|
|
|
New features and changes | VPN |
VPN
The VPN menu contains the following menus:
•IPSec
•SSL
•Certificates
The VPN menu has several significant changes for FortiOS 3.0. Configuration of
VPNs has also significantly changed. It is recommended you read the Release
Notes FortiOS 3.0MR1 to review known issues and changes for configuring
VPNs.
Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade.
Note: The CLI command
IPSec
The IPSec menu has changed to reflect the way you configure VPNs. Phase 1 and Phase 2 tabs are merged with the new AutoKey (IKE) tab. The Ping Generator tab is now available in the CLI. See the FortiGate CLI Reference for more information.
SSL
The SSL menu is new for FortiOS 3.0. There are two tabs, Config and Monitor where you can configure SSL VPNs and monitor
The Secure Socket Layer uses a cryptographic system that uses two keys to encrypt data, a public key and private key.
If you require SSL version 2 encryption for compatibility with older browsers, you can enable this protocol through the CLI, in the VPN chapter. See the FortiGate CLI Reference for more information on SSL. Also, you can enable the use of digital certificates for authenticating remote clients.
Certificates
The Certificates menu has a new tab, Certificate Revocation List (CRL). The FortiGate unit uses CRLs to ensure certificates belonging to CAs and remote clients are valid.
From the CRL tab you can also import these types of certificates. It is important to periodically retrieve certificate revocation lists from CA web sites to ensure clients that have revoked certificates cannot establish a connection with the FortiGate unit.
Note: After downloading a CRL from a CA web site, save the CRL on a computer that has management access to the FortiGate unit.
Upgrade Guide for FortiOS v3.0 | 23 |