA 证书下载到管理员电脑。 按以下操作恢复 CA 证书:

1 连接到 CA 网页服务器。

2 跟随 CA 网页服务器的指示下载 CA 证书。 将显示文件下载对话框。

3 单击保存。

4 在管理员电脑的一个目录中保存 CA 证书。

导入一个 CA 证书

从管理员电脑将一个 CA 证书导入到 FortiGate 设备。 按以下步骤导入 CA 证书:

1 进入 VPN > CA 证书。

2 单击导入。

3 输入路径或浏览以在管理员电脑中定位 CA 证书。

4 单击确定。

现在 CA 证书将显示在 CA 证书列表中。

配置加密策略

VPN 将本地的内部网络连接到远程的外部网络。加密策略的主要角色是定义 (和限 制)这些网络上的哪些地址可以使用这个 VPN。

一个 VPN 只需要一个加密策略,它可以同时控制向内和向外的连接。根据您对加密 策略所做的配置,它可以控制您的内部网络中的用户是否可以建立到远程网络的通道 (向外连接),以及远程网络中的用户是否可以建立一个通道以连接到您的内部网络 (向内连接)。这种灵活性使得一个加密策略就可以完成两个常规的防火墙策略的工 作。

194

美国飞塔有限公司

Page 206
Image 206
Fortinet 500 manual 配置加密策略, 获得一个 Ca 证书, 领取一个 Ca 证书, 导入一个 Ca 证书, 194

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.