Glossary – Fortinet 100A User Manual

Glossary

FortiGate-100A Administration Guide

01-28007-0068-20041203

363

Glossary

address: An IP address (logical address) or the
address of a physical interface (hardware address). An
Ethernet address is sometimes called a MAC address.
See also IP address.

aggressive mode: A way to establish a secure
channel during IPSec phase 1 negotiations when the
VPN peer uses its identity as part of the authentication
process. See also main mode.

AH, Authentication Header: An IPSec security
protocol. Fortinet IPSec uses ESP in tunnel mode, not
AH. See ESP.

ARP, Address Resolution Protocol: A protocol that
resolves a logical IP address to a physical Ethernet
address.

authentication: A process whereby a server
determines whether a client may establish a
connection and access private resources.

CA, Certificate Authority: A company that issues
digital certificates to validate the identity of a person or
entity in an online exchange.

CHAP, Challenge Handshake Authentication
Protocol: An authentication protocol supported by
PPP. See also PPP.

client: An application that requires and requests
services from a server.

cluster: A group of servers configured to act as a
single fault-tolerant unit.

connection: A link between computers, applications,
or processes that can be logical, physical, or both.

decryption: A method of decoding an encrypted file
into its original state.

DHCP, Dynamic Host Configuration Protocol: An
Internet protocol that assigns IP addresses to network
clients, usually when the client connects to the Internet.

Diffie-Hellman: An algorithm for establishing a shared
secret key over an insecure medium. See Diffie-
Hellman group.

Diffie-Hellman group: FortiGate units support Diffie-
Hellman groups 1, 2 and 5. The size of the modulus
used to calculate the key varies according to the group:

• Group 1: 768-bit modulus

• Group 2: 1024-bit modulus

• Group 5: 1536-bit modulus

digital certificate: A digital document that guarantees
the identity of a person or entity and is issued by a CA.

DMZ, Demilitarized Zone: An untrusted area of a
private network, usually used to host Internet services
without allowing unauthorized access to an internal
(private) network. Typically, the DMZ contains servers
accessible to Internet traffic, such as Web, FTP, SMTP,
and DNS servers.

DMZ interface: The FortiGate interface that connects
to a DMZ network.

DNS, Domain Name System: A service that converts
symbolic node names to IP addresses. A domain name
server (DNS server) implements the protocol.

DoS, Denial-of-Service: An attempt to disrupt a
service by flooding the network with fake requests that
consume network resources.

DSL, Digital Subscriber Line: A way to access the
Internet at higher speeds using existing copper
telephone lines. Users can maintain a continuous
connection to the Internet and use the phone
simultaneously.

encapsulate: Add a header to a packet to create a unit
of transmission that matches the unit of transmission
on a different network layer.

encryption: A method of encoding a file so that it
cannot be understood. The information must be
decrypted before it can be used.

endpoint: The IP address or port number that defines
one end of a connection.

ESP, Encapsulated Security Protocol: An IPSec
security protocol that provides encapsulation of
encrypted data—IP packets are embedded in other IP
packets so that the originating source and destination
IP addresses cannot be seen on the Internet.