Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 14
18. Lecture-18: Static, Default, Dynamic and Policy Route Theory.
To the topic is related to routing, you know, an initial working level and DNS, which restudy last time and and you should late, then we can feel good.
So, let’s go to a routing. What is routing before going? And then first, I need to tell you what is routing protocol around you. The protocol basically means Internet IP believe to international protocol protocol. We will set up rules and regulation, set up rules and regulations means whatever I’m saying you can understand because we both understand English language, but this is kind of protocol.
So, when two systems communicate with each other are two devices.
So, there was some protocol which they understand.
So, one of them is Internet protocol like ibuprofen and IPV six. This is weak routing protocol.
So, basically Roundwood protocol is like a courier which take your profit. Like imagine you want to file transfer or transfer Odie’s to be guarded by this protocol, which we call it around it protocol.
So, basically this is like it is like a sign in the intersection will show you it. Is this study how how far is this? How far away is the hotel? How far I mean so routed through the whole is basically you can say like this one in your data from one device to another device. Now, another one is routing, this is routing protocol, routing protocol is basically to exchange the information between two devices and two network.
So, then we call it routing protocol. Routing protocol is like reporting one important to always be a big businesses are these are coming under routing protocol.
So, you have to configure this routing protocol and it will learn the roll it out automatically from one network and it will distribute and will share with the other network.
So, when they do such things to them, a routing protocol. But around the protocol, it means that outage protocol is a base for routing protocol without drownded for the whole routing through the hole is not possible like a card when you roll one place.
So, you need something to take you from one location to another location. Okay, so though the car or truck or trolley or whatever, this vehicle is like a routing protocol which guarantee that things from one location to initiate another location and how this thing will travel from one location to a no.
So, it wouldn’t be a whole different approach. Like a little thing like minimum hopes will be a real thing about broadcast BGB to think about and so on.
So, under protocol, everybody thinking differently. Suppose, if I have a car and you have a car and we living together from the same place and we go to the same office, maybe you can go by car and I can go by taxi, maybe we both can go by car. But you approach another way and I’m going to another way.
So, everybody has different thinking surrounding whole also thinking differently how to reach to this destination, which we will discuss later.
So, I’d be before for you European routing protocol and reporting on one reporting to always be a big boss. And these are your routing protocol if you divide the routing.
So, it’s basically three things stand routing before routing and dynamic routing by the different routing is a subtype of students throat, but I can categorize differently. Okay, then under dynamic is being divided into four that degree interior and exterior gateway protocol. And that means the protocol which is use internally.
So, this is being divided again into more category distance with the routing protocol, linked student routing protocol. And by the way, there is another one advanced distance recording protocol, either a hybrid routing protocol, but because that is not being supported by four to get your job as being open in 2013, but still for not support, you had to be. That’s why I removed the Assad otherwise. And then we have the distance related Langston and Hybris. But anyway, here I will focus in detail here to improve also the protocol which we use internally.
So, Liston’s reactor, we are an important one and important to Langston will always be an ISIS fan. Here, experience is only one which is a part of the whole. And we got the BGP though this is the overall routing, which is three different and dynamic dynamic further divide an interior and exterior and even further divided into distance with training. State and exterior is only one all over the world, which we know is a BGP. Now, going to in more detail there is connected throughout as well and every routing table that is Cisco and any firewall you will see coming down the road.
So, basically, you want interfaces with them to do a little 24 what whatever what all your interfaces, which is directly connected to your firewall, either your device, those we got connected and connected road is basically the highest priority and also one of the best and trustworthy and the routing integrity, which we will see a bit later.
So, this is connected to your interfaces. It means you’re connected. Interfaces will be showing is a connected road and your device, it can be a new device, by the way. This concept is similar in every way. And then we have a strict security code, those road which administrator for men, really. Men will be the next of how we will reach to the Earth. It will show you the way.
So, basically the crowd has no sense. The census data, do you want an administrator administrator has to decide how their traffic will travel. What is the next? What is the next job? You’ll be how we will configure.
So, everything is done manually and when something goes wrong. Administrator has to manually show them another hour. Okay, so this week, austerity growth, but it’s being considered too easy to configure and high school and it’s quite low resources, low bandwidth, and only you can use them for a small network because the configuration is really difficult to find a huge network manually. It’s like a headache for the administrator to consider the huge network for 500 either even to consider them. Stettin is a headache. If anything goes wrong, you have to go to every individual device to reconsider if suppose one round is not available. But the good thing about the advantages is so high secure and you’ve got resources because you already configure them.
So, it will not change anything dynamically. It will not be what high CPU and RAM.
