Glossary - Fortinet FortiGate FortiGate-5001 Administration Manual

Glossary

address: An IP address (logical address) or the
address of a physical interface (hardware address). An
Ethernet address is sometimes called a MAC address.
See also IP address.
aggressive mode: A way to establish a secure
channel during IPSec phase 1 negotiations when the
VPN peer uses its identity as part of the authentication
process. See also main mode.
AH, Authentication Header: An IPSec security
protocol. Fortinet IPSec uses ESP in tunnel mode, not
AH. See ESP.
ARP, Address Resolution Protocol: A protocol that
resolves a logical IP address to a physical Ethernet
address.
authentication: A process whereby a server
determines whether a client may establish a
connection and access private resources.
CA, Certificate Authority: A company that issues
digital certificates to validate the identity of a person or
entity in an online exchange.
CHAP, Challenge Handshake Authentication
Protocol: An authentication protocol supported by
PPP. See also PPP.
client: An application that requires and requests
services from a server.
cluster: A group of FortiGate units that act as a single
virtual FortiGate unit to maintain connectivity even if
one of the FortiGate units in the cluster fails.
cluster unit: A FortiGate unit operating in a FortiGate
HA cluster.
connection: A link between computers, applications,
or processes that can be logical, physical, or both.
decryption: A method of decoding an encrypted file
into its original state.
device failover: A hardware or software problem that
causes a FortiGate unit to stop processing network
traffic. If one of the FortiGate units in a cluster fails, all
functions, all established firewall connections, and all
IPSec VPN sessions are maintained by the other
FortiGate units in the HA cluster.
FortiGate-5000 series Administration Guide
DHCP, Dynamic Host Configuration Protocol: An
Internet protocol that assigns IP addresses to network
clients, usually when the client connects to the Internet.
Diffie-Hellman: An algorithm for establishing a shared
secret key over an insecure medium. See Diffie-
Hellman group.
Diffie-Hellman group: FortiGate units support Diffie-
Hellman groups 1, 2 and 5. The size of the modulus
used to calculate the key varies according to the group:
• Group 1: 768-bit modulus
• Group 2: 1024-bit modulus
• Group 5: 1536-bit modulus
digital certificate: A digital document that guarantees
the identity of a person or entity and is issued by a CA.
DMZ, Demilitarized Zone: An untrusted area of a
private network, usually used to host Internet services
without allowing unauthorized access to an internal
(private) network. Typically, the DMZ contains servers
accessible to Internet traffic, such as Web, FTP, SMTP,
and DNS servers.
DMZ interface: The FortiGate interface that connects
to a DMZ network.
DNS, Domain Name System: A service that converts
symbolic node names to IP addresses. A domain name
server (DNS server) implements the protocol.
DoS, Denial-of-Service: An attempt to disrupt a
service by flooding the network with fake requests that
consume network resources.
DSL, Digital Subscriber Line: A way to access the
Internet at higher speeds using existing copper
telephone lines. Users can maintain a continuous
connection to the Internet and use the phone
simultaneously.
encapsulate: Add a header to a packet to create a unit
of transmission that matches the unit of transmission
on a different network layer.
encryption: A method of encoding a file so that it
cannot be understood. The information must be
decrypted before it can be used.
endpoint: The IP address or port number that defines
one end of a connection.
01-28008-0013-20050204
Glossary
377