Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 36
49. Lecture-49: Policy, Source, Interface Overload NAT Lab.
First, we will do policy source interface WorldNet means we will lose source made inside the policy and we will use the interface. Warlord method is the first one. Which they fought for while they call them state ignat, it’s really a good name, they give them state dignity and Cisco and other firewall, we call them in retranslate one IP to another. We call them state ignat, unfortunately for the Great Firewall, Khalid static make and other terminology, we call them overload, either paid suspected Matti’s just like Schwarzenegger or. Yeah, this is neat, but actually they give them the name static nature to this method. Let me show you this method you already study and putrefied one that I’m finding it. You know this pretty difficult.
So, suppose these are my inside pieces. They all will be translated to this one. I suppose I have one hundred IP and my exact interface public IP. They are translated to one IP.
So, in a sense, GooYa.
So, we call them bet. Boardercross translation means that only one IP and changing the port and also in Balaam to far while we are here with this concept buddy here, I will tell you in the other terminology, I will also call it Wallonia.
So, there you are, not confused, but for the interview purposes they will call what is 30 minute and 40 year toid one.
So, don’t confuse the one which we have a static net and squeeze it and followable for one here, static near the bed. They call them Sturdevant. And unfortunately, anyway, it’s not a big issue.
So, these user will be translated in one IP, the IP address of exit interface, which is a public IP. All the user will be translated in the same in your home level, like in the one case I show you my one. Now I know a beam system connected inside all Eddine is translating in one IP, which is to IP, which I told you from which you can website.
So, here for Deejayed Khalid WorldNet. I mean that’s still doing that. Unfortunately I will give Statik.
So, there you are not confused. They call them interface. What law means we are using losing you and this is what we are using in every home on the user. This is your mobile phone. This is your mobile phone. This is your wife mobile phone. This is you are canopied. All of this makes you think outside Internet.
So, they will be translated in one IP, which is an hour exert more. They might be connected to our ISP.
So, we are doing the normal net. But we are translating our source because Social Change 101 68 will be changed to 120 to 100 168, Wonderboy will be changed to 120 to three will be changed to 102 for will be changed to sources changing.
So, this really is a source that we are doing.
So, first we will do all the labor related to Sosnick. Then we will do all the labor to destination. But we will do this topology. Then we will find destination. We will use this method to come here to access this SA1. Now all the system is going out to the Internet.
So, this is called made. But Sausen, it can be configured in so many ways, so many different ways.
So, the first one is to translate all the inside pieces to one IP. And this method we call them Werlau. And because we will use this policy sorry, this net inside the policies we call them policy source interface means we will use and apply this net inside the policy, not the central made, because there are two way, you know, remember this again, where is the basic this one.
So, we are using we discussing it now. We are doing source net and source net. We are using firewall policy net and firewall policy that we are doing the first one statement which regarding WorldNet, then we will jump to this one.
So, we are doing and source an extraordinary statement, narrative firewall inside the policy one. And this is our topology. We will add a system and then will be them to the Internet. How that will work. This is our technology for today.
So, let’s go to left to show you.
So, what I need first I need one firewall. Okay, let me take this one. Now I need two switches. You can take the switches either. Let’s take this one.
So, this is S1 and here we have two then I need for you line to connect inside.
So, I will take term as a client. This is my line. One line to line three support. And I will state what is around that so that we can make them is a somewhat later in the balls, in the air.
So, I did. One daughter is there in Indonesia’s search zone. And let me take one forward as well so we can use two boxes of server. Okay, it’s, by the way, this. I had let me take this one on this side. These are identified, by the way, I did not bring this the same thing.
So, this might be one piece. You do sort of what one and this one will be our standard. And this is so. Okay. And this side, let me take one, is a claim and what still want to hear this story? So, this is a web somewhere and the Internet. Okay, so this report and this is client and let me take Kilowog now named Cloud.
So, this is my intimate. Okay, let me on this one so it will end because it will take time. Then we will consider restructuring.
