manualshive.com logo in svg

Fortinet FortiGate FortiGate-ASM-FB4, Technical Note

The Fortinet FortiGate FortiGate-ASM-FB4 is a comprehensive security solution that provides advanced threat protection and network security functions. For further details on how to configure and utilize this product, refer to the Technical Note manual available for free download from 88.208.23.73:8080.

Share
Download
background image

FortiGate-ASM-FB4 Version 1.0 Technical Note

20

01-30005-0424-20071002

Accelerated interface mode IPSec

Examples

5

Configure two policies (one for each direction) to apply the Phase 1 IPSec 
configuration you configured in step 

2

 to traffic leaving from or arriving on 

FortiGate-ASM-FB4 module port 1.

6

Go to 

Router 

Static

.

7

Configure a static route to route traffic destined for FortiGate_2’s protected 
network to the Phase 1 IPSec device, 

FGT_1_IPsec

.

You can also configure the static route using the following CLI commands:

config router static

edit 2

set device "FGT_1_IPsec"
set dst 2.2.2.0 255.255.255.0

next

end

8

On FortiGate_2, go to 

VPN

 > 

IPSec

.

9

Configure Phase 1.

For interface mode IPSec and for hardware acceleration, the following settings 
are required.
• Enable the checkbox “Enable IPSec Interface Mode.”
• In the Local Gateway IP section, select Specify and type the VPN IP address 

3.3.3.1, which is the IP address of FortiGate_1’s FortiGate-ASM-FB4 module 
port 2.

10

Configure Phase 2.

If you enable the checkbox “Enable replay detection,” set 

enc-offload-

antireplay

 to 

enable

 in the CLI. For details on encryption and decryption 

offloading options available in the CLI, see 

“config system npu” on page 15

.

11

Go to 

Firewall 

Policy

.

12

Configure two policies (one for each direction) to apply the Phase 1 IPSec 
configuration you configured in step 

9

 to traffic leaving from or arriving on 

FortiGate-ASM-FB4 module port 1.

13

Go to 

Router 

Static

.

14

Configure a static route to route traffic destined for FortiGate_1’s protected 
network to the Phase 1 IPSec device, 

FGT_2_IPsec

.

You can also configure the static route using the following CLI commands:

config router static

edit 2

set device "FGT_2_IPsec"
set dst 1.1.1.0 255.255.255.0

next

end

15

Activate the IPSec tunnel by sending traffic between the two protected networks.

To verify tunnel activation, go to 

VPN

 > 

IPSEC

 > 

Monitor

.

Summary of Contents for FortiGate FortiGate-ASM-FB4

Page 1: ...www fortinet com FortiGate ASM FB4 Version 1 0 T E C H N I C A L N O T E...

Page 2: ...Fortinet Inc Trademarks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam F...

Page 3: ...to offloading requirements 9 IPSec offloading requirements 9 HA active active offloading requirements 10 FortiGate ASM FB4 hardware 11 Installation and removal 11 To install SFP transceivers 11 To ins...

Page 4: ...FortiGate ASM FB4 Version 1 0 Technical Note 4 01 30005 0424 20071002 Contents...

Page 5: ...such as streaming multimedia traffic with long session lifetimes such as FTP IPSec VPN traffic active active HA load balanced traffic P2P traffic Eligible traffic processing is offloaded to the FortiG...

Page 6: ...duct The documents on this CD are current at shipping time For up to date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http docs forticare com Fortinet Knowl...

Page 7: ...The FortiGate ASM FB4 module continuously matches packets arriving on its network interfaces against the session keys and SAs it has received from the FortiGate unit If a FortiGate ASM FB4 module s ne...

Page 8: ...800 IEEE 802 1q VLAN specification is supported link aggregation between FortiGate ASM FB4 module network interfaces may be used IEEE 802 3ad specification is supported Layer 3 protocol must beIPv4 La...

Page 9: ...but still utilize FortiGate ASM FB4 modules encryption and other capabilities Exceptions include IPSec traffic and active active high availability HA load balanced traffic IPSec offloading requiremen...

Page 10: ...yption offload Ingress packet Offloaded encryption Encrypted ESP packet egress fast path Packet from FortiGate unit Offloaded encryption Encrypted ESP packet egress HA active active offloading require...

Page 11: ...he SFP cage sockets on the FortiGate ASM FB4 module front panel 3 Hold the sides of the SFP transceiver and slide the SFP transceiver into the cage until it clicks into place Repeat this action for ea...

Page 12: ...le into the extended position This unlocks the module from the FortiGate unit 4 Gently pull the latch to remove the module SFP network interfaces FortiGate ASM FB4 modules support both SerDes and SGMI...

