Hi all, I was trying to set up a tunnel on a fresh FortiGate-VM (KVM)
installation but I can't select AES as encryption for Phase1 proposal:
I'm using version 5.2.5 (build701); the appliance is not licensed yet.
Have you experienced this before?
Ken, I agree with you on the upstream policer but it can't be set
everywhere. E.g. think of a basic internet access; the provider won't
set it for you, yet your FW is still exposed. This is the order of
packet processing on FortiGate:[ol]Receiving th...
The IPS defends the systems behind the FW. The DoS policy (ICMP flood)
should be set to protect the firewall. The only limitation on FortiGate
is that DOS Policy applies to all ICMP traffic, not just Blacknurse.For
a more sophisticated solution you'l...