So, let me put here this is Anthony. And next. Okay, and now let’s bring them here to make them in line, so. Okay, and then I like this one, okay, so can take this one to this here to switch and disable this four because it will make.
So, don’t this one here. Okay, any more here? We will use one because I will use this for a management as well.
So, this is Internet as well and board one is a management as well, or two is my inside and inside. I see one. Oh, give you two and I will insert one set of one and I have one the is a little later we will use them. I don’t know, maybe we will not, but later it will work for us. Okay.
So, that’s it. Okay. Okay, look me on the street as well, maybe take some time to look me on these, I know I need to configure this site. We will use the chlorinate range. We have no choice to use our own range.
So, because that cloud will use this range.
So, what is my range? Let me show you. I know my range, but just to show you, in your case, it will be different.
So, we know what you are using that cloud. You have to come here and find out your range. Either you can go to interfaces.
So, we are using 192 168 one one four and gateways all the time. It will be two.
So, let me come here to try to do this the next. It’s ISP, IP, and now let me drive the 192 or sixty eight one one four zero twenty four. This is my outside range and Internet is my own choice, so I will use one grainge. It’s up to you. You can choose any image and let me duplicate this one.
So, please, you two will be to. Okay, let me make them to pick one will be one. Okay, and let me make them as a three, so all three will be three and let me duplicate and this will be. Okay, this deal today being a. What about this one? So, let me sign you then to someone. And wanted to two system, this one in El Reno, we will assign hundred to both side up five to one. As we know from the last lap to this side will be one one four hundred and either by the U.S. police will be under this is full to this one and also connected through here.
So, definitely like an that for all the difficulties with someone using this interface for management and when both. And let me start, by the way, Venezuela.
So, basically. This is when. And this is all in. Okay, now I need to assign this IP to doctors, so let me select these three right click edit configuration, edit configuration and change this to one. And this is PC one. To make them one gateway will be harder for one. And it is must you have to type here in order to get it, because they will go to Internet and from our to remove this one. This remove this one. This one. This one in this one. Keep in mind it should we start from our to remove not the first one. Copy this one.
So, it will be easy for you so the other will be open automatically said one is open this one.
So, someone on IP is three, control a control room and change the IP three.
So, this time be sure to is open.
So, control a control and change this to. And so this is done and on them come to this one to. He’ll be doing okay, been an avalanche. It’s okay. We will restart the server configuration, control a controlled reboot, change changes to one one four and this one one one four and give the and it’s okay. But this IP should be ten because we have to keep the same. Ctrl C Cell and right, click on this one, go to edit configuration control, air control, we just changed the last digits to 20 and because it was enabled, it will not work through them and start again. Okay, this, too, because Dakota has to be enable and disable and then you can assign the IP star and then you can start now.
So, IP has been assigned. This is our IP schema. Everything is really okay now coming to firewall because DCP is enabled this interface, so it will get automatically IP from the Internet cloud.
So, right. Click here to build the console and let’s check the IP address. Then we will use that IP in the browser and will access this firewall GraphicLy. I’ll get.
So, it’s come up now and there is no password and not a one, two, three, one, two, three Ctrl Clear the screen shows, system interface, Christian model and the IP they give them and go to browser. Because this is my system interface, so it means I can access the firewall to talk. This rain and both management is the same. Okay, so don’t be confused, confusing this one. Either way, you can attach another cloud and make them mad and connect.
So, it’s better to use them like this. Okay, so let me turn directly into. To exist, Wirawan. Now, if I drive from this doctor, it will not reach the Internet because there is no such an and nothing is going to be good. Okay, so let’s go here. Admen and Password is one, two, three. It will allow us to change the. Hostname, so we will change the name. Okay, it will come up after a while.
So, let’s change them now, otherwise they will start again and again if G. Okay. Okay. Okay, so we will start from the scratch and we know this bridge, what we aim to do, we have to configure the basic stuff, interfaces DNS Road, then we will go to policy and then we will configure an which is our topic today.
