256
01-28006-0100-20041105
Fortinet Inc.
Phase 2
VPN
Phase 2 advanced options
Figure 125:Phase 2 advanced settings
P2 Proposal
Add or delete encryption and message digests. Select a minimum of one and
a maximum of three combinations. The remote peer must be configured to
use at least one of the proposals that you define.
You can select any of the following symmetric-key encryption algorithms:
•
NULL-Do not use an encryption algorithm.
•
DES-Digital Encryption Standard, a 64-bit block algorithm that uses a 56-
bit key.
•
3DES-Triple-DES, in which plain text is encrypted three times by three
keys.
•
AES128-A 128-bit block algorithm that uses a 128-bit key.
•
AES192-A 128-bit block algorithm that uses a 192-bit key.
•
AES256-A 128-bit block algorithm that uses a 256-bit key.
You can select either of the following message digests to check the
authenticity of messages during an encrypted session:
•
NULL-Do not use a message digest.
•
MD5-Message Digest 5, the hash algorithm developed by RSA Data
Security.
•
SHA1-Secure Hash Algorithm 1, which produces a 160-bit message
digest.
To specify one combination only, set the Encryption and Authentication
options of the second combination to NULL. To specify a third combination,
use the add button beside the fields for the second combination.
Enable replay
detection
Optionally enable or disable replay detection. Replay attacks occur when an
unauthorized party intercepts a series of IPSec packets and replays them
back into the tunnel. Enable replay detection to check the sequence number
of every IPSec packet to see if it has been received before. If packets arrive
out of sequence, the FortiGate unit discards them.
You can configure the FortiGate unit to send an alert email when it detects a
replay packet. For more information, see
“Alert E-mail options” on page 358
.
Enable perfect
forward
secrecy (PFS)
Perfect forward secrecy (PFS) improves security by forcing a new
Diffie-Hellman exchange whenever keylife expires.
Summary of Contents for FortiGate FortiGate-500A
Page 24: ...24 01 28006 0100 20041105 Fortinet Inc Customer service and technical support Introduction...
Page 46: ...46 01 28006 0100 20041105 Fortinet Inc Changing the FortiGate firmware System status...
Page 72: ...72 01 28006 0100 20041105 Fortinet Inc FortiGate IPv6 support System network...
Page 80: ...80 01 28006 0100 20041105 Fortinet Inc Dynamic IP System DHCP...
Page 110: ...110 01 28006 0100 20041105 Fortinet Inc FortiManager System config...
Page 116: ...116 01 28006 0100 20041105 Fortinet Inc Access profiles System administration...
Page 134: ...134 01 28006 0100 20041105 Fortinet Inc Shutdown System maintenance...
Page 248: ...248 01 28006 0100 20041105 Fortinet Inc CLI configuration Users and authentication...
Page 324: ...324 01 28006 0100 20041105 Fortinet Inc CLI configuration Antivirus...
Page 386: ...386 01 28006 0100 20041105 Fortinet Inc Glossary...
Page 394: ...394 01 28006 0100 20041105 Fortinet Inc Index...