So, this would be advantages and more detail, you know, because we study this of thing in three courses. You already know this is called stupid by default and for student file, one administrative distance of study crowd is and Cisco is one you remember. Yeah.
So, here you have to keep in mind the administrator of what is administrative distance. We will discuss a bit later.
So, this is still an okay, steady growth. Another thing as deferred road Diffa nor what is different. This is the last resort because if you configure anything and the routing table, if they’re not finding any destination in the routing table and if you configure deferral of the traffic, whatever it is is not mentioning that only table, it will be diverted to define draw.
So, basically, if you have lost are if nothing is there, it will be far dropped. If nothing has been found out and you are for the year while on any device.
So, their traffic will go to default or whatever you configure. Okay, if nothing is found out in the region, it will be read to the farro. And if we can figure out a way to 22 zero zero and then we give them next call.
So, if nothing is necessary, it will be our total default. And then dynamic routing definitively is totally opposite to being disturbed. You don’t need to contribute anything manually. If anything goes wrong, anything goes on automatically. These will we switch over to another of what is available so dynamically it will maintain every table in detail next time. Everything dynamically.
So, there is two parts available. Instead, we have to configure both board. But if one part is done, we have to remove and reconfiguring to show them and then the out. But in dynamic Asnar it will do automatically. If one month is not available, it will move to switch over to another one.
So, this we call them dynamic routing, like lifeguarding for the general, wondering what happened to us before BGP. And I saw these coming under dynamic routing, its due dates and everything dynamically. But this requires more CPU and RAM, okay, and more than we discussed already.
So, this is a dynamic routing. Now coming to administer to distance, we call them aid as well, what is there any value is between one, two, two, five, five. One, two, two, five, five, the volume coming between these two digits, one, two, two five five in administrative distance is like drinking like a regular linking football, drinking like communion to someone. What is one? Although if you’re drinking one, so it means you done many goals and many things will destroy you. Has been drinking one.
So, administrator to distance is also like drinking out of these protocol. Okay, and these for the whole joined me. Connected interfaces has zero drinking. It means one of the best one by the way, starting from zero zero all connected interfaces then starting one is underpinned to end drinking as best. The more you are less, the more you consider the best and reliable and trustable.
So, it means the ranking is being considered, the more you are, the less I means, like if you are more near to the or so, it means you are more trustable and reliable.
So, that interfaces is a zero more trustable? Definitely, because as your interfaces then certainly crowd Hastin always be afraid that one one bennewitz I.B. is two hundred LBG bemuse BGB for external internal and reappraised 120. Okay, so these are in 120 Azfar 150 in this part of the ISIS.
So, these are drinking administered minister to distance and we will see in the lab, it’s really important for our selection process, but the selection process, I suppose, if you will, of the same destination, if you configure to fill the hole, to hold the forward, will decide which one they really do because they will be administered to this says. WWT Bellmore, you got an address on your brother, either you have an address on me, mean definitely your brother because he has one year to you rather than me as far away from you.
So, that’s the usual protocol and will decide by administrative distance and we’ll say, okay, for the same destination we reconfigure to the whole going to the same destination.
So, let me decide which group is the best one so it will try to administer do this drinking. The more or less the more it will be a simple and reliable. Now, the question is. If and when a of business is the same. Maybe an administrative decision now, you know, I know you trust more on your brother rather than me a script, but the question if you have two brother, then how you will decide, because now they are both women and you both are near to you know, you have to decide on their own priority. You will think about that which brother, maybe elder brother in our culture, the elder brother, whatever they say, we accept them rather than to the youngest one. And maybe you prefer the youngest one due to the inferiority, you know, because he is the youngest one. Let me consider him.
So, if protocol has same to him for the same destination, so hold the firewalled will decide, then they will check the priority.
So, the last priority will be prefer. The more or less in Florida is between zero two, this really all I can never how many number is it? Joining have zero as one is so they zero is better than one and one is better than two and two is better than three.
So, the list will be pretty far.
So, if you have to distance simulated, then it will check the priority. Now you will think that the priority is same in general. Distances is also same. Yes, definitely. Check the next top IP which Skinner Besame.
So, definitely one of them has to be less I’d be the less I’d be waiting for the next people.
So, these are the two priority and administrative risden priority is just a value. The lesser value is preferred in the highest value and administrative decisions. Also, the list is preferred in the highest one. Okay, now coming to round metric. Okay, what is the ultimate metric means the formula, the techniques, the way that the method with the routing protocol decide the best path. Is I give an example, suppose we two friend are living together and working on the same office and we both need to work on it, but in the morning when we go into office, he added up another way toward the office and I’m going to another way to reach office. Why? Because this is just your mind set up and you’re thinking maybe you will say, I will go by what is called motorway. You may thinking they’re the motorway is the best approach to reach to your office. But the other guy is thinking they wanted you to know this better than motorway. There will be a traffic, but I will Shaqra shortly. I will reach quickly.
