Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 8
10. Lecture-10: FortiGate Firewall Interfaces and Zones.
Initially working what we’ve seen, we’ve enforced first interfaces, I went to interfaces and I configure interfaces.
So, now let’s go to interfaces. What is interfaces in for quite a while, as we know, and we firewall and it would allow the user interface is okay. These are interfaces can be a physical interfaces, this can be a virtual interface is okay and can be a logical interface is like a big interface. This is a logical virtual and either like when we configure VPN, we create a virtual interface is the same thing you will find in four billion firewall interfaces. It can be a physical, it can be a wonderful it can be a little bigger interface. It can be a weapon. What it will interface. And interface we are using to flow the traffic, definitely all our traffic coming and going through these interfaces. You are logical interfaces we are using for some other purposes, like a Lubeck interface we are using and BGB, we can use them in space and we can use them in. AIG had to be part of many Barabbas, but physically more. Most of the time we are using to offload their traffic and the traffic is going through these interfaces now. And 40 grand final one is depend on the model of the firewall. There are so many model you can find from eight to four be physical interfaces for which we can import as well these interfaces. And some interfaces will be, you know, the end will be written like a management interface. There will be written when interface when one and two, there will be an interface, there will be written BMC, as well and some modern. And the most of them is like a physical interface, is this really like a speech where you can connect to a lot Lempke and you can use them for Demsey? okay, so these are the interfaces now, logically, we can create the religions as well, and 40 year, while we can create a interfaces, is where we can create the Wehbe internal interfaces and also the areas of physical interfaces as well. And we can apply labelling to the interfaces as well as I show you.
So, this is the front end of the for the unified one. This one is management.
Some of the information. Okay, if there is no wind and landmen, you can change them anytime. It’s not much and you have to use those interfaces for when it’s up to you. You can convert them to do all in as well. But anyhow, you have so many interfaces are two for two to four different interfaces so you can utilize them. Now, if we go here, okay, to interface, is this the first done? The first thing is these are my interfaces and here we are, I have dual interfaces, I think Sensory nine.
So, from one to 10 I hear interfaces. These are the name of the interfaces. Then how about the interface and these all are physical interfaces. This way, certain physical interfaces, now we create logical it will show me someone that I mean, but if these interfaces belong to any thing like a religion or any other.
So, these are not a member of anything right now. I’d be a mosque first from if I were to listen to this one. This is the IP address and network was using the subnet mask as we know them. These one two zero zero mean there is no I.B. and no subnet mask. Only these two. Now, Administrator Wilkes’s again, we will do it, I’m going to do this indeed did what any minister do you want to allow these interface? Because I have only this interface is a management.
So, I end up being an Internet group or HHTTP is hypertext transfer protocol to secure SSA, Kirschen, HHTTP, Hypertext, Diceman Protocol and Internet.
So, I can manage this interface by using these management protocols to this God administrator to exist, is this interface belong to these people and we can use them as a DCB like Lakeville interface. Okay, if I change them, I can change them to the BNP as well. Now, it will be because it’s the our external interface. Okay, this one, after a while, it will only be through the ATP inflation operational. Okay, anyway, after a while, I’ll be. Two hundred and two to eight is the other big line. Either DCB range is okay and reference to all these interfaces is being used.
So, it’s not we. This one is being used some way this way, saying the difference. When you click on this reference, it will show you that in one policy, this interface is being used. And it’s true. Yes, we use them in one policy.
So, the difference means we are this interface is being used. It’s a weird thing to find out where this interface is being used.
So, the interface uses these detailed name. I remember I’ve been information minister during, says BHP and Rangers’. There is a small. Small circle like this one, like a guitar you can click on here to it, say you can and will so many economies and right now these Gallimard and ambulatory friends through say, how many bird has been seen through this interface, the description of this interface error link Starmaker. This is the role of this interface, bigger security, more really. And I’d rather be Zohn. You can apply those in and will come up here.
So, these much bird has been seen through this interface. Links to dozens of this interfaces is some of the interfaces that are doing this is the of media access control andres’s of this interface, how many fingers this is inviting and these are in fact unidentified because we didn’t understand any rules to this interface.
So, please, if you want to go to and change the rule.
So, this is the rule, I suppose, if I say I want to do them. Lendell so if you here look at it, there is no Lynn and security more to you will later on.
So, it’s not doing anything.
So, I enable so many other, if you require, if you will, to this small gate icon, if you on and on and on. I just need a different one. Click here Reeser. And when and when you click here, you will see everything is gone. Now again, I do reference so long. What are you going to enable. And you can research them anytime. And this one is Mr. Al Golan Cipel, there are so many space here, these animals just fill them to we will adjust them. Okay, so this thing you can and there were so many Culham there is animal and the one reaches Reno. DaMarcus, not animal. Now, there is a clear new we will go to that one later on, but here is the bottom. Looking can this little interface by clicking this interface, it will take you here to configure like Alias Diasporan, it’s in 2010 Gaensler. It will come up here beside it and you can go right click on this one and it is a pencil. You can edit it again to do it to the Third Amendment, to any interference for your firewall. Just double click on it.
