■SSL
Strong authentication with security certificateshttp://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/SSLVPN_FortiGate_41.161.09.html
>The client browser must have a local certificate installed
FortiGate SSL VPN 2 Factor Authentication Using Open SSL Self Signed
Certificates
http://community.spiceworks.com/how_to/93311-fortigate-ssl-vpn-2-factor-authentication-using-open-ssl-self-signed-certificates
←専用クライアント "FortiClient"で、クライアント証明書を利用できるようにする手順紹介
Fortigate – Generate a certificate request and import a signed certificate back into the Fortigate.
https://stuff.purdon.ca/?page_id=21
■VRRP
VRRP 設定手順書 Ver. 1.1 - TEC-World
https://hds.networld.co.jp/faq/fortinet/00002498-1.pdf
Configuring VRRP
http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/HA_VRRP.089.4.html
■MTU
Interface MTU packet size
http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/interfaces.100.20.html
> To change the MTU size, use the following CLI commands:
> config system interface
> edit <interface_name>
> set mtu-override enable
> set mtu <byte_size>
> end
Change MTU to support Jumbo Frames in FortiOS
http://www.mylesgray.com/hardware/change-mtu-support-jumbo-frames-fortios/
←FortiOS v5.0+からはGUIの当該メニューは無いらしい
Changing the MTU size to improve network performance
http://www.manualslib.com/manual/53201/Fortinet-Fortigate-Fortigate-800.html?page=144
←以下、GUI?→
> To change the MTU size of the packets leaving an interface
> 1 Go to System > Network > Interface.
> 2 Choose an interface and select Modify
> 3 Select Override default MTU value (1500).
> 4 Set the MTU size.
■DMZ
FortiGate-60D / FortiWiFi-60D
http://www.fortinet.co.jp/products/fortigate/60DSeries.html
> 1.5 Gbpsのファイアウォールスループット
FortiGate-60D/FortiWiFi-60D
www.fortinet.co.jp/doc/FGT60DSeriesDS.pdf
> 2つのGbE WAN、7つのGbE LAN、1つのGbE DMZインタフェース
■ビデオ
Fortigate IPsec VPN for a secure connection using IOS ...
http://www.youtube.com/watch?v=5Up3cHyAuxM
How to Install and Configure Fortinet FortiClient IPSec VPN ...
http://www.youtube.com/watch?v=rn_5_NTYZrg
--- 2015.03.07 追記ここから ---
FortiGate Quick Start Guide ( Wizard Configuration ) (2013/06/12)https://www.youtube.com/watch?v=rh49qROujlE
ますは、ここを見れば、Fortigate/Fortiwifiの初期セットアップは大体分かる。
FortiGate Cookbook - Basic FortiGate Installation (5.2)
https://www.youtube.com/watch?v=LdGQBwYlbts&list=PLLbbcH8MnXJ5UV22hUQRIv0AHSqp81Ifg
こちらも初歩的な LAN→外部ネットワークの設定手順。
FortiGate Cookbook - Using the FortiClient VPN to set up a VPN between a user and a private network (2012/05/11)
https://www.youtube.com/watch?v=ay4IDD36hdM
FortiClient VPN (ipsec) で、内部LANへ、さらにFortiGate経由で外部へアクセスするための設定手順が紹介されている。
Setup IPSec VPN Access to Work Network for Remote Users using FortiClient
https://www.youtube.com/watch?v=BpexjgfsD34&t=133
此方もipsec設定手順。
remote LDAPでの認証や、split tunnelなど、さらに踏み込んだ内容。
特定グループにのみ外部から内部LANにアクセスさせたいが、残念ながら言及無し。
FortiGate Cookbook - Site-to-Site IPsec VPN (5.2)
https://www.youtube.com/watch?v=sZC0AldHi34&list=PLLbbcH8MnXJ5UV22hUQRIv0AHSqp81Ifg
Site to Site IPsec VPNの設定手順
FortiGate Cookbook - High Availability [HA] (5.2)
https://www.youtube.com/watch?v=Zn5rDN1YjSE&index=4&list=PLLbbcH8MnXJ5UV22hUQRIv0AHSqp81Ifg
Hot Standby機を用意して、冗長構成にする手順。
その他参考
http://www.fortinet.com/
--- 2015.03.07 追記ここまで ---
■参考、VPN
リモートアクセス型VPNの構築ポイント (1/2) (2003/05/31)
http://www.atmarkit.co.jp/ait/articles/0305/31/news002.html
//
No comments:
Post a Comment