Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 10
12. Lecture-12: Configure and Verify One-Armed Sniffer Lab.
The ingredient to the interface is one snipper, what is an honest one is, I tell you, if you want to use your four billion for one is our ideas, so just generate the report. By the way, it would not really be useful to analyze that. There is a log, another application, which we will discuss in the end. But anyway, we can use a 40 year to fly toward as well.
So, whatever the traffic is coming, it will one copy will go to the forty year to file just like our day mode, which we have done in one hour to file one.
So, far this proposal we are using one Sunday, so let’s do it. How we can do so for this purpose. Let me take one switch, okay? And from here, let me take one reporter. Is it line? And what I need to do that we take on our cloud has been to. Okay.
So, this is my Internet. Okay, and let me read for to hear it for one. Okay, this is 40 here quite a while, and let me connect them to the. To connect them to the next cloud of dust cloud, this is the management cloud. Okay, I will change it.
So, this is management, so you can take in GMT, right, click on this one config for special interface, choose Lubic. In my guess I choose Lubic. You can use any interface and Lubic and connect it to here. Okay. Let me change this one, too, by the way, it’s better to on this one and do this the rest of the thing and zero two interfaces is going to have to do the switch, zero zero interface, need these interfaces.
So, let me make them invisible. Might be connected to zero one. Okay, and you’re zero two is connected to the Internet. Okay. Now, what I need to do, okay, first I need to assign any IP for the management and management, we are using my new big interface and my Lubic interface IP is three, which we just use it, if you remember. Through Daquan, so I will assign three hundred. Okay, and let me on the street, as well and ABC, let me stop it. Okay, and rightly or do a configuration and will be in keeping this time. Because it’s connected to the sun and cloud, it will get automatically IP.
So, no need to apply anything. It will be made more easy. Otherwise, you can assign a static IP as well. By the way. That’s it.
So, let me check if this one is enable us to do this one and so console. And then we will configure, which first.
So, let me see if I’m starting now to do the switch in the switch. I need to configure a station, you know, the which we monitor you already done and Cisco switch.
So, what I need to do. And Cisco, which will do configuration and. Metric on them. This is someone like that, so I figured one translation and one give them any number of money, there is a crisis and this is my source, which I want to tell them, interface easier, one more detection and improve incoming and outgoing.
So, this is the first command monetization. One source interface is useless when anything coming from back in or out. Second, I will say destination. Destination, I want to push them to 40 here to find one for the year and for one is working like ideas because it will not stop them anything if it is around the world.
So, it is easier to fix it. This was the only thing on Cisco’s this show say sure, monitor sorry. Monitor monetization so this I can configure. Okay, so speeches is done now will coming to 40 year history. I just didn’t monitor anything. Incoming, outgoing and forward one copy to easy and easy to zero. I’m going to do the forty year firewall on for two but going to do first. I need to do something admin. There is no password to enter. One, two, three. One, two, three. Okay and good faith system interface. Which interface. Old one. Okay and the mode starting because this DCP by default it will not take IP sturdily and soon IP 192 160 or three hundred twenty four. Okay, and everything is already loaded. No need to allow suppose HHTTP is being a SSH Benedict and and to finish this one Schull system interface with Mom. No I have three Dortmunder kind of figure because this one this time I don’t want to just change. Now let’s hear and time. And if everything is okay it will come up here. Ataman. One, two, three. I don’t need any more changes, anything else just need to make board is a member. Nancy, keep in mind, this vote is in monitoring mode in Cisco, which we call them, if I should always eat zero zero. A showing down in monitoring state records in Washington state is used for monitoring this interface. It will be not used for any other traffic.
So, it will push one neighbor who might be to let me see. My busy one is working on our first need to check. Can I go to Facebook is histo because I get the IP automatically this time I use TCP. If you want to check, let me show you. If confirmed, so one one four two hundred and I can reach to the Internet, so my traffic is going to be clear. I don’t have any connection to the firewall, but you will see the traffic there. And this would be call snipper.
So, now let’s go to 40 years later this year, change the name. I don’t need to change the name. The only thing I need to change is network to interface and the interface, which is connected to the which is the portal click on this portal. And Jane, to one snipper and feel that if you want to apply and if you don’t, I suppose any specific cause traffic, if you want to see what I can or just ignore traffic security profile, if you want to enable anyone to assume anything so you can use them on as well, let me on. We don’t have an enemy in all station logs so that you can see the logs in, okay? okay, now if we go back, because it’s like a one hour sniffer, it’s mentioned here. Okay, no need to do anything. That’s it. You see the energy that came showing the protest now showing you can play them as well. If you want to capture the picture yourself, it will go to Lourdes as well. But yeah, they give you a game. Sure. as well to let me generate some traffic to Facebook and let me send some being as well. Let me do a thing at Google, okay? And now if you here look at two percent because some.
So, what do you think something is coming when we see is going to Internet? They have no link here to come. But basically when they come to the.
So, there is a monetization.
So, we told them to send one copy to both do not go to zero, but we got disconnected here and we make hopefully is a sniper.
So, anything coming on this board, it will be snail. And then why it’s recorded six percent. Let me stop this, because it’s a huge they sometimes make them down and let me stop and download and open this in Wireshark directly. It’s B Beacom Warshak Extension and you will see whatever the reason you will see here. Look, I use DCB the news stimulus. They know because I went to Google and they will defend as well. ICMP because look at ICMP because I was finding it and this is my Skype beside this game showing new war logs and report there is a sniper traffic. You will see those. All traffic is really in big time.
Some time is not doing quickly, but you will see after awhile sniffen traffic areas look at and said the source was this time or two I one one four two hundred which is might be CAIB if I check. If config to zero four, yes, and they’re going to end up being the application them and then also use a studious browser, send and receive traffic and every detail is mentioned here, again, you can download and you can see more than you can on more detail and you can see your application activity and been generally very familiar destination, little magers mayor type devices.
So, many of this traffic you can see from here.
So, this is kind snipper. And if you check here, basically here, you if I were to show to ABC, one is going so this is not extreme. Same copy here and monetization position, I don’t know. You can say their only source, only the one where you can do that one as well as well. Okay, what else I need to tell you, you have Internet, but this is an important week on the Internet, more than we call them. One inter-modal and you can argue purpose, but this FireWire displaying grown up ideas, keep in mind Saudi ideas and some kind of show me one more time to get to what you did for potential to do nothing. I just want to interface. Okay, keep in mind, you change nothing only to interface the interface which is connected to the switch. I click on the interface. You want more need of IP and just change the more to one of the insert this calculator. And when I’m so I enabled by the security profile if you need, there was no need and logs that I can see the log and the last can only be seen can be seen from here though as far was no traffic.
So, you will see nothing here so you don’t need to be able to do it is not coming for this special logs. You have to come here and there is a need for traffic so you will see the snipper traffic here in this only one interface. Now you see a lot of traffic is basically said that it is IP. No need to do anything right. If you connect. It is also in this area. I’m doing like ideas from 40 days. I just want to go and see the traffic, not to stop looking otherwise. There are so many things to stop their traffic and for doing this for the year. It is not in line and line is okay. If I want to bring them in line and connect this one, then I can stop. The only thing where this type, that idea too is working like this and we’ve done the same thing in my to firewall is really so great so far. I did what was in monitoring the against.