So, there are three Mintern now that we can configure in your interface. Delinda’s hideout Graynor. The reason is these are physical interfaces which we can not delete them. But if you want, if you have one of your interfaces, you can delete them using this delete gomaa above. There is redundant regional offices being selected. The one reads like suppose if I can do it here is now here this being selected. If I say this one, so now I select device and then it’s become a bigger now to return to and more to show you the reach interface you have selected. Just in search, but you can suppose if he selling to anything start from Lane, it will show you here some holes if I say anything, which is for because I’m these are folks are work and you get to clear from here to search is very helpful if you want to sell something quickly. And the last 20 years grew by diet, all these interfaces are showing and now in order, it’s up to you and which other union will bite you.
So, these are the type like a land management is showing, like this one issue in my diet. If you say my role.
So, there are only one road warriors and then land and unidentified. Only one was in the land and lost them all by honor. And in this way on their interface is nine and one interfaces and land.
So, this was vital bystanders like enable and disable status.
So, only we have salwan in no uncertain and three interfaces is because we are using only three interfaces to issuing Abidin status and block by zone because you don’t create in your zone.
So, nothing is it will show nothing and no one will be walking. It was like Diffa one.
So, now there is no group in there showing you anything. Also, you can use this that there is a small field, this one, this search field and this one is by filter, by name. If you click here that in them end I want to buy in and apply.
So, in you only when to clear the filter there is a remove button.
So, there is a time again and again you can do Y because you have only physical interfaces that you can do in by physical interface filter. Remember we don’t have been burned by Ibukun filter there anything. Start from one. Want to filter it.
So, only we have this interfaces filter by this one. If you want to remove the filter and administer the filter filter.
So, there is an individual filter and also if you click on them, so why Mamedov will do again click.
So, it will ruin this one by time. That physical by ABC and everything start zero again. Click and start from ipis.
So, it will be by their range as well. Okay. Anything here, there is a refreshing button to refresh anything by now, 30 second, one minute you can do it, by the way. The last thing is there is a button created new so you can create new interfaces because these are physical interfaces. And I told you, we can create the logical interfaces as well.
So, click on Create New Worlds, whereas interfaces on words will rewire. And for the extender foundation to respond to Wi-Fi, we don’t need to and are not required to do that. One word, will we? What I will show you to combine. Like in Do You Get Fired one, we didn’t. The concept was we were yeah that was the name was rewired. Okay, like a giant, like a breach, something. Okay, so you can use your words when we were Zohn, we will discuss in detail you can create a own to groups something, okay? And there is an interface.
So, let’s first go to interfaces.
So, the interfaces logical interface is not the physical game here.
So, now let’s suppose if you want to give them any name or suppose reelin, then. And yes, you can do them any them, and these are the type in what you call interfaces, which you can create, the first one is easy to do that in the aggregate. Then Lubic interface redundant interface software, switch reelin and this one is far for you. We don’t want to discuss Wi-Fi, so let’s just call this one. The first one was Wheelin. We can create a reelin one reelin interface. This one.
So, we let we know what your local area network to the world, a huge broadcast woman and a small part for you, call them my wheelin if you want to, like in region. What I would say, if you want big and like I you five hundred a student and you want to create a small station station station shouldn’t re S.A.C..
So, this is Karlovy. And I don’t want to go into it. And indeed and there are so many media now Deucalion. How do mean what is real in more detail. We use them for second gear division. And small broadcast domains, we use ReliOn for their purpose and the same thing we can do here, we do this discuss in so many cultures by. And that is Lubic interface lubing interface is basically like a logical interface. Normally we use logical interfaces and BGB marketing and management functions and we use Lubic interfaces because it’s not done. Even if your physical interface down logical is still up, so that’s right, and BGB in OSB, if we use them as like for management purposes. Indeed, for the whole and for any other thing we can do also, and we being we are using Lubic interfaces side to side with BNN on another for testing, we are also using Lubic interfaces. Keep in mind, there are so many Lubic things, Lubic Interface Lubeck or. We have a window just I show you, and when we have new big interface. There is a little bit testor as welli. End of the day, Lubic, I.B., as well, so don’t confuse yourself big, there is a big sister. We know what we want to check anything, and you don’t have a B.S., so you can clear the loop test like this on this far of the fiber optic and it should be fought out here to five.
So, tell you. Forty five. I don’t get. This one. Just Lubic means just coming back, it’s making Aliou.
So, you can dislike interfaces where you can switch interfaces working on, so we can just see if it is green at the interface is working rather than to bring your piece and plug one in another plug.
So, this one, we also got a little bit in Oju. And when do we are we can create a Lubic interface, the one which I created in and I use for this purpose and this interface. Either you use them or not, it will be up for other time because I’m not going to do what actually is done because I’m not connected to my local interface is done. I’m not going to do the loop because I’m not using it. Even if you are not using, it will be a.
