Fortinet 100A Router User Manual

Open as PDF

of 374

VPN ipsec phase1

FortiGate-100A Administration Guide 01-28007-0068-20041203 269

CLI configuration

This section provides information about features that must be configured through CLI

commands. CLI commands provide additional network options that cannot be

configured through the web-based manager. For complete descriptions and examples

of how to use CLI commands, see the FortiGate CLI Reference Guide.

ipsec phase1

In the web-based manager, the Dead Peer Detection option can be enabled when you

define advanced Phase 1 options. The config vpn ipsec phase1 CLI command

supports additional options for specifying a long and short idle time, a retry count, and

a retry interval.

Command syntax pattern

config vpn ipsec phase1

edit <name_str>

set <keyword> <variable>

end

config vpn ipsec phase1

edit <name_str>

unset <keyword>

end

ipsec phase1 command keywords and variables

Keywords and

variables

Description Default Availability

dpd-idlecleanup

<seconds_integer>

The DPD long idle setting when dpd is set

to enable. Set the time, in seconds, that a

link must remain unused before the local

VPN peer pro-actively probes its state. After

this period of time expires, the local peer

will send a DPD probe to determine the

status of the link even if there is no traffic

between the local peer and the remote

peer. The dpd-idlecleanup range is 100

to 28 800 and must be greater than the

dpd-idleworry setting.

300

seconds

All models.

dpd must

be set to

enable.

dpd-idleworry

<seconds_integer>

The DPD short idle setting when dpd is set

to enable. Set the time, in seconds, that a

link must remain unused before the local

VPN peer considers it to be idle. After this

period of time expires, whenever the local

peer sends traffic to the remote VPN peer it

will also send a DPD probe to determine

the status of the link. The dpd-idleworry

range is 1 to 300.

To control the length of time that the

FortiGate unit takes to detect a dead peer

with DPD probes, use the dpdretrycount

and dpd-retryinterval keywords.

seconds

All models.

dpd must

be set to

enable.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Fortinet 100A Router User Manual