Fortinet FortiGate 50A User Manual Page 195
- Page / 272
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
IPSec VPN Configuring encrypt policies
FortiGate-50A Installation and Configuration Guide 195
4 Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the remote VPN peer.
5 Select OK to save the destination address.
Adding an encrypt policy
To add an encrypt policy
1 Go to Firewall > Policy.
2 Select the Int->Ext policy list.
3 Select New to add a new policy.
4 Set Source to the source address.
5 Set Destination to the destination address.
6 Set Service to control the services allowed over the VPN connection.
You can select ANY to allow all supported services over the VPN connection or select
a specific service or service group to limit the services allowed over the VPN
connection.
7 Set Action to ENCRYPT.
8 Configure the ENCRYPT parameters.
For information about configuring the remaining policy settings, see “Adding firewall
policies” on page 140.
9 Select OK to save the encrypt policy.
VPN Tunnel Select an Auto Key tunnel for this encrypt policy.
Allow inbound Select Allow inbound to enable inbound users to connect to the source
address.
Allow outbound Select Allow outbound to enable outbound users to connect to the
destination address.
Inbound NAT The FortiGate unit translates the source address of incoming packets to the
IP address of the FortiGate interface connected to the source address
network. Typically, this is an internal interface of the FortiGate unit.
Inbound NAT makes it impossible for local hosts to see the IP addresses of
remote hosts (hosts located on the network behind the remote VPN
gateway).
Outbound NAT The FortiGate unit translates the source address of outgoing packets to the
IP address of the FortiGate interface connected to the destination address
network. Typically, this is an external interface of the FortiGate unit.
Outbound NAT makes it impossible for remote hosts to see the IP
addresses of local hosts (hosts located on the network behind the local VPN
gateway).
If Outbound NAT is implemented, it is subject to these limitations:
Configure Outbound NAT only at one end of the tunnel.
The end that does not implement Outbound NAT requires an internal to
external policy that specifies the remote external interface as the
Destination (usually a public IP address).
The tunnel, and the traffic within the tunnel, can only be initiated at the end
that implements Outbound NAT.
- Installation and 1
- Configuration Guide 1
- Table of Contents 3
- 4 Fortinet Inc 4
- 6 Fortinet Inc 6
- 8 Fortinet Inc 8
- 10 Fortinet Inc 10
- Contents 11
- 12 Fortinet Inc 12
- Introduction 13
- Document conventions 14
- Fortinet documentation 15
- 16 Fortinet Inc 16
- Getting started 17
- Package contents 18
- Mounting 18
- Powering on 19
- 20 Fortinet Inc 20
- 22 Fortinet Inc 22
- 24 Fortinet Inc 24
- Strict content profile 25
- 26 Fortinet Inc 26
- Scan content profile 26
- Web content profile 26
- Unfiltered content profile 27
- NAT/Route mode 27
- 28 Fortinet Inc 28
- Transparent mode 28
- Configuration options 28
- Setup wizard 28
- 30 Fortinet Inc 30
- Next steps 31
- 32 Fortinet Inc 32
- NAT/Route mode installation 33
- 34 Fortinet Inc 34
- Using the setup wizard 35
- 36 Fortinet Inc 36
- FortiGate-50A 37
- Configuring your networks 38
- Completing the configuration 38
- 40 Fortinet Inc 40
- Transparent mode installation 41
- Changing to Transparent mode 43
- 46 Fortinet Inc 46
- General configuration steps 47
- 48 Fortinet Inc 48
- CLI configuration steps 48
- 50 Fortinet Inc 50
- 52 Fortinet Inc 52
- System status 53
- 54 Fortinet Inc 54
- 56 Fortinet Inc 56
- 58 Fortinet Inc 58
- 60 Fortinet Inc 60
- 62 Fortinet Inc 62
- Backing up system settings 64
- Restoring system settings 64
- Changing to NAT/Route mode 66
- Restarting the FortiGate unit 66
- 68 Fortinet Inc 68
- System status System status 69
- Session list 70
- 72 Fortinet Inc 72
- 74 Fortinet Inc 74
- Scheduling updates 76
- Adding an override server 77
- Enabling push updates 78
- 80 Fortinet Inc 80
- 82 Fortinet Inc 82
- Registering FortiGate units 83
- 84 Fortinet Inc 84
- FortiCare Service Contracts 84
- 86 Fortinet Inc 86
- 88 Fortinet Inc 88
- 90 Fortinet Inc 90
- 92 Fortinet Inc 92
- Network configuration 93
- 94 Fortinet Inc 94
- Viewing the interface list 94
- 96 Fortinet Inc 96
- 98 Fortinet Inc 98
- Configuring routing 100
- 102 Fortinet Inc 102
- Configuring the routing table 102
- Policy routing 103
- Configuring DHCP services 104
- Configuring a DHCP server 105
- 106 Fortinet Inc 106
- 108 Fortinet Inc 108
- Configuring modem settings 108
- Disconnecting the modem 109
- 110 Fortinet Inc 110
- Viewing modem status 110
