Hub-Spoke OCVPN with inter-overlay source NAT
Hub-Spoke OCVPN with inter-overlay source NAT This topic provides a sample configuration of Hub-Spoke OCVPN with inter-overlay source NAT. OCVPN isolates traffic between overlays by default. With NAT...
View ArticleOCVPN troubleshooting
OCVPN troubleshooting This document includes troubleshooting steps for the following OCVPN network topologies: Full mesh. l Hub-spoke with ADVPN shortcut. l Hub-spoke with inter-overlay source NAT. For...
View ArticleIPsec VPN authenticating a remote FortiGate peer with a pre-shared key
IPsec VPN authenticating a remote FortiGate peer with a pre-shared key This recipe provides sample configuration of IPsec VPN authenticating a remote FortiGate peer with a pre-shared key. The following...
View ArticleIPsec VPN authenticating a remote FortiGate peer with a certificate
IPsec VPN authenticating a remote FortiGate peer with a certificate This recipe provides sample configuration of IPsec VPN authenticating a remote FortiGate peer with a certificate. The certificate on...
View ArticleTroubleshooting – Understanding VPN related logs
Understanding VPN related logs This document provides some IPsec log samples: IPsec phase1 negotiating logid=”0101037127″ type=”event” subtype=”vpn” level=”notice” vd=”root” eventtime=1544132571...
View ArticleTroubleshooting – IPsec related diagnose command
IPsec related diagnose command This document provides IPsec related diagnose commands. Daemon IKE summary information list: diagnose vpn ike status connection: 2/50 IKE SA: created 2/51 established 2/9...
View ArticleVPN Tunneled Internet Browsing
Tunneled Internet Browsing This recipe provides an example configuration of tunneled internet browsing using a dialup VPN. To centralize network management and control, all branch office traffic is...
View ArticleVPN and ASIC offload
VPN and ASIC offload Check the device ASIC information. For example, a FortiGate 900D has an NP6 and a CP8. # get hardware status Model name: [[QualityAssurance62/FortiGate]]-900D ASIC version: CP8...
View ArticleDisable automatic ASIC offloading
Disable automatic ASIC offloading When auto-asic-offload is set to disable in the firewall policy, traffic is nt offloaded and the NPU hosting counter is ticked. # diagnose vpn ipsec status All ipsec...
View ArticleLT2P over IPsec
LT2P over IPsec This recipe provides an example configuration of LT2P over IPsec. A locally defined user is used for authentication, a Windows PC or Android tablet is acting as the client, and...
View ArticleIPSEC Encryption algorithms
Encryption algorithms IKEv1 phase1 encryption algorithm The default encryption algorithm is: aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1 DES is a symmetric-key algorithm which means the same...
View ArticleIPSEC IKEv1 phase2 encryption algorithm
IKEv1 phase2 encryption algorithm The default encryption algorithm is: aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can...
View ArticleIPSEC IKEv2 phase1 encryption algorithm
IKEv2 phase1 encryption algorithm The default encryption algorithm is: aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256 DES is a symmetric-key algorithm...
View ArticleIPSEC IKEv2 phase2 encryption algorithm
IKEv2 phase2 encryption algorithm The default encryption algorithm is: aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can...
View ArticlePolicy-based IPsec tunnel
Policy-based IPsec tunnel This recipe provides an example configuration of policy-based IPsec tunnel. Site-to-site VPN between branch and HQ is used and HQ is the IPsec concentrator. The following...
View ArticleSSL VPN web mode for remote user
SSL VPN web mode for remote user This topic provides a sample configuration of remote users accessing the corporate network through an SSL VPN by web mode using a web browser. Sample network topology...
View ArticleSSL VPN full tunnel for remote user
SSL VPN full tunnel for remote user This topic provides a sample configuration of remote users accessing the corporate network and internet through an SSL VPN by tunnel mode using FortiClient. Sample...
View ArticleSSL VPN split tunnel for remote user
SSL VPN split tunnel for remote user This topic provides a sample configuration of remote users accessing the corporate network and internet through an SSL VPN by tunnel mode using FortiClient but...
View ArticleSSL VPN tunnel mode host check
SSL VPN tunnel mode host check This topic provides a sample configuration of remote users accessing the corporate network through an SSL VPN by tunnel mode using FortiClient with AV host check. Sample...
View ArticleSSL VPN multi-realm
SSL VPN multi-realm This sample recipe shows how to create a multi-realm SSL VPN that provides different portals for different user groups. Sample network topology Sample configuration WAN interface is...
View Article