1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Network Hardware
  5. FortiGate FortiGate-ASM-FB4
  6. Technical note

Accelerated Interface Mode Ipsec; To Configure Hardware Accelerated Interface Mode Ipsec - Fortinet FortiGate FortiGate-ASM-FB4 Technical Note

Version 1.0
Hide thumbs Also See for FortiGate FortiGate-ASM-FB4:
Table of Contents

Advertisement

Examples
10
11
12
13
14
15

Accelerated interface mode IPSec

1
2
3
4
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
Configure Phase 2.
If you enable the checkbox "Enable replay detection," set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
Go to Firewall > Policy.
Configure one policy to apply the Phase 1 IPSec tunnel you configured in step
to traffic between FortiGate-ASM-FB4 module ports 1 and 2.
Go to Router > Static.
Configure a static route to route traffic destined for FortiGate_1's protected
network to VPN IP address of FortiGate_1's VPN gateway, 3.3.3.1, through the
FortiGate-ASM-FB4 module's port 2 (device).
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "AMC-SW1/2"
set dst 1.1.1.0 255.255.255.0
set gateway 3.3.3.1
next
end
Activate the IPSec tunnel by sending traffic between the two protected networks.
To verify tunnel activation, go to VPN > IPSEC > Monitor.
The following steps create a hardware accelerated interface mode IPSec tunnel
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.

To configure hardware accelerated interface mode IPSec

On FortiGate_1, go to VPN > IPSec.
Configure Phase 1.
For interface mode IPSec and for hardware acceleration, the following settings
are required.
Select Advanced.
Enable the checkbox "Enable IPSec Interface Mode."
In the Local Gateway IP section, select Specify and type the VPN IP address
3.3.3.2, which is the IP address of FortiGate_2's FortiGate-ASM-FB4 module
port 2.
Configure Phase 2.
If you enable the checkbox "Enable replay detection," set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
Go to Firewall > Policy.
Accelerated interface mode IPSec
"config system npu" on page
"config system npu" on page
15.
9
15.
19

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-ASM-FB4 and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiGate FortiGate-ASM-FB4

Related Products for Fortinet FortiGate FortiGate-ASM-FB4

Table of Contents