Fortinet FortiGate FortiGate-5001 Administration Manual page 380

Glossary
ping, packet Internet grouper: A utility for
determining whether the device at a specific IP address
is accessible. The utility sends a packet to the specified
address and waits for a reply.
POP3, Post Office Protocol: A protocol used to
transfer email from a mail server to a mail client across
the Internet. Most email clients use POP.
port: The part of an interface on which application
traffic is carried. By convention, the port number
identifies the type of traffic. For example, port 80 is
used for HTTP traffic.
PPP, Point-to-Point Protocol: A protocol for
transmitting IP packets over serial point-to-point links
(that is, across any DTE/DCE interface).
PPPoE, PPP over Ethernet: A protocol that specifies
how to encapsulate PPP packets over Ethernet.
PPTP, Point-to-Point Tunneling Protocol: A security
protocol that creates a VPN by encapsulating PPP
packets.
primary unit: Also called the primary cluster unit, this
cluster unit controls how the cluster operates.The
primary cluster unit sends hello packets to all cluster
units to synchronize session information, synchronize
the cluster configuration, and to synchronize the cluster
routing table. The hello packets also confirm for the
subordinate units that the primary unit is still
functioning.
The primary unit also tracks the status of all
subordinate cluster units. When you start a
management connection to a cluster, you connect to
the primary cluster unit.
In an active-passive cluster, the primary cluster unit
processes all network traffic. If a subordinate unit fails,
the primary unit updates the cluster configuration
database.
In an active-active cluster, the primary unit receives all
network traffic and re-directs this traffic to subordinate
cluster units. If a subordinate unit fails, the primary unit
updates the cluster status and redistributes load
balanced traffic to other subordinate units in the cluster.
The FortiGate firmware uses the term "master" to refer
to the primary cluster unit.
380
protocol: A standard format for transmitting data. The
protocol determines the type of error checking to be
used, the data compression method (if any), how the
sending device indicates that it has finished sending a
message, and how the receiving device indicates that it
has received a message.
RADIUS, Remote Authentication Dial-In User
Service: A user authentication and network-usage
accounting system. When users dial into an ISP they
enter a user name and password. This information is
passed to a RADIUS server, which authenticates the
user and authorizes access to the network.
remote: The far end point (an IP address or port
number) of a connection.
replay detection: A way to determine whether a replay
attack is underway in an IPSec tunnel. A replay attack
occurs when an unauthorized party intercepts a series
of IPSec packets and changes them in an attempt to
flood a tunnel or access a VPN.
RFC, Request for Comments: Internet Standards
Committee documentation.
RIP, Routing Information Protocol: An Internet
protocol for sharing routing information within an
autonomous system.
router: A hardware device that connects computers on
the Internet together and routes traffic between them. A
router may connect a LAN and/or DMZ to the Internet.
routing: The process of determining which path to use
for sending packets to a destination.
routing table: A list of possible paths that a packet can
take to reach a destination.
SA, Security Association: SAs protect tunneled
packets. They contain the information needed to create
an IPSec VPN tunnel. An SA is uniquely identified by a
security parameter index, an IP destination address,
and a security protocol identifier. The Internet Security
Association and Key Management Protocol (ISAKMP)
is used to manage SAs.
server: An application that answers requests from
clients. Used as a generic term for any device that
provides services to the rest of the network such as
printing, storage, and network access.
SMTP, Simple Mail Transfer Protocol: A protocol that
supports email delivery services.
01-28008-0013-20050204 Fortinet Inc.