Introduction
Intrusion Prevention System (IPS)
FortiGate-100A Administration Guide
01-28006-0068-20041105
17
Intrusion Prevention System (IPS)
The FortiGate Intrusion Prevention System (IPS) combines signature and anomaly
based intrusion detection and prevention. The FortiGate unit can record suspicious
traffic in logs, can send alert email to system administrators, and can log, pass, drop,
reset, or clear suspicious packets or sessions. Both the IPS predefined signatures and
the IPS engine are upgradeable through the FortiProtect Distribution Network (FDN).
You can also create custom signatures.
VPN
Using FortiGate virtual private networking (VPN), you can provide a secure
connection between widely separated office networks or securely link telecommuters
or travellers to an office network.
FortiGate VPN features include the following:
• Industry standard and ICSA-certified IPSec VPN, including:
• IPSec VPN in NAT/Route and Transparent mode,
• IPSec, ESP security in tunnel mode,
• DES, 3DES (triple-DES), and AES hardware accelerated encryption,
• HMAC MD5 and HMAC SHA1 authentication and data integrity,
• AutoIKE key based on pre-shared key tunnels,
• IPSec VPN using local or CA certificates,
• Manual Keys tunnels,
• Diffie-Hellman groups 1, 2, and 5,
• Aggressive and Main Mode,
• Replay Detection,
• Perfect Forward Secrecy,
• XAuth authentication,
• Dead peer detection,
• DHCP over IPSec,
• Secure Internet browsing.
• PPTP for easy connectivity with the VPN standard supported by the most popular
operating systems.
• L2TP for easy connectivity with a more secure VPN standard, also supported by
many popular operating systems.
• Firewall policy based control of IPSec VPN traffic.
• IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NAT
can connect to an IPSec VPN tunnel.
• VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass from
one tunnel to another through the FortiGate unit.
• IPSec Redundancy to create a redundant AutoIKE key IPSec VPN connection to a
remote network.
Содержание FortiGate FortiGate-100A
Страница 24: ...24 01 28006 0068 20041105 Fortinet Inc FortiLog documentation Introduction...
Страница 46: ...46 01 28006 0068 20041105 Fortinet Inc Installing and using a backup firmware image System status...
Страница 72: ...72 01 28006 0068 20041105 Fortinet Inc Transparent mode VLAN settings System network...
Страница 80: ...80 01 28006 0068 20041105 Fortinet Inc DHCP IP MAC binding settings System DHCP...
Страница 114: ...114 01 28006 0068 20041105 Fortinet Inc Access profile options System administration...
Страница 232: ...232 01 28006 0068 20041105 Fortinet Inc CLI configuration Firewall...
Страница 244: ...244 01 28006 0068 20041105 Fortinet Inc peergrp Users and authentication...
Страница 320: ...320 01 28006 0068 20041105 Fortinet Inc service smtp Antivirus...
Страница 366: ...366 01 28006 0068 20041105 Fortinet Inc syslogd setting Log Report...
Страница 380: ...380 01 28006 0068 20041105 Fortinet Inc Glossary...
Страница 388: ...388 01 28006 0068 20041105 Fortinet Inc Index...