Created on 11-14-2005 12:00 AM
Description | Only one subnet (or host) is accessible at a time, from the FortiGate. |
Components |
|
Steps or Commands | As the PiX firewall creates one SA (security association) per access-list entry and the FortiGate unit creates one SA per phase-2, the FortiGate unit must have a separate phase-2 entry for each access-list line in the PiX config (see below). access-list ipsec_vpn permit ip 192.168.1.0 255.255.255.0 host 10.0.0.1 In this example, the FortiGate will be configured with two Firewall Policies, each one using a unique Phase 2, and each one pointing to the respective remote destination network. The Address Group with the combined remote networks will not be used. |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.