Fortinet FortiGate 4000 User Manual Page 253
- Page / 332
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
IPSec VPN IPSec VPN concentrators
FortiGate-4000 Installation and Configuration Guide 253
Figure 73: Adding an encrypt policy
IPSec VPN concentrators
In a hub-and-spoke network, all VPN tunnels terminate at a single VPN peer called a
hub. The peers that connect to the hub are known as spokes. The hub functions as a
concentrator on the network, managing the VPN connections between the spokes.
The advantage of a hub-and-spoke network is that the spokes are simpler to configure
because they require fewer policy rules. Also, a hub-and-spoke network provides
some processing efficiencies, particularly on the spokes. The disadvantage of a hub-
and-spoke network is its reliance on a single peer to handle management of all VPNs.
If this peer fails, encrypted communication in the network is impossible.
A hub-and-spoke VPN network requires a special configuration. Setup varies
depending on the role of the VPN peer.
If the VPN peer is a FortiGate unit functioning as the hub, or concentrator, it requires a
VPN configuration connecting it to each spoke (AutoIKE phase 1 and 2 settings or
manual key settings, plus encrypt policies). It also requires a concentrator
configuration that groups the hub-and-spoke tunnels together. The concentrator
configuration defines the FortiGate unit as the hub in a hub-and-spoke network.
- User Manual 1
- Table of Contents 3
- 4 Fortinet Inc 4
- 6 Fortinet Inc 6
- 8 Fortinet Inc 8
- 10 Fortinet Inc 10
- Contents 11
- 12 Fortinet Inc 12
- 14 Fortinet Inc 14
- Introduction 15
- Antivirus protection 16
- Web content filtering 16
- Email filtering 17
- Firewall 17
- VLANs and virtual domains 18
- Network intrusion detection 18
- High availability 19
- 20 Fortinet Inc 20
- Web-based manager 20
- Document conventions 21
- Fortinet documentation 22
- 24 Fortinet Inc 24
- Getting started 25
- Warnings and cautions 26
- Package contents 26
- Physical description 27
- Front panel features 28
- FortiBlade-4010 module 29
- 30 Fortinet Inc 30
- KVM switch module 30
- Rear panel features 31
- 32 Fortinet Inc 32
- Cooling fan trays 33
- Management module 33
- Mounting Knot Mounting Knot 34
- Pass-through interface module 35
- Switched interface module 35
- 36 Fortinet Inc 36
- Installing hardware 37
- 38 Fortinet Inc 38
- 40 Fortinet Inc 40
- Hot swapping modules 41
- 42 Fortinet Inc 42
- Hot swapping power supplies 42
- 44 Fortinet Inc 44
- 46 Fortinet Inc 46
- Factory default configuration 48
- 50 Fortinet Inc 50
- Strict content profile 51
- Scan content profile 51
- 52 Fortinet Inc 52
- Web content profile 52
- Unfiltered content profile 53
- 54 Fortinet Inc 54
- FortiGate-4000 unit 55
- 56 Fortinet Inc 56
- Internet 57
- Hub or switch 57
- Hub or Switch 57
- External 57
- Load balance 58
- Load balancer 58
- Next steps 60
- NAT/Route mode installation 61
- 62 Fortinet Inc 62
- Using the setup wizard 63
- 64 Fortinet Inc 64
- Configuring your networks 66
- Completing the configuration 66
- 68 Fortinet Inc 68
- Transparent mode installation 69
- 74 Fortinet Inc 74
- General configuration steps 75
- 76 Fortinet Inc 76
- CLI configuration steps 76
- 78 Fortinet Inc 78
- 80 Fortinet Inc 80