So, you have to always start like this where what we need now, we need to go to network interfaces, we are using only two interfaces. But one outside and two inside, so it’s better to give them a proper name.
So, what we can do? Click on these interfaces. Bought one, which is on management as well, by way. Let me disable my into words, take time for some reason. Okay, so I will type here when, okay, this is my bed and it’s getting the IP from BTP, if you want to make them manuell, it’s better to make them and I we decided to do that.
So, let’s give them hundred, by the way. Okay, it will give you a warning that you will be disconnected. I know. Okay.
So, now I need to type Hundert to exist. Okay, and now I will access them 200 edman, one, two, three. Okay, so the alternate interface is being done, which will decide this one hundred one one four hundred and also we assign them the name as well, which is when? okay, now this is we’re not going to vote to support. Do we decide this will be Lenn.
So, give them land and steady growth, be 192 or sixty or one hundred twenty four and enable it being so that we can bring the IP and insert this was, you know, one hundred.
So, this one is done. Second thing, we required our business to click on business and use the business and order that aid and wonderful on on business and apply. Okay, so after a while it will be reasonable to trade in one one, one. It will show you here. Okay, so pretty well it is here. It means it’s working.
So, still it’s not reachable, but it’s okay after a while. Now the third thing we need to configure to get out.
So, click on strictly crowd click create new. I see any donation. My address is one two one six sixty one one for the two from where know one one four two is. I told you this one and I found out from the the Industrial Interface Administration everything you know. Click Okay now let’s go to the separate is reachable. Unmarred still it’s for some reason this is. Let me refresh again, one is about to reach one to 60, but it’s slow. Okay. Anyway, it will work, so interfaces is done, business is done. Now this one is okay. Okay, now what we need, we need a policy. This what we do not.
So, so we’ll do policy and object. I pay you for bonuses because by default, everything is disabled. Create new and here we will see it. And now suppose I either learn to win in coming years from land going to win source. Is anything from inside going to anything. Services is anything and except them. Inspection will now we know flow beside the proxy based and this is our topic net inside the policy. If I say made disable, it will not work, the PC will not go outside because you are using your local Alby’s private range and private range is not accessible on the Internet. Don’t worry about this one. Consider them as a public because they would be translated to a public IP.
So, there’s no need to. But anyway, here we will set this one nine one six zero one one four is a public IP here. Consider them and consider this one is a private range.
So, it required Najid then it will. What no policy is, dear. IP is the business, is there, everything is there. Do I need anything so that I can reach the Internet? Be you do from inside? Am I going to Facebook? So, it’s not working because it is important and this is my source, my source is going to outside, I need source names so that somebody translate these sources, which is not allowed to go outside. And the behalf of these IP there do communication outside and bring the packet back to them.
So, who will do this? Jobs. We call them it because source will be changed.
So, far, want to say, I can do this one water policy and enable this one now Firewall and Najid option net network address, translation, IP pool configuration. This is which type of method you want to use. Use outgoing interface address. What is my old Google interface? One minute one sixty eight one one four hundred. This this what they mean, and this is our first source topic. Then forget about this huge dynamic we will do a bit later, then you have so many options, but I say use outgoing interface, preserve source for me, give the SourceForge the same whatever the source user. But if you say no, it’s okay. It will change. This stunning adoption, no configure an audit, so this is what we call them.
Sources inside the policy, which was loading the made using one I.P. address and this is configured. Now, if I check now, Facebook was not going try again. It will work now.
So, now is going in, if I go to another system on the same time you see one. It will also reachable. Let me send this one to Twitter dot com and let me try it from someone from somewhere like any other Web site, like Yahoo! Dot com. It will work.
So, three systems at the same time is working, and we had only one IP, and you understand that I did not figure out if I can figure that out. It will also go.
So, let me. We have some graphic now, so three devices is going outside with the traffic cam here in the same policy, will translate them to one IP and they go in, they come, they give it to these guys.
So, outside their sources not use this IP has been used.
