PPTP L2TP VPN

L2TP VPN 配置

 

 

4 目的地址 一栏,输入您要连接的 FortiGate 的地址,单击 下一步

5 将连接设置为 可以使用连接,单击 下一步

6 单击 完成

7 在连接口,单击

8 选择 安全 属性页。

9 确定 需要数据加密 已经被选中了。

注意:如果使用 RADIUS 服务器做认证,不要选择需要数据加密。 RADIUS 服务器认证不支持 L2TP 加密。

10选择 网络 属性页。

11将 VPN 服务器类型设置为第二层隧道协议 (L2TP)。

12保存您所做的修改,继续以下操作。

用 IPSec

1 选择 网络 属性页。

2 选择互联网协议 (TCP/IP) 属性。

3 双击 高级 属性页。

4 进入选项 页,选择 IP 安全 属性。

5 确认 不使用 IPSec 被选中了。

6 单击 关闭连接属性口。

注意:缺省的 Windows2000L2TP 传输策略不允许 L2TP 传输不使用 IPSec 加密。您可以通过修改 Windows2000 注册表来禁用缺省的行为。具体方法在下面步骤中讨论。在修改 Windows 注册表之 前请详细查阅 Windows 文档。

7 使用注册表编辑器 (regedit) 在注册表中定位以下主键: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\ Parameters

8 为这个键添加以下键值: Value Name: ProhibitIpSec Data Type: REG_DWORD Value: 1

9 保存您所做的修改,重新启动电脑以使改动生效。

您必须添加 ProhibitIpSec 注册表键值到每个要使用 L2TP 和 IPSec 的运行 Windows2000 操作系统的电脑。以防止 L2TP 或 IPSec 连接在启动时起用自动过滤功 能。当 ProhibitIpSec 注册键值被设置为 1 的时候,您的 Windows2000 电脑不生成使 用 CA 认证的自动过滤器,取而代之的是,它检查本地或者活动目录上的 IPSec 策略。

连接到 L2TP VPN

1 启动您在前面步骤中创建的拨号连接。

2 输入您的 L2TP 用户名和密码。

3 单击 连接

FortiGate-500 安装和配置指南

215

Page 227
Image 227
Fortinet 500 manual 禁用 IPSec, 连接到 L2TP VPN, 215, 将连接设置为 只有我自己可以使用此连接,单击 下一步。 单击 完成。, 进入选项 页,选择 IP 安全 属性。 确认 不使用 IPSec 被选中了。

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.