- Configuring an HA cluster 82
- 84 Fortinet Inc 84
- Connecting the cluster 84
- FortiGate-4000S rear panel 85
- Internal Network 85
- FortiGate-4000P rear panel 86
- Managing an HA cluster 87
- 88 Fortinet Inc 88
- Monitoring cluster members 89
- 90 Fortinet Inc 90
- Viewing cluster sessions 90
- 92 Fortinet Inc 92
- 94 Fortinet Inc 94
- Upgrading firmware 94
- Advanced HA options 95
- 96 Fortinet Inc 96
- NAT/Route mode packet flow 97
- 98 Fortinet Inc 98
- Transparent mode packet flow 99
- 100 Fortinet Inc 100
- System status 101
- 102 Fortinet Inc 102
- 104 Fortinet Inc 104
- 106 Fortinet Inc 106
- 108 Fortinet Inc 108
- 110 Fortinet Inc 110
- 112 Fortinet Inc 112
- 114 Fortinet Inc 114
- Backing up system settings 115
- Restoring system settings 116
- Changing to Transparent mode 117
- Changing to NAT/Route mode 117
- Restarting the FortiGate unit 118
- Viewing CPU and memory status 119
- 120 Fortinet Inc 120
- System status System status 121
- Session list 122
- 124 Fortinet Inc 124
- Scheduling updates 126
- Adding an override server 127
- Enabling push updates 128
- 130 Fortinet Inc 130
- 132 Fortinet Inc 132
- Registering FortiGate units 133
- 134 Fortinet Inc 134
- FortiCare Service Contracts 134
- 136 Fortinet Inc 136
- 138 Fortinet Inc 138
- 140 Fortinet Inc 140
- Network configuration 141
- Configuring interfaces 142
- Viewing the interface list 143
- Adding an interface to a zone 143
- 144 Fortinet Inc 144
- 146 Fortinet Inc 146
- 148 Fortinet Inc 148
- Out of band management 149
- VLAN overview 150
- VLANs in NAT/Route mode 151
- 152 Fortinet Inc 152
- Rules for VLAN IP addresses 152
- Adding VLAN subinterfaces 152
- 154 Fortinet Inc 154
- Virtual domain properties 154
- Configuring a virtual domain 154
- Adding a virtual domain 155
- 156 Fortinet Inc 156
- Configuring routing 158
- Adding a default route 159
- 160 Fortinet Inc 160
- Configuring the routing table 161
- Policy routing 161
- Configuring DHCP services 162
- Configuring a DHCP server 163
- 164 Fortinet Inc 164
- 166 Fortinet Inc 166
- RIP configuration 167
- 168 Fortinet Inc 168
- 170 Fortinet Inc 170
- Adding RIP filters 171
- 172 Fortinet Inc 172
- 174 Fortinet Inc 174
- System configuration 175
- Changing system options 176
- 178 Fortinet Inc 178
- Configuring SNMP 180
- 182 Fortinet Inc 182
- FortiGate MIBs 182
- FortiGate traps 183
- General FortiGate traps 183
- System traps 183
- 184 Fortinet Inc 184
- VPN traps 184
- NIDS traps 184
- Antivirus traps 184
- Logging traps 184
- Fortinet MIB fields 185
- Firewall configuration 185
- Replacement messages 187
- 188 Fortinet Inc 188
- Customizing alert emails 189
- 190 Fortinet Inc 190
- 192 Fortinet Inc 192
- Interfaces 192
- Addresses 193
- VLAN subinterfaces 193
- Adding firewall policies 194
- VPN Tunnel 197
- Traffic Shaping 197
- 198 Fortinet Inc 198
- Authentication 198
- Anti-Virus & Web filter 198
- Log Traffic 199
- Comments 199
- Configuring policy lists 200
- Disabling policies 201
- Enabling policies 201
- Editing addresses 203
- 204 Fortinet Inc 204
- Deleting addresses 204
- Services 205
- 206 Fortinet Inc 206
- 208 Fortinet Inc 208
- Adding custom ICMP services 209
- Adding custom IP services 209
- Grouping services 209
- Schedules 210
- Creating one-time schedules 211
