Fortinet fortigate-asm-fb4 Nota De Lançamento

Configure Phase 2.

If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption 

offloading options available in the CLI, see 

.

Go to Firewall > Policy.

Configure one policy to apply the Phase 1 IPSec tunnel you configured in step 

 

to traffic between FortiGate-ASM-FB4 module ports 1 and 2.

Go to Router > Static.

Configure a static route to route traffic destined for FortiGate_1’s protected 
network to VPN IP address of FortiGate_1’s VPN gateway, 3.3.3.1, through the 
FortiGate-ASM-FB4 module’s port 2 (device).

You can also configure the static route using the following CLI commands:

config router static

edit 2

set device "AMC-SW1/2"
set dst 1.1.1.0 255.255.255.0
set gateway 3.3.3.1

next

end

Activate the IPSec tunnel by sending traffic between the two protected networks.

To verify tunnel activation, go to VPN > IPSEC > Monitor.

The following steps create a hardware accelerated interface mode IPSec tunnel 
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.

On FortiGate_1, go to VPN > IPSec.

Configure Phase 1.

For interface mode IPSec and for hardware acceleration, the following settings 
are required.
• Select Advanced.
• Enable the checkbox “Enable IPSec Interface Mode.”
• In the Local Gateway IP section, select Specify and type the VPN IP address 

3.3.3.2, which is the IP address of FortiGate_2’s FortiGate-ASM-FB4 module 
port 2.

Configure Phase 2.

If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption 

offloading options available in the CLI, see 

.

Go to Firewall > Policy.