Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

IPsec Tunnels

IPsec Tunnels

The data path between a userʼs computer and a private network through a VPN is referred to as a tunnel. Like a physical tunnel, the data path is accessible only at both ends. In the telecommuting scenario, the tunnel runs between the FortiClient application on the userʼs PC, or a FortiProxy unit or other network device and the FortiProxy unit on the office private network.

Encapsulation makes this possible. IPsec packets pass from one end of the tunnel to the other and contain data packets that are exchanged between the local user and the remote private network. Encryption of the data packets ensures that any third-party who intercepts the IPsec packets can not access the data.

You can create a VPN tunnel between:

  • A PC equipped with the FortiClient application and a FortiProxy unit

  • Two FortiProxy units

  • Third-party VPN software and a FortiProxy unit

To view a list of IPsec tunnels, go to VPN > IPsec Tunnels. After you create an IPsec VPN tunnel, it appears in the VPN tunnel list.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New > IPsec Tunnel

Run the IPsec Wizard and create an IPsec tunnel. See IPsec Wizard.

Edit

Edit an IPsec tunnel. See Edit an IPsec tunnel.

Delete

Delete the selected IPsec tunnel.

Search

Enter a search term to find in the list.

Tunnel

The name of the IPsec tunnel.

Interface Binding

Select the name of the interface through which remote peers connect to the FortiProxy unit.

Status

The status is Active or Inactive.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.

Aggregate Weight

The aggregate weight.

Comments

An optional description of the IPsec tunnel.

IKE Version

The default IKE version is 1.

Mode

The mode is Aggressive or Main (ID Protection):

  • Main (ID Protection)—The Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information.

  • Aggressive—The Phase 1 parameters are exchanged in single message with authentication information that is not encrypted.

Phase 2 Selectors

The name of phase 2.
Previous
Next

IPsec Tunnels

The data path between a userʼs computer and a private network through a VPN is referred to as a tunnel. Like a physical tunnel, the data path is accessible only at both ends. In the telecommuting scenario, the tunnel runs between the FortiClient application on the userʼs PC, or a FortiProxy unit or other network device and the FortiProxy unit on the office private network.

Encapsulation makes this possible. IPsec packets pass from one end of the tunnel to the other and contain data packets that are exchanged between the local user and the remote private network. Encryption of the data packets ensures that any third-party who intercepts the IPsec packets can not access the data.

You can create a VPN tunnel between:

  • A PC equipped with the FortiClient application and a FortiProxy unit

  • Two FortiProxy units

  • Third-party VPN software and a FortiProxy unit

To view a list of IPsec tunnels, go to VPN > IPsec Tunnels. After you create an IPsec VPN tunnel, it appears in the VPN tunnel list.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New > IPsec Tunnel

Run the IPsec Wizard and create an IPsec tunnel. See IPsec Wizard.

Edit

Edit an IPsec tunnel. See Edit an IPsec tunnel.

Delete

Delete the selected IPsec tunnel.

Search

Enter a search term to find in the list.

Tunnel

The name of the IPsec tunnel.

Interface Binding

Select the name of the interface through which remote peers connect to the FortiProxy unit.

Status

The status is Active or Inactive.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.

Aggregate Weight

The aggregate weight.

Comments

An optional description of the IPsec tunnel.

IKE Version

The default IKE version is 1.

Mode

The mode is Aggressive or Main (ID Protection):

  • Main (ID Protection)—The Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information.

  • Aggressive—The Phase 1 parameters are exchanged in single message with authentication information that is not encrypted.

Phase 2 Selectors

The name of phase 2.
Previous
Next