FortiGate

FortiGate

基于Fortinet专有的FortiASIC加速芯片
FortiAp

FortiAp

无线接入点的企业级、控制器管理设备
FortiWeb

FortiWeb

Web应用层防火墙
FortiMail

FortiMail

先进的反垃圾邮件和反病毒过滤功能

飞塔防火墙200b

回复

UTM太太乐 发起了问题 • 1 人关注 • 0 个回复 • 185 次浏览 • 2018-03-14 16:28 • 来自相关话题

NSE 4 考试通过后如何获取证书以及将证书关联到公司

网站使用likh 发表了文章 • 1 个评论 • 169 次浏览 • 2018-03-10 11:46 • 来自相关话题

很多人不知道NSE 4 考试通过后如何获取证书,证书是通过什么方式通知到个人,如何关联到公司的Partner,其实证书是可以自己下载的,PDF文件,而且能下载的速度极快,基本上考试通过24小时后,就能在相关的网站上面下载到,下面是教程
很多人不知道NSE 4 考试通过后如何获取证书,证书是通过什么方式通知到个人,如何关联到公司的Partner,其实证书是可以自己下载的,PDF文件,而且能下载的速度极快,基本上考试通过24小时后,就能在相关的网站上面下载到,下面是教程

FG110c 配置迁移到FG100D

FortiGate蒋晓 回复了问题 • 3 人关注 • 1 个回复 • 249 次浏览 • 2018-03-08 10:54 • 来自相关话题

FGT处理数据包时延怎么测

FortiGate蒋晓 回复了问题 • 3 人关注 • 2 个回复 • 165 次浏览 • 2018-03-08 10:39 • 来自相关话题

阿里云openswan与FGT IPsec VPN对接

FortiGatekmliu 发表了文章 • 0 个评论 • 260 次浏览 • 2018-03-07 17:20 • 来自相关话题

Centos 6.5安装并配置OPENSWAN
(1)使用yum -y install openswan安装openswan
# yum -y install openswan
# ipsec verify

# vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 0 ---改成1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1 ---改成0

# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
改为
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

(3).运行如下命令配置环境变量
sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf
成功执行后运行sysctl -p使修改的参数生效。

(4).关闭selinux:setenforce 0(关闭selinux,重启失效),接下来永久关闭selinux
修改vi /etc/selinux/config 把
SELINUX=enforcing
改为
SELINUX=disabled
[按照需求调整此配合,完全关闭不安全]

(5)关闭iptables
# /etc/init.d/iptables stop 
# chkconfig iptables off
[按照需求调整此配合,完全关闭不安全,实际只需将相关流量放通即可]

(6).运行#chkconfig ipsec on 开机自动启动ipsec服务
 
(7)开启Linux的路由转发功能:
echo "1">/proc/sys/net/ipv4/ip_forward
 
(8).启动ipsec # service ipsec restart 并重新运行检查命令ipsec verify

(9)配置openswan
# vi /etc/ipsec.conf
# vi /etc/ipsec.secrets
# service ipsec restart 
 
 IPsec VPN FGT与阿里云OPENSWAN对接配置案例:
飞塔  Fortigate     公网:111.207.223.66    内网网段:192.168.146.0/24
阿里云Openswan 公网: 39.107.48.171     内网网段:10.25.0.0/16


拓扑:
192.168.146.0/24------------FGT----------Internet---------OPENSWAN-----------10.25.0.0/16
                                  
阿里云OPENSWAN IPsec VPN配置:
# vi /etc/ipsec.secrets
39.107.48.171 111.207.223.66: PSK "root123"

# vi /etc/ipsec.conf
config setup
   plutodebug=all
   plutostderrlog=/var/log/pluto.log
   protostack=netkey
   nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16

conn vpn-tunnel
   auto=start
   type=tunnel
   authby=secret
   compress=no
   pfs=yes

  left=39.107.48.171             
  #leftid=openswan
  leftsubnet=10.25.0.0/16                
  leftnexthop=%defaultroute

  right=111.207.223.66
  #rightid=fgt
  rightsubnet=192.168.146.0/24
  rightnexthop=%defaultroute

FGT IPsec VPN配置:
config system interface
    edit "wan1"
        set ip 111.207.223.66 255.255.255.224
end
config vpn ipsec phase1-interface
    edit "to-aliyun"
        set interface "wan1"
        set peertype any
        set remote-gw 39.107.48.171
        set psksecret ENC osY8nq9ytG9TwSANhARRNzLQCSNQ2m7WSsZrJVCNFuwjtwiMvth6hayrHdFqU7CuWai+337BiJPgSJ+ycQqgoPfRYrqg/KG/9K/Kv4HyPDYtKq7WuOyODjz2hlCCIsF5yLkHZSKgsNsXuTi+MDgRoT3YA6TbAn+yjsU4W5BJXyWKKNz6f2KG/cmQSKjIlo6Ak/awCw==
    next
end
config vpn ipsec phase2-interface
    edit "to-aliyun"
        set phase1name "to-aliyun"
        set auto-negotiate enable
        set keylifeseconds 3600
        set src-subnet 192.168.146.0 255.255.255.0
        set dst-subnet 10.25.0.0 255.255.0.0
    next
end
config firewall policy
    edit 0
        set name "vpnlocal-to-aliyun"
        set srcintf "port1"
        set dstintf "to-aliyun"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
    next
    edit 0
        set name "aliyun-to-vpnlocal"
        set srcintf "to-aliyun"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
    next
end
config router static
    edit 1
        set gateway 111.207.223.65
        set device "wan1"
    next
    edit 0
        set dst 10.25.0.0 255.255.0.0
        set device "to-aliyun"
    next
    edit 0
        set dst 10.25.0.0 255.255.0.0
        set distance 254
        set blackhole enable
    next
end 查看全部
Centos 6.5安装并配置OPENSWAN
(1)使用yum -y install openswan安装openswan
# yum -y install openswan
# ipsec verify

# vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 0 ---改成1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1 ---改成0

# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
改为
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

(3).运行如下命令配置环境变量
sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf
成功执行后运行sysctl -p使修改的参数生效。

(4).关闭selinux:setenforce 0(关闭selinux,重启失效),接下来永久关闭selinux
修改vi /etc/selinux/config 把
SELINUX=enforcing
改为
SELINUX=disabled
[按照需求调整此配合,完全关闭不安全]

(5)关闭iptables
# /etc/init.d/iptables stop 
# chkconfig iptables off
[按照需求调整此配合,完全关闭不安全,实际只需将相关流量放通即可]

(6).运行#chkconfig ipsec on 开机自动启动ipsec服务
 
(7)开启Linux的路由转发功能:
echo "1">/proc/sys/net/ipv4/ip_forward
 
(8).启动ipsec # service ipsec restart 并重新运行检查命令ipsec verify

(9)配置openswan
# vi /etc/ipsec.conf
# vi /etc/ipsec.secrets
# service ipsec restart 
 
 IPsec VPN FGT与阿里云OPENSWAN对接配置案例:
飞塔  Fortigate     公网:111.207.223.66    内网网段:192.168.146.0/24
阿里云Openswan 公网: 39.107.48.171     内网网段:10.25.0.0/16


拓扑:
192.168.146.0/24------------FGT----------Internet---------OPENSWAN-----------10.25.0.0/16
                                  
阿里云OPENSWAN IPsec VPN配置:
# vi /etc/ipsec.secrets
39.107.48.171 111.207.223.66: PSK "root123"

# vi /etc/ipsec.conf
config setup
   plutodebug=all
   plutostderrlog=/var/log/pluto.log
   protostack=netkey
   nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16

conn vpn-tunnel
   auto=start
   type=tunnel
   authby=secret
   compress=no
   pfs=yes

  left=39.107.48.171             
  #leftid=openswan
  leftsubnet=10.25.0.0/16                
  leftnexthop=%defaultroute

  right=111.207.223.66
  #rightid=fgt
  rightsubnet=192.168.146.0/24
  rightnexthop=%defaultroute

FGT IPsec VPN配置:
config system interface
    edit "wan1"
        set ip 111.207.223.66 255.255.255.224
end
config vpn ipsec phase1-interface
    edit "to-aliyun"
        set interface "wan1"
        set peertype any
        set remote-gw 39.107.48.171
        set psksecret ENC osY8nq9ytG9TwSANhARRNzLQCSNQ2m7WSsZrJVCNFuwjtwiMvth6hayrHdFqU7CuWai+337BiJPgSJ+ycQqgoPfRYrqg/KG/9K/Kv4HyPDYtKq7WuOyODjz2hlCCIsF5yLkHZSKgsNsXuTi+MDgRoT3YA6TbAn+yjsU4W5BJXyWKKNz6f2KG/cmQSKjIlo6Ak/awCw==
    next
end
config vpn ipsec phase2-interface
    edit "to-aliyun"
        set phase1name "to-aliyun"
        set auto-negotiate enable
        set keylifeseconds 3600
        set src-subnet 192.168.146.0 255.255.255.0
        set dst-subnet 10.25.0.0 255.255.0.0
    next
end
config firewall policy
    edit 0
        set name "vpnlocal-to-aliyun"
        set srcintf "port1"
        set dstintf "to-aliyun"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
    next
    edit 0
        set name "aliyun-to-vpnlocal"
        set srcintf "to-aliyun"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
    next
end
config router static
    edit 1
        set gateway 111.207.223.65
        set device "wan1"
    next
    edit 0
        set dst 10.25.0.0 255.255.0.0
        set device "to-aliyun"
    next
    edit 0
        set dst 10.25.0.0 255.255.0.0
        set distance 254
        set blackhole enable
    next
end

错误:输入条目未找到.

回复

用户管理zlyhua888 发起了问题 • 1 人关注 • 0 个回复 • 139 次浏览 • 2018-03-07 15:23 • 来自相关话题

FGT策略路由和负载均衡

FortiGatejavenwu 回复了问题 • 3 人关注 • 1 个回复 • 200 次浏览 • 2018-03-06 16:31 • 来自相关话题

虚拟连接对

防火墙lpx 回复了问题 • 2 人关注 • 2 个回复 • 422 次浏览 • 2018-03-06 09:55 • 来自相关话题

飞塔防火墙HA ping 检测切换故障

回复

系统管理lpx 发起了问题 • 1 人关注 • 0 个回复 • 370 次浏览 • 2018-03-06 09:46 • 来自相关话题

飞塔透明模式和虚拟连接对区别?

回复

FortiGatesimly 发起了问题 • 1 人关注 • 0 个回复 • 177 次浏览 • 2018-03-05 23:00 • 来自相关话题