Page 13: ...interface When editing a network interface associated with one of the FortiGate ASM FB4 module s SFP transceivers additional settings appear The following settings configure the SFP media type and whe...

Page 14: ...curity option pass_ipsecurity Allow IP with security option to pass drop_ipssrr Drop IP with strict source record route option pass_ipssrr Allow IP with strict source record route option to pass drop_...

Page 15: ...n is enabled in Phase 2 configuration If replay detection is disabled encryption is always offloaded disable dec offload antireplay enable disable Enable or disable offloading of IPSec decryption This...

Page 16: ...05 0424 20071002 config system npu Specialized CLI settings Example You could configure the traffic shaping limit to be applied as a bidirectional total limit during hardware accelerated sessions conf...

Page 17: ...tion contains example IPSec configurations whose IPSec encryption and decryption processing is hardware accelerated by FortiGate ASM FB4 modules Figure 1 illustrates the example network topology Table...

Page 18: ...e CLI For details on encryption and decryption offloading options available in the CLI see config system npu on page 15 4 Go to Firewall Policy 5 Configure one policy to apply the Phase 1 IPSec tunnel...

Page 19: ...2 set dst 1 1 1 0 255 255 255 0 set gateway 3 3 3 1 next end 15 Activate the IPSec tunnel by sending traffic between the two protected networks To verify tunnel activation go to VPN IPSEC Monitor Acce...

Page 20: ...section select Specify and type the VPN IP address 3 3 3 1 which is the IP address of FortiGate_1 s FortiGate ASM FB4 module port 2 10 Configure Phase 2 If you enable the checkbox Enable replay detect...

Page 21: ...18 19 20 ESP 10 F fast path 5 required session characteristics 8 FortiASIC 5 FortiGate documentation commenting on 6 Fortinet documentation 6 Fortinet Knowledge Center 6 fragmented packets 8 FTP 5 9 H...

Page 22: ...n SA 7 10 15 security option 14 SerDes 14 session key 7 lifetime 5 SFP cages 11 media type 13 14 transceivers 11 SFP small form factor pluggable network interfaces 5 SFP transceivers 11 SGMII 14 15 SH...

Page 23: ...www fortinet com...

Page 24: ...www fortinet com...

Reviews:

No comments

Related manuals for FortiGate FortiGate-ASM-FB4

Fortinet FortiWiFi FortiWiFi-60A Quick Start Manual preview
FortiWiFi FortiWiFi-60A
Brand: Fortinet Pages: 2
Dell SonicWALL SOHO Quick Start Manual preview
SonicWALL SOHO
Brand: Dell Pages: 2
H3C F5000-AI160 Manual preview
F5000-AI160
Brand: H3C Pages: 59
Watchguard Firebox SOHO 6 Wireless Quick Start Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 2
Fortinet FortiManager-3000B Quick Start Manual preview
FortiManager-3000B
Brand: Fortinet Pages: 2
Fortinet FortiManager-3000 Quick Start Manual preview
FortiManager-3000
Brand: Fortinet Pages: 2
Fortinet FortiMail-4000A Quick Start Manual preview
FortiMail-4000A
Brand: Fortinet Pages: 2
Fortinet FORTIMAIL-5000 Quick Start Manual preview
FORTIMAIL-5000
Brand: Fortinet Pages: 2
Fortinet FortiMail-3000C Quick Start Manual preview
FortiMail-3000C
Brand: Fortinet Pages: 2
Fortinet FortiMail-400 Quick Start Manual preview
FortiMail-400
Brand: Fortinet Pages: 2
Fortinet FortiGate-80C Quick Start Manual preview
FortiGate-80C
Brand: Fortinet Pages: 2
Fortinet FortiMail-2000A Quick Start Manual preview
FortiMail-2000A
Brand: Fortinet Pages: 2
Fortinet FortiGate-51B Quick Start Manual preview
FortiGate-51B
Brand: Fortinet Pages: 2
Fortinet FortiGate-51B-LENC Quick Start Manual preview
FortiGate-51B-LENC
Brand: Fortinet Pages: 2
Fortinet FortiGate-50A Quick Start Manual preview
FortiGate-50A
Brand: Fortinet Pages: 2
Fortinet FortiWiFi 60CX-ADSL-A Quick Start Manual preview
FortiWiFi 60CX-ADSL-A
Brand: Fortinet Pages: 13
Fortinet FortiGate-5140-R Quick Start Manual preview
FortiGate-5140-R
Brand: Fortinet Pages: 10
Fortinet FortiTester 3000E Quick Start Manual preview
FortiTester 3000E
Brand: Fortinet Pages: 18

Brands by name

Popular brands

Load more brands