Fortinet fortigate-asm-fb4 Nota De Lançamento
Examples
Accelerated interface mode IPSec
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
01-30005-0424-20071002
19
10
Configure Phase 2.
If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
.
11
Go to Firewall > Policy.
12
to traffic between FortiGate-ASM-FB4 module ports 1 and 2.
13
Go to Router > Static.
14
Configure a static route to route traffic destined for FortiGate_1’s protected
network to VPN IP address of FortiGate_1’s VPN gateway, 3.3.3.1, through the
FortiGate-ASM-FB4 module’s port 2 (device).
network to VPN IP address of FortiGate_1’s VPN gateway, 3.3.3.1, through the
FortiGate-ASM-FB4 module’s port 2 (device).
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "AMC-SW1/2"
set dst 1.1.1.0 255.255.255.0
set gateway 3.3.3.1
set dst 1.1.1.0 255.255.255.0
set gateway 3.3.3.1
next
end
15
Activate the IPSec tunnel by sending traffic between the two protected networks.
To verify tunnel activation, go to VPN > IPSEC > Monitor.
Accelerated interface mode IPSec
The following steps create a hardware accelerated interface mode IPSec tunnel
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.
To configure hardware accelerated interface mode IPSec
1
On FortiGate_1, go to VPN > IPSec.
2
Configure Phase 1.
For interface mode IPSec and for hardware acceleration, the following settings
are required.
• Select Advanced.
• Enable the checkbox “Enable IPSec Interface Mode.”
• In the Local Gateway IP section, select Specify and type the VPN IP address
are required.
• Select Advanced.
• Enable the checkbox “Enable IPSec Interface Mode.”
• In the Local Gateway IP section, select Specify and type the VPN IP address
3.3.3.2, which is the IP address of FortiGate_2’s FortiGate-ASM-FB4 module
port 2.
port 2.
3
Configure Phase 2.
If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
.
4
Go to Firewall > Policy.