Fortigate IPSec Cookbook-

IPsec *** is a common method for enabling private communication over the Internet. IPsec supports a similar client server architecture as SSL ***. However, to support a client server architecture, IPsec clients must install and configure an IPsec *** client (such as Fortinet’s FortiClient Endpoint Security) on their PCs or mobile devices. IPsec client configurations can be cryptic and complex, usually making SSL *** more convenient for users with little networking knowledge. However IPsec *** supports more configurations than SS L ***. A common application of IPsec *** is for a gateway to gateway configuration that allows users to transparently communicate between remote networks over the Internet. When a user on one network starts a communication session with a server on the other network, a security policy configured for IPsec *** intercepts the communication session and uses an associated IPsec configuration to both encrypt the session for privacy but also transparently route the session over the Internet to the remote network. At the remote network the encrypted communication session is intercepted and decrypted by the IPsec gateway at the remote network and the unencrypted traffic is forwarded to the server. Responses from the server than pass back over the encrypted tunnel to the client. L ***. A common application of IPsec *** is for a gateway to gateway configuration that allows users to transparently communicate between remote networks over the Internet. When a user on one network starts a communication session with a server on the other network, a security policy configured for IPsec *** intercepts the communication session and uses an associated IPsec configuration to both encrypt the session for privacy but also transparently route the session over the Internet to the remote network. At the remote network the encrypted communication session is intercepted and decrypted by the IPsec gateway at the remote network and the unencrypted traffic is forwarded to the server. Responses from the server than pass back over the encrypted tunnel to the client.