Fortinet 100A User Manual
Page 365
Glossary
FortiGate-100A Administration Guide
01-28007-0068-20041203
365
MTU, Maximum Transmission Unit: The largest
physical packet size, measured in bytes, that a network
can transmit. Any packets larger than the MTU are
divided into smaller packets before they are sent.
NAT, Network Address Translation: A way of routing
IPv4 packets transparently. Using NAT, a router or
FortiGate unit between a private and public network
translates private IP addresses to public addresses
and the other way around.
netmask, network mask: Also sometimes called
subnet mask. A 32-bit quantity that indicates which bits
of an IP address refer to the network portion.
NTP, Network Time Protocol: Used to synchronize
the time of a computer to an NTP server. NTP provides
accuracies to within tens of milliseconds across the
Internet relative to coordinated universal time.
OSI, Open Systems Interconnection: A standard that
defines network communication protocols using a
seven-layer model.
packet: A piece of data transmitted over a packet-
switched network. A packet contains a payload, the
source and destination addresses, and a checksum. In
IP networks, packets are often called datagrams.
Packets are passed between the OSI data-link and
network layers.
PAP, Password Authentication Protocol: An
authentication protocol supported by PPP. See also
PPP.
ping, packet Internet grouper: A utility for
determining whether the device at a specific IP address
is accessible. The utility sends a packet to the specified
address and waits for a reply.
POP3, Post Office Protocol: A protocol used to
transfer email from a mail server to a mail client across
the Internet. Most email clients use POP.
port: The part of an interface on which application
traffic is carried. By convention, the port number
identifies the type of traffic. For example, port 80 is
used for HTTP traffic.
PPP, Point-to-Point Protocol: A protocol for
transmitting IP packets over serial point-to-point links
(that is, across any DTE/DCE interface).
PPPoE, PPP over Ethernet: A protocol that specifies
how to encapsulate PPP packets over Ethernet.
PPTP, Point-to-Point Tunneling Protocol: A security
protocol that creates a VPN by encapsulating PPP
packets.
protocol: A standard format for transmitting data. The
protocol determines the type of error checking to be
used, the data compression method (if any), how the
sending device indicates that it has finished sending a
message, and how the receiving device indicates that it
has received a message.
RADIUS, Remote Authentication Dial-In User
Service: A user authentication and network-usage
accounting system. When users dial into an ISP they
enter a user name and password. This information is
passed to a RADIUS server, which authenticates the
user and authorizes access to the network.
remote: The far end point (an IP address or port
number) of a connection.
replay detection: A way to determine whether a replay
attack is underway in an IPSec tunnel. A replay attack
occurs when an unauthorized party intercepts a series
of IPSec packets and changes them in an attempt to
flood a tunnel or access a VPN.
RFC, Request for Comments: Internet Standards
Committee documentation.
RIP, Routing Information Protocol: An Internet
protocol for sharing routing information within an
autonomous system.
router: A hardware device that connects computers on
the Internet together and routes traffic between them. A
router may connect a LAN and/or DMZ to the Internet.
routing: The process of determining which path to use
for sending packets to a destination.
routing table: A list of possible paths that a packet can
take to reach a destination.
SA, Security Association: SAs protect tunneled
packets. They contain the information needed to create
an IPSec VPN tunnel. An SA is uniquely identified by a
security parameter index, an IP destination address,
and a security protocol identifier. The Internet Security
Association and Key Management Protocol (ISAKMP)
is used to manage SAs.
server: An application that answers requests from
clients. Used as a generic term for any device that
provides services to the rest of the network such as
printing, storage, and network access.