196
Fortinet Inc.
Configuring encrypt policies
IPSec VPN
Refer to the
FortiGate Installation and Configuration Guide
to configure the remaining
policy settings.
9
Select OK to save the encrypt policy.
To make sure that the encrypt policy is matched for VPN connections, arrange the
encrypt policy above other policies with similar source and destination addresses and
services in the policy list.
Figure 25: Adding an encrypt policy
Inbound NAT
The FortiGate unit translates the source address of incoming packets to the
IP address of the FortiGate interface connected to the source address
network. Typically, this is an internal interface of the FortiGate unit.
Inbound NAT makes it impossible for local hosts to see the IP addresses of
remote hosts (hosts located on the network behind the remote VPN
gateway).
Outbound NAT
The FortiGate unit translates the source address of outgoing packets to the
IP address of the FortiGate interface connected to the destination address
network. Typically, this is an external interface of the FortiGate unit.
Outbound NAT makes it impossible for remote hosts to see the IP
addresses of local hosts (hosts located on the network behind the local VPN
gateway).
If Outbound NAT is implemented, it is subject to these limitations:
— Configure Outbound NAT only at one end of the tunnel.
— The end which does not implement Outbound NAT requires an Int->Ext
policy which specifies the other end’s external interface as the Destination.
(This will be a public IP address.)
— The tunnel, and the traffic within the tunnel, can only be initiated at the
end which implements Outbound NAT.
Содержание FortiGate 60R
Страница 12: ...Contents 12 Fortinet Inc...
Страница 26: ...26 Fortinet Inc Customer service and technical support Introduction...
Страница 42: ...42 Fortinet Inc Next steps Getting started...
Страница 106: ...106 Fortinet Inc Registering a FortiGate unit after an RMA Virus and attack definitions updates and registration...
Страница 138: ...138 Fortinet Inc Customizing replacement messages System configuration...
Страница 228: ...228 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Страница 242: ...242 Fortinet Inc Exempt URL list Web filtering...
Страница 256: ...256 Fortinet Inc Configuring alert email Logging and reporting...
Страница 260: ...260 Fortinet Inc Glossary...
Страница 270: ...270 Fortinet Inc Index...