Examples
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
17
Examples
Hardware accelerated IPSec processing, involving either partial or full offloading,
can be achieved in either tunnel or interface mode IPSec configurations.
To achieve offloading for both encryption and decryption:
• In Phase 1 configuration’s Advanced section, Local Gateway IP must be
specified as an IP address of the FortiGate-ASM-FB4 module’s SFP network
interfaces. (In other words, if Phase 1’s Local Gateway IP is Main Interface IP,
or is specified as an IP address that is not associated with the FortiGate-ASM-
FB4 module’s network interfaces, IPSec network processing is not offloaded.)
• In Phase 2 configuration’s P2 Proposal section, if the checkbox “Enable replay
detection” is enabled,
enc-offload-antireplay
and
dec-offload-
antireplay
must be set to
enable
in the CLI.
•
offload-ipsec-host
must be set to
enable
in the CLI.
This section contains example IPSec configurations whose IPSec encryption and
decryption processing is hardware accelerated by FortiGate-ASM-FB4 modules.
Figure 1
illustrates the example network topology.
Table 1
lists the example
network interfaces and IP addresses.
Figure 1: Example network topology for offloaded IPSec processing
This section includes the following topics:
•
Accelerated tunnel mode IPSec
Note:
Hardware accelerated IPSec does not require both tunnel endpoints to have
FortiGate-ASM-FB4 modules. However, if hardware is not symmetrical, the packet
forwarding rate is limited by the slower side.
Table 1: Example network interfaces and IP addresses
FortiGate_1
FortiGate_2
Network interface
IP
Network interface
IP
IPSec tunnel
FortiGate-ASM-FB4
port 2
3.3.3.1/24 FortiGate-ASM-FB4
port 2
3.3.3.2/24
Protected
network
FortiGate-ASM-FB4
port 1
1.1.1.0/24 FortiGate-ASM-FB4
port 1
2.2.2.0/24
Internet
Protected
network
Protected
network
FortiGate_1
FortiGate-ASM-FB4
port 1
1.1.1.0/24
FortiGate_2
FortiGate-ASM-FB4
port 1
2.2.2.0/24
FortiGate-ASM-FB4
port 2
(IPSec)
3.3.3.1/24
FortiGate-ASM-FB4
port 2
(IPSec)
3.3.3.2/24
Содержание FortiGate FortiGate-ASM-FB4
Страница 1: ...www fortinet com FortiGate ASM FB4 Version 1 0 T E C H N I C A L N O T E...
Страница 4: ...FortiGate ASM FB4 Version 1 0 Technical Note 4 01 30005 0424 20071002 Contents...
Страница 23: ...www fortinet com...
Страница 24: ...www fortinet com...