1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Network Hardware
  5. FortiGate FortiGate-ASM-FB4
  6. Technical note

Examples - Fortinet FortiGate FortiGate-ASM-FB4 Technical Note

Version 1.0
Hide thumbs Also See for FortiGate FortiGate-ASM-FB4:
Table of Contents

Advertisement

Examples

Examples
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
Hardware accelerated IPSec processing, involving either partial or full offloading,
can be achieved in either tunnel or interface mode IPSec configurations.
To achieve offloading for both encryption and decryption:
In Phase 1 configuration's Advanced section, Local Gateway IP must be
specified as an IP address of the FortiGate-ASM-FB4 module's SFP network
interfaces. (In other words, if Phase 1's Local Gateway IP is Main Interface IP,
or is specified as an IP address that is not associated with the FortiGate-ASM-
FB4 module's network interfaces, IPSec network processing is not offloaded.)
In Phase 2 configuration's P2 Proposal section, if the checkbox "Enable replay
detection" is enabled, enc-offload-antireplay and dec-offload-
antireplay must be set to enable in the CLI.
offload-ipsec-host must be set to enable in the CLI.
This section contains example IPSec configurations whose IPSec encryption and
decryption processing is hardware accelerated by FortiGate-ASM-FB4 modules.
Figure 1
illustrates the example network topology.
network interfaces and IP addresses.
Note: Hardware accelerated IPSec does not require both tunnel endpoints to have
FortiGate-ASM-FB4 modules. However, if hardware is not symmetrical, the packet
forwarding rate is limited by the slower side.
Figure 1: Example network topology for offloaded IPSec processing
FortiGate-ASM-FB4
port 2
Protected
network
(IPSec)
3.3.3.1/24
FortiGate-ASM-FB4
port 1
1.1.1.0/24
Table 1: Example network interfaces and IP addresses
FortiGate_1
Network interface
IPSec tunnel FortiGate-ASM-FB4
port 2
Protected
FortiGate-ASM-FB4
port 1
network
This section includes the following topics:
Accelerated tunnel mode IPSec
Table 1
Internet
FortiGate_1
FortiGate_2
FortiGate_2
IP
Network interface
3.3.3.1/24 FortiGate-ASM-FB4
port 2
1.1.1.0/24 FortiGate-ASM-FB4
port 1
lists the example
FortiGate-ASM-FB4
port 2
Protected
(IPSec)
network
3.3.3.2/24
FortiGate-ASM-FB4
port 1
2.2.2.0/24
IP
3.3.3.2/24
2.2.2.0/24
17

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-ASM-FB4

Related Products for Fortinet FortiGate FortiGate-ASM-FB4

Table of Contents