Fortinet 100A User Manual

248

01-28007-0068-20041203

Fortinet Inc.

Phase 1 basic settings

VPN

Pre-shared Key If Preshared Key is selected, type the preshared key that the FortiGate unit

will use to authenticate itself to the remote peer during phase 1 negotiations.

You must define the same value at the remote peer. The key must contain at

least 6 printable characters and should only be known by network

administrators. For optimum protection against currently known attacks, the

key should consist of a minimum of 16 randomly chosen alphanumeric

characters.

Certificate
Name

If RSA Signature is selected, select the name of the digital certificate that the

FortiGate unit will use to authenticate itself to the remote peer during phase 1

negotiations.

Peer Options

These options are available to authenticate remote dialup clients or VPN

peers with peer IDs or certificate names, depending on the Remote Gateway

and Mode settings.
•

Select Accept any peer ID to accept the local ID of any remote client or
VPN peer.

•

If the remote peer has a domain name and subscribes to a dynamic DNS
service, select Accept this peer ID and type the fully qualified domain
name of the remote peer. This value must be identical to the value in the
Local ID field of the phase 1 remote gateway configuration on the remote
peer.

•

To grant access to selected remote peers or clients based on a peer ID,
select Accept this peer ID and type the identifier. This value must be
identical to the value in the Local ID field of the phase 1 remote gateway
configuration on the remote peer or client.

•

To grant access to dialup users based on the name of a dialup group,
select Accept peer ID in dialup group and select the name of the group
from the list.

•

To grant access to selected remote peers or clients based on a certificate
distinguished name, select Accept this peer certificate only and select the
name of the certificate from the list. The certificate must be added to the
FortiGate configuration through the config user peer CLI command
before it can be selected. For more information, see the “config user”
chapter of the FortiGate CLI Reference Guide.

•

To grant access to selected remote peers or clients based on the name of
a certificate group, select Accept this peer certificate group only and select
the name of the group from the list. The group must be added to the
FortiGate configuration through the config user peer and config
user peergrp CLI commands before it can be selected. For more
information, see the “config user” chapter of the FortiGate CLI Reference
Guide.