Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

Security concerns

Using the old IPSec tunneling method, packets can be routed anywhere by a FortiGate unit after decryption, which is a potential security issue. The fgfm protocol performs tunneling/detunneling exclusively in the fgfm daemon, sending packets to the FortiGate’s TUN device and no other network devices. Packets are unable to leak out of the FortiGate and incoming data is dropped if it cannot be delivered to daemons via the local stack.

Security concerns

Using the old IPSec tunneling method, packets can be routed anywhere by a FortiGate unit after decryption, which is a potential security issue. The fgfm protocol performs tunneling/detunneling exclusively in the fgfm daemon, sending packets to the FortiGate’s TUN device and no other network devices. Packets are unable to leak out of the FortiGate and incoming data is dropped if it cannot be delivered to daemons via the local stack.