Manuals / Fortinet / Computer Equipment / Network Card

Fortinet FortiOS 3.0 manual IPSec SSL Certificates

Models: FortiOS 3.0

1 46

Download 46 pages 41.24 Kb

Page 23

•IPSec


New features and changes	VPN

VPN

The VPN menu contains the following menus:

•IPSec

•SSL

•Certificates

The VPN menu has several significant changes for FortiOS 3.0. Configuration of

VPNs has also significantly changed. It is recommended you read the Release

Notes FortiOS 3.0MR1 to review known issues and changes for configuring

VPNs.

Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade.

Note: The CLI command auto-negotiatereplaces the Ping generator feature. The auto-negotiateis disabled by default and is available for both IPSec tunnels in the IPSec Phase 2 configuration for both IPSec tunnels.

IPSec

The IPSec menu has changed to reflect the way you configure VPNs. Phase 1 and Phase 2 tabs are merged with the new AutoKey (IKE) tab. The Ping Generator tab is now available in the CLI. See the FortiGate CLI Reference for more information.

SSL

The SSL menu is new for FortiOS 3.0. There are two tabs, Config and Monitor where you can configure SSL VPNs and monitor

The Secure Socket Layer uses a cryptographic system that uses two keys to encrypt data, a public key and private key.

If you require SSL version 2 encryption for compatibility with older browsers, you can enable this protocol through the CLI, in the VPN chapter. See the FortiGate CLI Reference for more information on SSL. Also, you can enable the use of digital certificates for authenticating remote clients.

Certificates

The Certificates menu has a new tab, Certificate Revocation List (CRL). The FortiGate unit uses CRLs to ensure certificates belonging to CAs and remote clients are valid.

From the CRL tab you can also import these types of certificates. It is important to periodically retrieve certificate revocation lists from CA web sites to ensure clients that have revoked certificates cannot establish a connection with the FortiGate unit.

Note: After downloading a CRL from a CA web site, save the CRL on a computer that has management access to the FortiGate unit.

Upgrade Guide for FortiOS v3.0	23
01-30000-0317-20060424

Image 23

Fortinet FortiOS 3.0 manual IPSec SSL Certificates

Contents

U P G R A D E G U I D E Upgrade Guide for FortiOSRegulatory compliance Upgrade Guide for FortiOS 3.0 24 AprilTrademarks Introduction ContentsUpgrade Notes New features and changesAntiSpam formerly Spam Filter Backing up your configurationUpgrading to FortiOS Intrusion Protection formerly IPSReverting to FortiOS v2.80MR11 Backing up your FortiOS 3.0 configurationDowngrading to FortiOS v2.80MR11 using web-based manager Restoring your configuration01-30000-0317-20060424 ContentsUpgrade Guide for FortiOS Document conventions IntroductionAbout this document Typographic conventions FortiGate Installation GuideFortiGate Administration Guide Fortinet documentationFortiGate High Availability User Guide Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentationIntroduction Customer service and technical supportUpgrade Guide for FortiOS 01-30000-0317-20060424Backing up configuration files Setup Wizard FortiLog name change Upgrade NotesBacking up configuration files Setup WizardUpgrade Guide for FortiOS Web-based manager changesFigure 1 LCD main menu settings for NAT/Route mode Figure 2 LCD main menu setting for Transparent modeChanges to the web-based manager Command Line Interface changesSee the “New features and changes” on page 17 for more information Administration GuideOther USB supportSee the Release Notes FortiOS 3.0MR1 for more information 01-30000-0317-20060424 Upgrade Guide for FortiOSUpgrade Notes OtherSystem New features and changesFortiGate Administration Guide FortiGate CLI Reference Status Network Config Admin MaintenanceNetwork ConfigStatus SessionsFigure 4 Backup and Restore page AdminMaintenance Shutdown is now located on System Status System Operation Virtual DomainStatic Dynamic Monitor RouterStatic DynamicMonitor ServicePolicy Address Service Virtual IP Protection Profiles FirewallIPSec SSL Certificates IPSecCertificates LDAP UserLocal RadiusFile Pattern File Pattern Quarantine ConfigAntivirus Intrusion Protection formerly IPSAnomaly Content BlockContent Block URL Filter FortiGuard-Web Filter Web FilterBanned word Black/White list AntiSpam formerly Spam FilterStatistics User IM/P2P newBanned word Black/White listStatistics Log ConfigLog Config Log Access Report Log & ReportReport Log AccessIn-depth SNMP trap changes To upgrade the clusterSNMP MIBs and traps changes Upgrading the HA cluster for FortiOSOptions AdministratorUpgrade Guide for FortiOS SNMP MIBs and traps changesVerifying the upgrade Backing up your configurationBacking up your configuration using the web-based manager Backing up your configuration Upgrading your FortiGate unitTo upgrade to FortiOS 3.0 using the web-based manager Backing up your configuration using the CLIUpgrading using the web-based manager To backup your configuration file using the CLITo upgrade to FortiOS 3.0 using the CLI Upgrading using the CLIVerifying the upgrade Downgrading to FortiOS v2.80MR11 using the CLI Backing up your FortiOS 3.0 configurationBacking up your FortiOS 3.0 configuration Downgrading to FortiOS v2.80MR11 using web-based manager1 Go to System Status Firmware Version Downgrading to FortiOS v2.80MR11 using web-based managerTo downgrade using the web-based manager Verifying the downgradeTo downgrade using the CLI Downgrading to FortiOS v2.80MR11 using the CLITo restore configuration settings using the web-based manager Restoring your configurationRestoring your configuration settings using the web-based manager Restoring your configuration settings using the CLIDo you want to continue? y/n execute restore allconfig namestr tftpipv4 passwrdexecute restore allconfig confall 192.168.1.168 ghrffdt123 All done. RebootingReverting to FortiOS v2.80MR11 Restoring your configurationUpdate Guide for FortiOS 01-30000-0317-20060424Index 01-30000-0317-20060424 Upgrade Guide for FortiOSIndex