- 212 Fortinet Inc 212
- Creating recurring schedules 212
- Virtual IPs 213
- 214 Fortinet Inc 214
- Adding static NAT virtual IPs 214
- 216 Fortinet Inc 216
- IP pools 218
- IP pools and dynamic NAT 219
- IP/MAC binding 220
- Adding IP/MAC addresses 221
- 222 Fortinet Inc 222
- Enabling IP/MAC binding 222
- Content profiles 223
- 224 Fortinet Inc 224
- Default content profiles 224
- Adding content profiles 224
- 8 Select OK 225
- 226 Fortinet Inc 226
- Users and authentication 227
- 228 Fortinet Inc 228
- Configuring RADIUS support 230
- Configuring LDAP support 231
- Configuring user groups 232
- Adding user groups 233
- 234 Fortinet Inc 234
- Deleting user groups 234
- IPSec VPN 235
- Key management 236
- Manual key IPSec VPNs 237
- 238 Fortinet Inc 238
- AutoIKE IPSec VPNs 239
- 240 Fortinet Inc 240
- Configuring advanced options 241
- 242 Fortinet Inc 242
- IPSec VPN AutoIKE IPSec VPNs 243
- 244 Fortinet Inc 244
- Managing digital certificates 246
- 6 Configure the key 247
- 248 Fortinet Inc 248
- Configuring encrypt policies 249
- 250 Fortinet Inc 250
- Adding a source address 250
- Adding a destination address 251
- Adding an encrypt policy 251
- 252 Fortinet Inc 252
- IPSec VPN concentrators 253
- 254 Fortinet Inc 254
- Adding a VPN concentrator 255
- 256 Fortinet Inc 256
- Viewing VPN tunnel status 257
- 258 Fortinet Inc 258
- Testing a VPN 258
- PPTP and L2TP VPN 259
- 260 Fortinet Inc 260
- 262 Fortinet Inc 262
- 264 Fortinet Inc 264
- Configuring L2TP 265
- 266 Fortinet Inc 266
- 268 Fortinet Inc 268
- 270 Fortinet Inc 270
- Detecting attacks 271
- 272 Fortinet Inc 272
- Viewing the signature list 273
- Viewing attack descriptions 273
- 274 Fortinet Inc 274
- Preventing attacks 276
- Logging attacks 278
- Manual message reduction 279
- 280 Fortinet Inc 280
- Antivirus scanning 282
- File blocking 283
- 284 Fortinet Inc 284
- Adding file patterns to block 284
- Viewing the virus list 286
- Web filtering 287
- Content blocking 288
- Clearing the Banned Word list 289
- 290 Fortinet Inc 290
- URL blocking 291
- 292 Fortinet Inc 292
- Uploading a URL block list 293
- 294 Fortinet Inc 294
- Adding a Cerberian user 295
- 296 Fortinet Inc 296
- Script filtering 297
- Exempt URL list 298
- Uploading a URL Exempt List 299
- 300 Fortinet Inc 300
- Email filter 301
- Email banned word list 302
- Email block list 304
- Email exempt list 305
- Adding a subject tag 306
- Logging and reporting 307
- 308 Fortinet Inc 308
- Log message levels 309
- Filtering log messages 310
- Configuring traffic logging 311
- 312 Fortinet Inc 312
- Enabling traffic logging 312
- Adding traffic filter entries 313
- Viewing logs saved to memory 314
- Configuring alert email 315
- 316 Fortinet Inc 316
- Adding alert email addresses 316
- Testing alert email 316
- Enabling alert email 317
- 318 Fortinet Inc 318
- Glossary 319
- 320 Fortinet Inc 320
- Glossary 321
- 322 Fortinet Inc 322
- 324 Fortinet Inc 324
- 328 Fortinet Inc 328
- 330 Fortinet Inc 330
- 332 Fortinet Inc 332
Related products and manuals for Computer Accessories Fortinet FortiGate 4000
Computer Accessories Fortinet 5003 User Manual
(128 pages)
(128 pages)
© 2020, manymanuals.com. All rights reserved. | 0.427 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals