High Availability - Fortinet FortiGate FortiGate-60M Administration Manual
Version 2.80 mr7 antivirus firewalls
Hide thumbs
Also See for FortiGate FortiGate-60M:
- Quick start manual (2 pages) ,
- Installation manual (64 pages)
Table of Contents
Advertisement
About FortiGate Antivirus Firewalls
High availability
18
FortiGate VPN features include the following:
•
Industry standard and ICSA-certified IPSec VPN, including:
•
IPSec VPN in NAT/Route and Transparent mode,
•
IPSec, ESP security in tunnel mode,
•
DES, 3DES (triple-DES), and AES hardware accelerated encryption,
•
HMAC MD5 and HMAC SHA1 authentication and data integrity,
•
AutoIKE key based on pre-shared key tunnels,
•
IPSec VPN using local or CA certificates,
•
Manual Keys tunnels,
•
Diffie-Hellman groups 1, 2, and 5,
•
Aggressive and Main Mode,
•
Replay Detection,
•
Perfect Forward Secrecy,
•
XAuth authentication,
•
Dead peer detection,
•
DHCP over IPSec,
•
Secure Internet browsing.
•
PPTP for easy connectivity with the VPN standard supported by the most popular
operating systems.
•
L2TP for easy connectivity with a more secure VPN standard, also supported by
many popular operating systems.
•
Firewall policy based control of IPSec VPN traffic.
•
IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NAT
can connect to an IPSec VPN tunnel.
•
VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass from
one tunnel to another through the FortiGate unit.
•
IPSec Redundancy to create a redundant AutoIKE key IPSec VPN connection to a
remote network.
Fortinet achieves high availability (HA) using redundant hardware and the FortiGate
Clustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the same
overall security policy and shares the same configuration settings. You can add up to
32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be the
same model and must be running the same FortiOS firmware image.
FortiGate HA supports link redundancy and device redundancy.
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of a
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
01-28007-0144-20041217
Introduction
Fortinet Inc.
Advertisement
Table of Contents
