LiquidLayer.net | Tech

Fortinet Cookbook - Tips Tricks HowTo722

LiquidLayer private msg quote post Address this user
Source Fortinet Cookbook




About the Cookbook

The Fortinet Cookbook provides examples, or recipes, of basic and advanced configurations to administrators, both those who are experienced users and those who are less familiar with using Fortinet products.

Each example begins with a description of the desired configuration, followed by step-by-step instructions. Some topics include extra help sections, containing tips for dealing with common challenges.

Using the Fortinet Cookbook, you can go from idea to execution in simple steps, configuring your network for better productivity with reduced risk.

http://cookbook.fortinet.com/complete-fortigate-cookbook-5-2/

http://cookbook.fortinet.com/authentication/

http://cookbook.fortinet.com/expert/

http://cookbook.fortinet.com/security/

http://cookbook.fortinet.com/vpns/

http://cookbook.fortinet.com/fortios-handbook/

http://cookbook.fortinet.com/sysadmins-notebook/

http://cookbook.fortinet.com/tips/

http://cookbook.fortinet.com/glossary/

http://cookbook.fortinet.com/cookbook-team/

Watch more Fortinet Videos

http://video.fortinet.com




Source Fortinet Cookbook
Post 1 IP   flag post
LiquidLayer private msg quote post Address this user
Fortinet
FortiOS Handbook




Authenticating the FortiGate unit with digital certificates
To authenticate the FortiGate unit using digital certificates, you must have the required certificates installed on the remote peer and on the FortiGate unit.

The signed server certificate on one peer is validated by the presence of the root certificate installed on the other peer. If you use certificates to authenticate the FortiGate unit, you can also require the remote peers or dialup clients to authenticate using certificates.

See documentation here

See User Authentication - FortiOS Handbook
Post 2 IP   flag post
LiquidLayer private msg quote post Address this user
Fortinet
FortiOS Handbook





http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.01.html

Also

Choosing the IKE version

If you create a route-based VPN, you have the option of selecting IKE version 2. Otherwise, IKE version 1 is used.
IKEv2, defined in RFC 4306, simplifies the negotiation process that creates the security association (SA).

If you select IKEv2:

• There is no choice in Phase 1 of Aggressive or Main mode.
• FortiOS does not support Peer Options or Local ID.
• Extended Authentication (XAUTH) is not available.
• You can select only one DH Group.

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.05.html


http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.15.html

And

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.11.html

As well as

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.12.html
Post 3 IP   flag post
1087 3 3
Log in or sign up to compose a reply.