So, this different thinking, everybody is thinking differently for the same thing.
So, the same protocol is also thinking differently. And this thinking we call them a rudimentary step because administrators decide it can do nothing, whatever you decide to go on this way. If we reach on their way, if we decide tomorrow, no, this one is the best one.
So, it’s admitting everything is decided by administrators stating we know this one connected, no need of anything. Now, coming to us before us is using cost. And basically cost is nothing but, um, bandwidth interfaces. There is a difference bandwidth and divided by bandwidth.
So, we call them acost. Arraignment’s using the whole control economies.
So, it was it will count how many rotaries coming under the way, the less rotaries coming on the way, it will be considered better. But do you think it’s too late? I know maybe in one way there is too low coming where the speed is less. Maybe too gabey. But on the other side, five broderie is coming. But the speed is too GBE supposedly. Give me an example.
So, each one is a bit Iwon. Right. There is more there but the speed is higher so I can reach Gantley. It means motorway is free but is the longest one. But you can reach it soon because you can do a you can go by one then speed but and you do. Road is a shark but there will be a huge traffic on the way and you can go slowly so motorway is better.
So, this is not true all the time. Okay, but anyway it’s using hop. Hop is nothing but rather on the way. How many. And the maximum one is sixteen. Sixteen will be unbreachable. Ijebu is using to think Benwood and Billey Benwood means the bender from Saud’s to destination the lowest bandwidth. It will divide them the lowest Bendit if we find out and delay how long it will take to reach to their destination.
So, it will use this formula to find out the shortest while okay and always be a will. Almost cost is also like Benguiat. BGB is using Boscombe. Okay, it’s like a dream. But in dream miscounting around BGB is basically counting is no and it is no. There can be one road there, it can be a thousand droutsas.
So, this is the difference between these two and this is called metric formula V routing protocol. Pratibha, I need you to do a redistribution which we will do a redistribution as well. A redistribution basically means if you want to exchange and share one different detail to another around 2010. Okay, so for this purpose we are using redistribution, basically what we are doing and redistribution. Suppose, you you buy a new company but the new company is running, you are happy and you are running the race.
So, what you will you will say, okay, remove Gadhafi from their company and configure him so then I can join their coffee. No, it’s okay if they decide the new company is running. Here are BRW before BGB. On this side you are running different from the phone.
So, the order which is between the two company configuring distribution.
So, it will take routing for the whole from one different protocol and it will combine to another protocol. And you can do manually distribution to distribution as well and out from this protocol to exchange them with the other.
So, we have such a scenario, then we can use distribution in any protocol, distribution, strictly connected post and also BGB. You’ll always be a security guard. These can be distributed easily in one form or another. Also, we call it a redistribution, then we have a new concept of policy out, okay? What is a policy based routing? We also use in Cisco is Cisco. Oh, this terminology is and also another firewall is policy based around here is becoming a policy crowding policy means you have to put some conditioner, some maybe you warn that everything has to go to this destination, but this specific road has to do. If I worked for. Did you suppose in this one? Samuel. Traffic is going to this road, which is one, okay, traffic in any traffic is coming like being a road. It shouldn’t be a study because, as I said, traffic is going here. But you decided I wanted a traffic has to do two minutes, three to this, five to one. It is called policy Misrati.
So, what are policy based routing and give instruction to this final along there? Look at when a student traffic in. Not seen to this far. Similar to this, Asadi distraught, not this. And the restaurant owner. Everything has to go to Ottawa, but before everything was going to Ottawa, now you put a condition, you want to put up policy.
So, this is called policy misreporting. Only specific around a specific protocol is going to end the road.
So, this scenario, we call it a policy routing.
So, maybe for some scenario you want to some protocol or some source, maybe some interfaces, some destination, anything you can pull, any restriction and you’ll get to read. I want this traffic to this one if you refuse traffic to divert them and you go to allow them to another destination.
So, this type of condition, we call them policy based routing, which we will see from protocol. You can use TCP, you would be SCDP, SCDP. And basically this is a stream control transmission protocol, which is related to streaming anything and specify if you want to who is not here. You can specify the phone number is from zero to two, four or five, which I show you last time as well. And I will show you again. You again give them instruction of interfaces as well. Okay, so I think so these are related to routing basic. I’m not going in detail. We will discuss them separately and we will discuss this separately. Okay, but that was theoretical. But we will use this topology. We will configure and we’ll see starting around define foreign policy around and we will verify those start what what they whatever we are discussing now.
So.