1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FortiOS 3.0
  6. Upgrade manual

Vpn; Ipsec; Ssl; Certificates - Fortinet FortiOS 3.0 Upgrade Manual

Fortinet network device upgrade guide fortios 3.0
Hide thumbs Also See for FortiOS 3.0:
Table of Contents

Advertisement

New features and changes

VPN

IPSec

SSL

Certificates

Upgrade Guide for FortiOS v3.0
01-30000-0317-20060424
The VPN menu contains the following menus:
IPSec
SSL
Certificates
The VPN menu has several significant changes for FortiOS 3.0. Configuration of
VPNs has also significantly changed. It is recommended you read the Release
Notes FortiOS 3.0MR1 to review known issues and changes for configuring
VPNs.
Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also,
VPN IPSec Phase 2 settings source and destination ports are reset to zero during the
upgrade.
Note: The CLI command auto-negotiate replaces the Ping generator feature. The
auto-negotiate is disabled by default and is available for both IPSec tunnels in the
IPSec Phase 2 configuration for both IPSec tunnels.
The IPSec menu has changed to reflect the way you configure VPNs. Phase 1
and Phase 2 tabs are merged with the new AutoKey (IKE) tab. The Ping
Generator tab is now available in the CLI. See the FortiGate CLI Reference for
more information.
The SSL menu is new for FortiOS 3.0. There are two tabs, Config and Monitor
where you can configure SSL VPNs and monitor
The Secure Socket Layer uses a cryptographic system that uses two keys to
encrypt data, a public key and private key.
If you require SSL version 2 encryption for compatibility with older browsers, you
can enable this protocol through the CLI, in the VPN chapter. See the FortiGate
CLI Reference for more information on SSL. Also, you can enable the use of
digital certificates for authenticating remote clients.
The Certificates menu has a new tab, Certificate Revocation List (CRL). The
FortiGate unit uses CRLs to ensure certificates belonging to CAs and remote
clients are valid.
From the CRL tab you can also import these types of certificates. It is important to
periodically retrieve certificate revocation lists from CA web sites to ensure clients
that have revoked certificates cannot establish a connection with the FortiGate
unit.
Note: After downloading a CRL from a CA web site, save the CRL on a computer that has
management access to the FortiGate unit.
VPN
23
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiOS 3.0

Related Content for Fortinet FortiOS 3.0

Table of Contents