Fortinet fortigate-asm-fb4 Nota De Lançamento

•

The following steps create a hardware accelerated tunnel mode IPSec tunnel 
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.

On FortiGate_1, go to VPN > IPSec.

Configure Phase 1.

For tunnel mode IPSec and for hardware acceleration, specifying the Local 
Gateway IP is required.

Select Advanced. In the Local Gateway IP section, select Specify and type the 
VPN IP address 3.3.3.2, which is the IP address of FortiGate_2’s FortiGate-ASM-
FB4 module port 2.

Configure Phase 2.

If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption 

offloading options available in the CLI, see 

Go to Firewall > Policy.

Configure one policy to apply the Phase 1 IPSec tunnel you configured in step 

 to 

traffic between FortiGate-ASM-FB4 module ports 1 and 2.

Go to Router > Static.

Configure a static route to route traffic destined for FortiGate_2’s protected 
network to VPN IP address of FortiGate_2’s VPN gateway, 3.3.3.2, through the 
FortiGate-ASM-FB4 module’s port 2 (device).

You can also configure the static route using the following CLI commands:

config router static

edit 2

set device "AMC-SW1/2"
set dst 2.2.2.0 255.255.255.0
set gateway 3.3.3.2

next

end

On FortiGate_2, go to VPN > IPSec.

Configure Phase 1.

For tunnel mode IPSec and for hardware acceleration, specifying the Local 
Gateway IP is required.

Select Advanced. In the Local Gateway IP section, select Specify and type the 
VPN IP address 3.3.3.1, which is the IP address of FortiGate_1’s FortiGate-ASM-
FB4 module port 2.