So, they want to know that a guy wanted to do one 16 one one four nine hundred hit me. The other guy went to Facebook.
So, Facebook said that this guy hit me.
So, they don’t know the source, the actual source, because we are using this is called Susanin and because we are using only one IP fiscal statement for the actual name, how we can verify.
So, let’s go to 40 new and Alsatian. Here you will see on these three he will be translated in one, so this to be one one part one one, two, and it should be one, not three as well. First, they went for business.
So, they are using your report. Number three, Ortiz Uribe and source or Desideratum. I didn’t say to preserve, which I said did give the source for destination, but definitely it will be 53 because the U.S. is using 53 border. But our thing is the net.
So, it’s not showing here. I need to enable here. Is there any new thing here? So, this is so minimal and so net and so that I can see you can enable so many things from here and now. Let’s go to it’s better to remove all other things. We don’t care. We just care about this time.
So, I don’t need those sources. Okay. I don’t need the device either. Keep the device devices and nothing because our device is not recognized. We don’t need an application keyboard.
So, no need. No need. Destination is okay. Yeah. These are enough.
So, it will become closer. Depression like minimum duration is where is the duration is duration is will. This one. No, it’s okay.
So, this is my source and be one that one piece, one piece you do, they are going to air today.
So, there’s been translated, sold, sneered at. Look at this one. Let me bring them here.
So, my source said, one, when the source and is translated to one one four Dortmunder two is also translated to one one four hundred and three is also translated. What is the BC3, a centrifuge from P.S. three as well. This one is hard to translate to two one one four daughters. Who the hell is one? One for not one, but this one? This isn’t the first.
So, this is a sosnick, yes, this is happening, right? Yup. Does it mean. Yes, this is what I’m saying. But unfortunately, they call them statement. They said that one IP is used for DNA. We call this technique static there. But this is not sitting there that which we discussing in squares in Palo Alto regarding reported assassination.
So, this is what, as we call them all as well and says reconfigured, as we call them Alraune, because we put the command what load command means, use this IP again and again just in the port? No.
So, the source spot is just one four three five four four, and the source code is also this one. Anyway, then using only one IP.
So, this method, we call them. Inside the policy world ordinate, which is using one IP and this what we discussed here, the first one. And sources in the first one, we discussed this one. What Lord Sosnick, what the hell, maybe we can consider this because we’re using only one public IP, this my IP. This so they can support up to that much board number six zero four one six five zero six four one zero six, because I can’t remember this one six zero four one six. Six zero one six zero four one is better to be from here. This one, because we are using only one eye piece to this one, I begin support up to that much more. No, this don’t you see, if I have so many users and they are doing so many communication, our time will reach and this will be exhausted. The disadvantages, these the phone number, our time will reach. These people will be exhausted.
So, one, I can only support six zero four one six four no and other what I will say that my decision, like one one, is created administration, one that will not be for ared one one. Let me here by source be how many sources will be created. How many. Look at one, two, three, four, five, six, seven, eight, nine, one, two. That I visit and they open so many port. One, two, three, four, five, six, seven, eight, nine port.
So, if one user is going so many places and the other user and so on and have so many use at our time will come, these board will be exhausted.
So, then you have to clear this one, this station, right. Click and Ed Alsatia. Then it will be started from the basic again. You have to do such a thing, then it will work, otherwise it will be exhausted.
So, what we can do, we have another method. But anyway, this was the first method. We call them warlords sosnick because we changed the society.
So, we called them source made the IPCC changed from source. You know, from here they are going to Google, but here Google downloaded 100, 160 and one what one is hurting me. They said there one one four nine hundred hitting me. You can capture the bigger difference. And I showed them from here as well to show you that from here as well. It was translating to one IP.
So, sources change the source, unnamed source for this source sourcing it, and because you are using only one piece regarding a warlord, so I become all together is become warlord source name. And the last thing it used, the outgoing interface IP. And the disadvantages we can use are two six zero four one six four 21. This is called world sourcing it and this is done.