IPv6

IPv6 Internet Protocol version 6 (IPv6) will succeed IPv4 as the standard networking protocol of the Internet. IPv6 provides a number of advances over IPv4 but the primary reason for its replacing IPv4 is its limitation in addresses. IPv4 uses 32 bit addresses which means there is a theoretical limit of 2 to the power […]

RPC over HTTP

RPC over HTTP How protocol options profiles and SSL inspection profiles handle RPC (Remote Procedure Calls) over HTTP traffic can be configured separately from normal HTTP traffic. The configuration is done in the CLI. Configuration in Protocol Options config firewall profile-protocol-options edit 0 IPv6 set rpc-over-http [disable|enable] end Configuration in SSL/SSH inspection config firewall ssl-ssh-profile […]

SSL/SSH Inspection

SSL/SSH Inspection While the profile configuration for SSL/SSH Inspection is found in the Security Profiles section it is enabled in the firewall policy by enabling any of the security profiles. Choosing which of the SSL/SSH Inspection profiles is all that can really be done in the policy. RPC over HTTP The reason for having this […]

IPSec Troubleshooting

Troubleshooting This section contains tips to help you with some common challenges of IPsec VPNs. A VPN connection has multiple stages that can be confirmed to ensure the connection is working properly. It is easiest to see if the final stage is successful first since if it is successful the other stages will be working […]

IPSec Logging and monitoring

Logging and monitoring This section provides some general logging and monitoring procedures for VPNs. The following topics are included in this section: Monitoring VPN connections VPN event logs Monitoring VPN connections You can use the monitor to view activity on IPsec VPN tunnels and to start or stop those tunnels. The display provides a list […]

IPsec Auto-Discovery VPN (ADVPN)

IPsec Auto-Discovery VPN (ADVPN) Consider a company that wants to provide direct secure (IPsec) connections between all of its offices in New York, Chicago, Greenwich, London, Paris, Frankfurt, Tokyo, Shanghai, and Hong Kong. A straightforward solution is to create a full mesh of connections such that every site has eight IPsec configurations, one for each […]

BGP over dynamic IPsec

BGP over dynamic IPsec The following example shows how to create a dynamic IPsec VPN tunnel that allows BGP. Configuring IPsec on FortiGate 1 Go to Policy & Objects > Addresses and select create new Address. Name Remote_loop_int Type Subnet Subnet/IP Range 10.10.10.10 Interface any Create an Address Group. Group Name VPN_DST Show in Address […]

Protecting OSPF with IPsec

Protecting OSPF with IPsec For enhanced security, OSPF dynamic routing can be carried over IPsec VPN links. The following topics are included in this section: Configuration overview This chapter shows an example of OSPF routing conducted over an IPsec tunnel between two FortiGate units. The network shown below is a single OSPF area. FortiGate_1 is […]