- Backup mode configuration 110
- Standalone mode configuration 110
- 112 Fortinet Inc 112
- RIP configuration 113
- 114 Fortinet Inc 114
- 116 Fortinet Inc 116
- Adding RIP filters 117
- 118 Fortinet Inc 118
- 120 Fortinet Inc 120
- System configuration 121
- Changing system options 122
- 124 Fortinet Inc 124
- Configuring SNMP 125
- 126 Fortinet Inc 126
- 4 Select Apply 127
- 128 Fortinet Inc 128
- FortiGate MIBs 128
- FortiGate traps 129
- General FortiGate traps 129
- System traps 129
- Firewall configuration 131
- Replacement messages 133
- 134 Fortinet Inc 134
- Customizing alert emails 134
- NIDS event 135
- Virus alert 135
- Block alert 135
- 136 Fortinet Inc 136
- 138 Fortinet Inc 138
- Addresses 138
- Services 139
- Schedules 139
- Content profiles 139
- Adding firewall policies 140
- 142 Fortinet Inc 142
- VPN Tunnel 142
- Traffic Shaping 142
- Authentication 143
- Anti-Virus & Web filter 143
- Configuring policy lists 144
- Policy matching in detail 145
- Adding addresses 147
- 148 Fortinet Inc 148
- Editing addresses 148
- Deleting addresses 148
- 150 Fortinet Inc 150
- 152 Fortinet Inc 152
- Adding custom ICMP services 153
- Adding custom IP services 153
- Grouping services 153
- Creating one-time schedules 155
- Creating recurring schedules 155
- 156 Fortinet Inc 156
- Adding schedules to policies 156
- Virtual IPs 157
- 158 Fortinet Inc 158
- Adding static NAT virtual IPs 158
- 160 Fortinet Inc 160
- IP pools 161
- 162 Fortinet Inc 162
- Adding an IP pool 162
- IP pools and dynamic NAT 162
- IP/MAC binding 163
- 164 Fortinet Inc 164
- Adding IP/MAC addresses 165
- Enabling IP/MAC binding 165
- Default content profiles 167
- Adding content profiles 167
- 168 Fortinet Inc 168
- 170 Fortinet Inc 170
- Users and authentication 171
- 172 Fortinet Inc 172
- Configuring RADIUS support 174
- Configuring LDAP support 175
- 176 Fortinet Inc 176
- Deleting LDAP servers 176
- Configuring user groups 177
- 178 Fortinet Inc 178
- Deleting user groups 178
- IPSec VPN 179
- Key management 180
- Manual key IPSec VPNs 181
- AutoIKE IPSec VPNs 182
- IPSec VPN AutoIKE IPSec VPNs 183
- 184 Fortinet Inc 184
- Configuring advanced options 185
- 186 Fortinet Inc 186
- 188 Fortinet Inc 188
- Managing digital certificates 190
- 6 Configure the key 191
- 192 Fortinet Inc 192
- Obtaining CA certificates 192
- Configuring encrypt policies 193
- 194 Fortinet Inc 194
- Adding a source address 194
- Adding a destination address 194
- Adding an encrypt policy 195
- IPSec VPN concentrators 196
- 198 Fortinet Inc 198
- Adding a VPN concentrator 198
- 200 Fortinet Inc 200
- Viewing VPN tunnel status 201
- 202 Fortinet Inc 202
- Testing a VPN 202
- PPTP and L2TP VPN 203
- 204 Fortinet Inc 204
- 206 Fortinet Inc 206
- 208 Fortinet Inc 208
- Configuring L2TP 209
- 210 Fortinet Inc 210
- 212 Fortinet Inc 212
- 214 Fortinet Inc 214
- Detecting attacks 215
- 216 Fortinet Inc 216
- Viewing the signature list 217
- Viewing attack descriptions 217
- 218 Fortinet Inc 218
- Preventing attacks 220
- Logging attacks 222
- Manual message reduction 223
- 224 Fortinet Inc 224
- Antivirus protection 225
- Antivirus scanning 226
- File blocking 227
- 228 Fortinet Inc 228
- Viewing the virus list 229
- 230 Fortinet Inc 230
- Web filtering 231
- Content blocking 232
- Clearing the Banned Word list 233
- 234 Fortinet Inc 234
- URL blocking 235
- 236 Fortinet Inc 236
- Uploading a URL block list 236
- 238 Fortinet Inc 238
- Adding a Cerberian user 238
- Script filtering 240
- Exempt URL list 241
- 242 Fortinet Inc 242
- Uploading a URL Exempt List 242
- 244 Fortinet Inc 244
- Email filter 245
- Email banned word list 246
- Email block list 248
- Email exempt list 249
- Adding a subject tag 250
- Logging and reporting 251
- 252 Fortinet Inc 252
- Filtering log messages 253
- Configuring traffic logging 254
- Enabling traffic logging 255
- 256 Fortinet Inc 256
- Adding traffic filter entries 256
- Configuring alert email 257
- 258 Fortinet Inc 258
- Testing alert email 258
- Enabling alert email 258
- Glossary 259
- 260 Fortinet Inc 260
- Glossary 261
- 262 Fortinet Inc 262
- 264 Fortinet Inc 264
- 266 Fortinet Inc 266
- 268 Fortinet Inc 268
- 270 Fortinet Inc 270
- 272 Fortinet Inc 272
Related products and manuals for Hardware Fortinet FortiGate 50A
Hardware Fortinet FortiGate 620B User Manual
(62 pages)
(62 pages)
Hardware Fortinet FortiGate 100 User Manual
(272 pages)
(272 pages)
Hardware Fortinet FortiGate 5020 User Manual
(14 pages)
(14 pages)
Hardware Fortinet FortiLog-400 User Manual
(124 pages)
(124 pages)
© 2020, manymanuals.com. All rights reserved. | 0.316 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals