Fortinet FortiGate-800 User Manual Page 245
- Page / 336
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
IPSec VPN Configuring encrypt policies
FortiGate-800 Installation and Configuration Guide 245
Obtaining CA certificates
For the VPN peers to authenticate themselves to each other, they must both obtain a
CA certificate from the same certificate authority. The CA certificate provides the VPN
peers with a means to validate the digital certificates that they receive from other
devices.
The FortiGate unit obtains the CA certificate to validate the digital certificate that it
receives from the remote VPN peer. The remote VPN peer obtains the CA certificate
to validate the digital certificate that it receives from the FortiGate unit.
Importing CA certificates
Import the CA certificate from the management computer to the FortiGate unit.
To import the CA certificate
1 Go to VPN > Certificates > CA Certificates.
2 Select Import.
3 Enter the path or browse to locate the CA certificate on the management computer.
4 Select OK.
The CA is displayed on the CA Certificates list.
The system assigns a unique name to each CA certificate. The names are numbered
consecutively (CA_Cert_1, CA_Cert_2, CA_Cert_3, and so on).
Configuring encrypt policies
A VPN connects the local, internal network to a remote, external network. The
principal role of the encrypt policy is to define (and limit) which addresses on these
networks can use the VPN.
A VPN requires only one encrypt policy to control both inbound and outbound
connections. Depending on how you configure it, the policy controls whether users on
your internal network can establish a tunnel to the remote network (the outbound
connection), and whether users on the remote network can establish a tunnel to your
internal network (the inbound connection). This flexibility allows one encrypt policy to
do the same function as two regular firewall policies.
Although the encrypt policy controls both incoming and outgoing connections, it must
always be configured as an outgoing policy. An outgoing policy has a source address
on an internal network and a destination address on an external network. The source
address identifies the addresses on the internal network that are part of the VPN. The
destination address identifies the addresses on the remote network that are part of the
VPN.
Note: The CA certificate must adhere to the X.509 standard.
- Installation and 1
- Configuration Guide 1
- Table of Contents 3
- 4 Fortinet Inc 4
- 6 Fortinet Inc 6
- 8 Fortinet Inc 8
- 10 Fortinet Inc 10
- Contents 11
- 12 Fortinet Inc 12
- 14 Fortinet Inc 14
- Introduction 15
- Antivirus protection 16
- Web content filtering 16
- Email filtering 17
- Firewall 17
- VLANs and virtual domains 18
- Network intrusion detection 18
- High availability 19
- 20 Fortinet Inc 20
- Web-based manager 20
- Command line interface 21
- Logging and reporting 21
- Document conventions 22
- Fortinet documentation 22
- 24 Fortinet Inc 24
- Getting started 25
- Package contents 26
- Mounting 26
- Powering on 27
- 28 Fortinet Inc 28
- 30 Fortinet Inc 30
- 32 Fortinet Inc 32
- Strict content profile 33
- 34 Fortinet Inc 34
- Scan content profile 34
- Web content profile 35
- Unfiltered content profile 35
- 36 Fortinet Inc 36
- NAT/Route mode 36
- Transparent mode 37
- 38 Fortinet Inc 38
- Configuration options 38
- Setup wizard 38
- Front keypad and LCD 39
- Next steps 40
- NAT/Route mode installation 41
- 42 Fortinet Inc 42
- Using the setup wizard 43
- 44 Fortinet Inc 44
- 46 Fortinet Inc 46
- Configuring your networks 48
- Completing the configuration 49
- 50 Fortinet Inc 50
- 52 Fortinet Inc 52
- Using the CLI 52
- Load sharing 53
