New features and changes

VPN

VPN

The VPN menu contains the following menus:

IPSec

SSL

Certificates

The VPN menu has several significant changes for FortiOS 3.0. Configuration of

VPNs has also significantly changed. It is recommended you read the Release

Notes FortiOS 3.0MR1 to review known issues and changes for configuring

VPNs.

Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade.

Note: The CLI command auto-negotiatereplaces the Ping generator feature. The auto-negotiateis disabled by default and is available for both IPSec tunnels in the IPSec Phase 2 configuration for both IPSec tunnels.

IPSec

The IPSec menu has changed to reflect the way you configure VPNs. Phase 1 and Phase 2 tabs are merged with the new AutoKey (IKE) tab. The Ping Generator tab is now available in the CLI. See the FortiGate CLI Reference for more information.

SSL

The SSL menu is new for FortiOS 3.0. There are two tabs, Config and Monitor where you can configure SSL VPNs and monitor

The Secure Socket Layer uses a cryptographic system that uses two keys to encrypt data, a public key and private key.

If you require SSL version 2 encryption for compatibility with older browsers, you can enable this protocol through the CLI, in the VPN chapter. See the FortiGate CLI Reference for more information on SSL. Also, you can enable the use of digital certificates for authenticating remote clients.

Certificates

The Certificates menu has a new tab, Certificate Revocation List (CRL). The FortiGate unit uses CRLs to ensure certificates belonging to CAs and remote clients are valid.

From the CRL tab you can also import these types of certificates. It is important to periodically retrieve certificate revocation lists from CA web sites to ensure clients that have revoked certificates cannot establish a connection with the FortiGate unit.

Note: After downloading a CRL from a CA web site, save the CRL on a computer that has management access to the FortiGate unit.

Upgrade Guide for FortiOS v3.0

23

01-30000-0317-20060424

Page 22 Page 24
Page 23
Image 23
Fortinet FortiOS 3.0 manual IPSec, Certificates
Page 22 Page 24

FortiOS 3.0 specifications

Fortinet FortiOS 3.0 is a robust network operating system designed to provide a comprehensive security solution for enterprise environments. Released as part of Fortinet's commitment to advancing cybersecurity, FortiOS 3.0 integrates several cutting-edge technologies and features to enhance network performance and protection against emerging threats.

One of the main features of FortiOS 3.0 is its advanced threat management capabilities. This includes intrusion prevention systems (IPS), application control, and web filtering, which work in tandem to identify and mitigate risks in real-time. The IPS component utilizes deep packet inspection to analyze traffic patterns and block malicious activity, ensuring that sensitive data remains secure.

Another key characteristic of FortiOS 3.0 is its unified threat management (UTM) approach. By consolidating multiple security functions into a single platform, organizations can simplify their infrastructure, reduce costs, and streamline administration. This consolidation is particularly beneficial for businesses looking to enhance their security posture without overwhelming their IT resources.

FortiOS 3.0 also incorporates advanced VPN capabilities, allowing remote access to secure corporate networks. With support for both IPsec and SSL VPN technologies, users can enjoy secure connections from virtually any location, which is essential in today's increasingly mobile work environment. This flexibility promotes productivity while maintaining stringent security standards.

Additionally, FortiOS 3.0 includes sophisticated logging and reporting features. These provide critical insights into network activity, helping organizations to analyze potential threats and compliance with industry regulations. Customizable alerts and reports empower IT teams to remain vigilant and responsive to any irregularities or breaches in security.

Moreover, FortiOS 3.0 leverages Fortinet's proprietary security processor technology, which accelerates threat processing and reduces latency. This hardware acceleration ensures that even in high-volume traffic situations, security measures do not compromise network speed.

In summary, Fortinet FortiOS 3.0 stands out due to its comprehensive security features, unified threat management capabilities, advanced VPN functionalities, and robust logging and reporting tools. These characteristics make it an ideal solution for organizations seeking to enhance their cybersecurity measures while maintaining operational efficiency. As cyber threats continue to evolve, FortiOS 3.0 equips enterprises with the tools necessary to safeguard their networks effectively.
Top Page Image Contents