High Availability; Secure Installation, Configuration, And Management - Fortinet FortiGate FortiGate-500A Administration Manual
Fortinet fortigate fortigate-500a: user guide
Hide thumbs
Also See for FortiGate FortiGate-500A:
- Install manual (56 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
About FortiGate Antivirus Firewalls
High availability
Secure installation, configuration, and management
18
•
Aggressive and Main Mode,
•
Replay Detection,
•
Perfect Forward Secrecy,
•
XAuth authentication,
•
Dead peer detection,
•
DHCP over IPSec,
•
Secure Internet browsing.
•
PPTP for easy connectivity with the VPN standard supported by the most popular
operating systems.
•
L2TP for easy connectivity with a more secure VPN standard, also supported by
many popular operating systems.
•
Firewall policy based control of IPSec VPN traffic.
•
IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NAT
can connect to an IPSec VPN tunnel.
•
VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass from
one tunnel to another through the FortiGate unit.
•
IPSec Redundancy to create a redundant AutoIKE key IPSec VPN connection to a
remote network.
Fortinet achieves high availability (HA) using redundant hardware and the FortiGate
Clustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the same
overall security policy and shares the same configuration settings. You can add up to
32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be the
same model and must be running the same FortiOS firmware image.
FortiGate HA supports link redundancy and device redundancy.
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of a
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
Active-active (A-A) HA load balances virus scanning among all the FortiGate units in
the cluster. An active-active HA cluster consists of a primary FortiGate unit that
processes traffic and one or more secondary units that also process traffic. The
primary FortiGate unit uses a load balancing algorithm to distribute virus scanning to
all the FortiGate units in the HA cluster.
The first time you power on the FortiGate unit, it is already configured with default IP
addresses and security policies. Connect to the web-based manager, set the
operating mode, and use the Setup wizard to customize FortiGate IP addresses for
your network, and the FortiGate unit is ready to protect your network. You can then
use the web-based manager to customize advanced FortiGate features.
01-28006-0100-20041105
Introduction
Fortinet Inc.
Advertisement
Table of Contents