- 54 Fortinet Inc 54
- Policy routing examples 55
- 56 Fortinet Inc 56
- Firewall policy example 56
- Adding more firewall policies 56
- 58 Fortinet Inc 58
- Transparent mode installation 59
- 66 Fortinet Inc 66
- General configuration steps 66
- CLI configuration steps 67
- 68 Fortinet Inc 68
- 70 Fortinet Inc 70
- 72 Fortinet Inc 72
- Configuring an HA cluster 74
- 76 Fortinet Inc 76
- Connecting the cluster 76
- Managing an HA cluster 78
- 80 Fortinet Inc 80
- Monitoring cluster members 80
- 82 Fortinet Inc 82
- Viewing cluster sessions 82
- 84 Fortinet Inc 84
- 86 Fortinet Inc 86
- Upgrading firmware 86
- Advanced HA options 87
- 88 Fortinet Inc 88
- NAT/Route mode packet flow 90
- Transparent mode packet flow 91
- 92 Fortinet Inc 92
- 94 Fortinet Inc 94
- 96 Fortinet Inc 96
- 98 Fortinet Inc 98
- 100 Fortinet Inc 100
- 102 Fortinet Inc 102
- 104 Fortinet Inc 104
- 106 Fortinet Inc 106
- Backing up system settings 108
- Restoring system settings 108
- Changing to Transparent mode 109
- Changing to NAT/Route mode 110
- Restarting the FortiGate unit 110
- System status 111
- 112 Fortinet Inc 112
- System status System status 113
- Session list 114
- 116 Fortinet Inc 116
- 118 Fortinet Inc 118
- Scheduling updates 120
- Adding an override server 121
- Enabling push updates 122
- 124 Fortinet Inc 124
- Internet 125
- FortiGate-800 125
- Internal Network 125
- FortiGate-300 125
- NAT Device 125
- 126 Fortinet Inc 126
- Registering FortiGate units 128
- FortiCare Service Contracts 129
- 130 Fortinet Inc 130
- 132 Fortinet Inc 132
- 134 Fortinet Inc 134
- 136 Fortinet Inc 136
- Network configuration 137
- Configuring interfaces 138
- Viewing the interface list 139
- Adding an interface to a zone 139
- 140 Fortinet Inc 140
- 142 Fortinet Inc 142
- 144 Fortinet Inc 144
- VLAN overview 145
- VLANs in NAT/Route mode 146
- Adding VLAN subinterfaces 147
- 148 Fortinet Inc 148
- Virtual domain properties 149
- Configuring a virtual domain 149
- Adding a virtual domain 149
- 150 Fortinet Inc 150
- 152 Fortinet Inc 152
- Configuring routing 153
- 154 Fortinet Inc 154
- Adding a default route 154
- 156 Fortinet Inc 156
- Configuring the routing table 156
- Policy routing 156
- Configuring DHCP services 157
- 158 Fortinet Inc 158
- Configuring a DHCP server 158
- 160 Fortinet Inc 160
- RIP configuration 161
- 162 Fortinet Inc 162
- 164 Fortinet Inc 164
- Adding RIP filters 165
- 166 Fortinet Inc 166
- 168 Fortinet Inc 168
- System configuration 169
- Changing system options 170
- 172 Fortinet Inc 172
- Configuring SNMP 173
- 174 Fortinet Inc 174
- 4 Select Apply 175
- 176 Fortinet Inc 176
- FortiGate MIBs 176
- FortiGate traps 177
- General FortiGate traps 177
- System traps 177
- 178 Fortinet Inc 178
- VPN traps 178
- NIDS traps 178
- Antivirus traps 178
- Logging traps 178
- Fortinet MIB fields 179
- Firewall configuration 179
- Replacement messages 181
- 182 Fortinet Inc 182
- Customizing alert emails 183
- 184 Fortinet Inc 184
- 186 Fortinet Inc 186
- Interfaces 187
- VLAN subinterfaces 187
- 188 Fortinet Inc 188
- Addresses 188
- Services 188
- Schedules 188
- Adding firewall policies 189
- 190 Fortinet Inc 190
- Firewall policy options 190
- Destination 191
- Schedule 191
- 192 Fortinet Inc 192
- VPN Tunnel 192
- Traffic Shaping 192
- Authentication 193
- Anti-Virus & Web filter 193
- 194 Fortinet Inc 194
- Log Traffic 194
- Comments 194
- Configuring policy lists 195
- 196 Fortinet Inc 196
- Disabling policies 196
- Enabling policies 196
- 198 Fortinet Inc 198
- Editing addresses 198
- Deleting addresses 199
- 202 Fortinet Inc 202
- 204 Fortinet Inc 204
- Adding custom ICMP services 204
- Adding custom IP services 204