So, this is a big and often you create created as well, and there is a big IP as welli military using one Twenty-Second for this purpose. Okay, so Ping Lubic. Bashforth replies, Coming to me is my protocol is working in my own defense is okay, we can use Lubic for this purpose, which is I.B. One would want to say, I want to return to to five. And I think there is, I believe, six Lubic as well, which is Colen one.
So, so many things and and awadi things we can create a little bit and forget for a while. And Cecillia say if I’m not in school you say and Cisco switches all of them and so many things and even in Palo Alto firewall in any other firewall.
So, this is a logical interface which we can create for many other purposes. Then there is a redundant interface when you see when we come here.
So, this is an independent interface.
So, we’ve done lubing million. Now there is a redundant interface, what is redundant interface? Basically, if you want to see high availability. If one interface is down, the other has to start what is a big.
So, then you can use that as an interface. Keep in mind and interface both their interfaces, either more than two interfaces will not work on the same time. Only one interface will work. And until and unless the face is working, the other will not work. This is the difference between redundant and angry, an interface. Keep in mind.
So, that means suppose if I do two interfaces, one will work and the other will like a backup. Like, stand by, it will not work.
So, in the first interfaces, Dawn, the other will start to work like a field where.
So, we can use that as an interface where you can use it in interfaces as well if we need something like this. Now it is. This one ingredient is.
So, what is on here? Now, there is a difference between ingredient in an ingredient aggregators, link, aggregation, protocol. You know, the NAACP, which we are using in Cisco, which is as well. This will combine more than one interface and logically it will be one and on the interface, it will work together, it will bind. We’ll make them logically one, it will combine the link, it’s not like other Gendron interfaces. And and so we are using our linking irrigation control to hold a13, and we call them as well.
So, one side’s Rachel Configurator channel and the other side to make their differences in regard to the means, you can figure NAACP link. Interrogation control protocol. But these will be large in Canada, logical interfaces and will be a physical interfaces and all end interfaces will belong to one domain, not a single thing, then you can combine them and integrate them.
So, this is a great interface. Also, there is another interface, if I click on another, as opposed to any interface of all board for the ability to edit identically, there it is, one arm sniffer. I want to combine to interface this one, this one is with one arm sniffer, what is one? Almost no one else no is like in forty eight far, far too far. While we discuss Batbold, I trust of Moldea and Cisco, which we call them also Mozote and Cisco, we call them mode and for the biological father, for our daughter to ask them. We do not live there as well if you remember. Like idiots, when you can figure out who you are to find one, like a word, like ideas, like a log’s aggregator, to see the reporting, to see the see the logs, the following statement that we are getting more the same concept is he had one arm sniffer. If you want to use your phone to hear if one is a for the logs will come in, you will see and you can give Sharonville and you can see the logs as well, which we didn’t before lasering. And so we call them what to configure to read, I want to refrain from monitoring, monitoring as well like we used to monitor something.
So, give them one of them. Okay, so this one involves also done.
So, these are the interfaces which we can configure. Okay? And from there we can check the interfaces from network interfaces.
So, we will do two, three different topology to see two different things, like a reelin, one like a sniper, one like aggregated one. Anything we will do. Two, three, if you want, I can do all we will do to them. You an idea how we can configure the interfaces in different more.
So, now we know this basic thing interfaces how these things from top to bottom. Now we get idea how these things are working. And then from here we see the interfaces. The same thing we can create zones to combine. This zone is not like other one zone, let me show you if I lived here. And basically part of our grouping, supposedly, you have so many millions you created. And so let me suppose, if you created five billion to what you will do, you will create five different policies to apply rule on every.
So, rather than to create five policy, why not combine all the women and one zone? So, logically, it will become one so many. What do you want to apply policy? It will be applied on one’s own and will be inherited too unwilling.
So, this method, we call them zones. To simplify your policy configuration, your management, you are a creation of policy, everything will be visible clearly when you use a Zorn’s keep in mind zone and for the Great Firewall end zone in Palo Alto, firewall is a different thing that we discussed. Zone is a different thing, but Heren Zone is different. It’s combining basically interfaces, same same interfaces like in one Huttle. Like in this one, so I combined will in one to four in zone. Then I created another zone, four to three support, and I create a new zone, so it’s combined the policy, but you have to keep in mind you cannot apply anything individually then and within one.
So, first you have to decide you want to go in grouping. Either you don’t want to join the group. Suppose, like a team, we need somebody working in an office is a team, so then you can not do anything with with without the information you have to follow whatever the AC is a combined with the same, you want to resign from the company altogether because they don’t want to give us the salary. Then you have to go with them. Then they will say, no, no, no, no, I don’t want to because I have a family. They send their children. Don’t go to team member.
So, the zone is the same thing when you enter the zone and then either you have to remove the zone to. She played the violin and either you had to be in one zone to what they were a player in the zone and will be indebted to you so we can do zone as well here and here we can create, which we will do anyway to an interface. We discuss interface and different data. Then we can create a zone and what will we what is already the same thing. And we want to break something. There will be no IBT while. It’s the same like rewind and button to firewall, same concept. Okay, so that’s done. These are the interfaces, reality stuff, they do some labor related to this one.
So, let me.