- Grouping services 204
- 206 Fortinet Inc 206
- Creating one-time schedules 206
- Creating recurring schedules 207
- Virtual IPs 208
- Adding static NAT virtual IPs 209
- 210 Fortinet Inc 210
- 212 Fortinet Inc 212
- IP pools 213
- IP/MAC binding 214
- 216 Fortinet Inc 216
- Adding IP/MAC addresses 216
- Enabling IP/MAC binding 217
- Content profiles 218
- Default content profiles 219
- Adding content profiles 219
- 220 Fortinet Inc 220
- 222 Fortinet Inc 222
- Users and authentication 223
- 224 Fortinet Inc 224
- Configuring RADIUS support 226
- Configuring LDAP support 227
- 228 Fortinet Inc 228
- Deleting LDAP servers 228
- Configuring user groups 229
- 230 Fortinet Inc 230
- Deleting user groups 230
- IPSec VPN 231
- Key management 232
- Manual key IPSec VPNs 233
- 234 Fortinet Inc 234
- AutoIKE IPSec VPNs 235
- 236 Fortinet Inc 236
- Configuring advanced options 237
- 238 Fortinet Inc 238
- IPSec VPN AutoIKE IPSec VPNs 239
- 240 Fortinet Inc 240
- Managing digital certificates 242
- 6 Configure the key 243
- 244 Fortinet Inc 244
- Configuring encrypt policies 245
- 246 Fortinet Inc 246
- Adding a source address 246
- Adding a destination address 247
- Adding an encrypt policy 247
- 248 Fortinet Inc 248
- IPSec VPN concentrators 249
- 250 Fortinet Inc 250
- Adding a VPN concentrator 251
- 252 Fortinet Inc 252
- Redundant IPSec VPNs 253
- 254 Fortinet Inc 254
- Viewing VPN tunnel status 255
- 256 Fortinet Inc 256
- Testing a VPN 256
- PPTP and L2TP VPN 257
- 258 Fortinet Inc 258
- 260 Fortinet Inc 260
- 262 Fortinet Inc 262
- Configuring L2TP 263
- 264 Fortinet Inc 264
- 266 Fortinet Inc 266
- 268 Fortinet Inc 268
- Detecting attacks 269
- 270 Fortinet Inc 270
- Viewing the signature list 271
- Viewing attack descriptions 271
- 272 Fortinet Inc 272
- Preventing attacks 274
- Logging attacks 276
- Manual message reduction 277
- 278 Fortinet Inc 278
- Antivirus scanning 280
- File blocking 281
- 282 Fortinet Inc 282
- Adding file patterns to block 282
- Quarantine 283
- 284 Fortinet Inc 284
- Viewing the quarantine list 284
- Sorting the quarantine list 284
- Filtering the quarantine list 285
- Downloading quarantined files 285
- 286 Fortinet Inc 286
- Viewing the virus list 287
- 288 Fortinet Inc 288
- Web filtering 289
- Content blocking 290
- Clearing the Banned Word list 291
- 292 Fortinet Inc 292
- URL blocking 293
- 294 Fortinet Inc 294
- Uploading a URL block list 295
- 296 Fortinet Inc 296
- Adding a Cerberian user 297
- 298 Fortinet Inc 298
- Script filtering 299
- Exempt URL list 300
- Status 0 Disabled 301
- 1 Enabled 301
- 302 Fortinet Inc 302
- Email filter 303
- Email banned word list 304
- Email block list 306
- Email exempt list 307
- Adding a subject tag 308
- 310 Fortinet Inc 310
- 312 Fortinet Inc 312
- Log message levels 312
- Filtering log messages 313
- Configuring traffic logging 314
- Enabling traffic logging 315
- 316 Fortinet Inc 316
- Adding traffic filter entries 316
- Viewing logs saved to memory 317
- 318 Fortinet Inc 318
- Searching logs 318
- Viewing logs 319
- 320 Fortinet Inc 320
- Deleting a saved log file 320
- Configuring alert email 321
- 322 Fortinet Inc 322
- Enabling alert email 322
- Glossary 323
- 324 Fortinet Inc 324
- Glossary 325
- 326 Fortinet Inc 326
- 328 Fortinet Inc 328
- 330 Fortinet Inc 330
- 332 Fortinet Inc 332
- 334 Fortinet Inc 334
- 336 Fortinet Inc 336
Related products and manuals for Software Fortinet FortiGate-800
Software Fortinet FortiLog-100 User Manual
(124 pages)
(124 pages)
Software Fortinet FSAE User Manual
(20 pages)
(20 pages)
© 2020, manymanuals.com. All rights reserved. | 0.148 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals