Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 11
13. Lecture-13: Configure Redundant Interface in FortiGate.
Today, we were discussing interfaces, but interfaces, there are so many options. One of them is redundant interfaces is actually redundant. Interfaces means redundancy for redundancy. Maybe where one is available at a time, only one interface will be available. The other will be available if the first one is done, either at scale.
So, then alternatively, the second interface will start working. Keep in mind, it’s not in aggregate. In aggregate, we will do it later. Not only thing we use when we are configuring, we will. In the end, I mean, we have maybe two, three switches getting 80. Maybe we are going to design when two switches to one interface will connect to one switch and the other interface will connect to others.
So, it’s not really an environment or real environment. We are using two switches for the tendency.
So, this and we will use redundant interfaces. But these interfaces will not be configured before maybe it is not in use in policy. And then you can use those interfaces as a redundant to make them as redundant interfaces. And these interfaces will be not configured for Florida and keep up, as I did applying to Bond to what? Ethan, the language came from what is called ISP. Okay, this is the only requirement. Otherwise you can use them. Not only we use in two scenario and an interface if we hold it in Vincey environment where we have so many switches, maybe distributed switches or switches on access list, which is where we are going to do, we want more than one connectivity, but one wheel will work.
So, then we can use it in an interface either in which we will do it at the end.
So, let’s go to live and configure it and then interfaces.
So, from here I will take this one okay for the here to find one. For connectivity, I’m going to use the word cloud so that I can fund management purposes.
So, this is my management. Let me connect to for one, it will take automatically, okay? And let me change the name and GMT. This is management. And let on, so it is on, we will do the rest of the configuration, me this one to change symbol, so at least we know this is management P.c. Okay, so here, let’s take. This one blind. Okay, so this is my management, okay, and this management will definitely take 190 to one one one four zero something from this subnet because this is mine. They’re close on it. And I told you how we can find our subnet now coming to redundant interfaces. Okay, so let me take a switch here. This is a switch, okay? And we really have to interface is okay. Is two to zero interface okay? And zero three two zero one interface. That’s to either maybe there is another three to one interface. We’ll go to one switch and the other interface will go to another switch. This is also going to be a scenario. But anyway, let me make it easy for you. Okay, and let me start. Okay. Well, now, Alastair, can we get the IP address so right, click and go to console. And 40 years, so it’s still starting. What else do we need to do, anything we just need to do and combine these two for number two and three and make them as ed and interfaces. Okay, so let’s make it work and we can. Do you know how you get to decide if you want to do the 160 or one one four so you can get this IP from your alternate interface, the one that interfaces this one Ramonet eight.
So, this is my range. Okay. And also, you can find this IP model and we’re the virtual network networking dieter. Okay, and from here, you can find out your age and your next trial will be tool in case if you are using. In the future.
So, let’s go back to Edmund, no password. One, two, three, one, two, three and four. System interface, question mark. And this the IP, which I need. What do any browser in your system? okay, and time the IP. User name is determined by default. One, two, three. We just set this password. Okay, no need to change the name later, okay, otherwise it will be changing this name, which showing you still no able to network interfaces. Okay, these are our interfaces since we already saw this thing, whatever you can see here, all we discuss are these stuffs, this whatever these can only discuss sudden should be added. And also in the interface zone. We will do this on a bit later. Okay.
So, let’s go to interface within the zone, click on interface and suppose my edit and and whatever you want to give them name. Suppose, Len. Storage, connectivity. Anything you want to give them, but Giang here to redundant interfaces, okay? And which interface will be.
So, zero two and three to two and three of those interfaces. And it is to be learned because it’s connected to land. If you want to assign IP, it’s okay. Otherwise you can do it just like this. Just, you know, being suppose there is an IP and you want to test. Okay, we will discuss these as well. And if you want to enable LDP, we will discuss it in a bit later. The Internet and okay. This was a redundant interface, if you see there is redundant interfaces, these two from the street side, it has to be on.
So, to be bipartisan, it should be unsocialized interface breve.
So, if I refresh, it has to be green.
So, yes, it’s green now and that’s it. Now you can connect any PC here. It’s one interface is down, the other will be the star power, but not both, the interface will work on the same time they stole your new friends and original interfaces and aggregate interfaces. Okay, that’s it. This the only way we can configure later on when we configure topology and we use this one.
So, you have to keep in mind how we created these redundant interfaces that I know I’m not doing anything to test them or something that was easy to create because our topic is interfaces related stuff.
So, I don’t want to go in more detail. Okay.
14. Lecture-14: Configure Aggregate Interface in FortiGate.
The interface is what is it going to get, basically, unless you reconfigure LCB and Cisco switch? So, here we got it, aggregated interfaces, basically we combine more than one interfaces to make them what actually one logically, one interface and also McAllen’s just call ether channel.
So, in this case, I think we will combine these two interfaces and this side we will combine these two interfaces to work as a one, not like a work separately, which we just discussed, student and interfaces, and we call them LCB Link Aggregation Control Protocol, which is an open standard. There is a Cisco one being as well opening radiation control protocol, which is a Cisco proprietary. This one is an open standard.
So, on Cisco switch, you can you can configure both NCB in BGP. But in this case, because it’s an open standard, we can use them. And this is a Trimbole one normally is being recognized by this number is zero to three. And I have told your story up in zero two three because in February 1980, these oh eight is being recognised this way. Able to hold this name gives you to do one, A, B, C, D, and so many wirelessly don’t cavalier attitude and so many thing. Anyway, one of the three areas which is link aggregation control protocol to combine many interfaces, up to eight interfaces to make them logically one to one interface is failed, the other will definitely will work, and altogether it will work as a logically and spending three when it will surely as a one do we already discussed again it has to be a b c b b b b what. Ethernet interface. Okay, and it’s not to be used before and any other policy and something.
So, let’s woodier. And if I go there, I cannot create if I click on interface, okay, and this time if I say, where is this one aggregate, you will see two and three is not showing here. Why? Because is in use. That’s why I told you this is the condition.
So, first I need to go there and I need to remove that one.
So, click on this one. Okay, and there should be a difference how I can delete because delete is not available here. Click on this reference and this is use, delete this reference, ok. And now when you come here. Okay, so one, two and three, now you can delay it from here. It’s now not little delayed. And yes, so before you have to delete difference, because you will face this issue now, world number two. And let’s it is do.
So, let me refresh. Refresh now two in three has to be released, two and three is now available. It’s not in use anywhere in references, you know, you can create is a good so good interface. Okay, and this time I will say LCP, Alysse, be Lenn, whatever you the name you want to give them and choose this one and zero to the aggregate and click on this plus to combine which interfaces retain power.
So, in my guess two interfaces minimum to his request or two and three and rule Esslin again Iberia’s etc.. Just being an okay done.
So, aggregation is so easy here. Okay, so this one is done now. I need to go to switch and switch, configure interface range and switch side. I have zero zero zero one zero zero zero one means combined. The I choose this one. And what you need to switch for Krung encapsulation one. You switch for the mode trunk. Okay. And then change the protocol. In the wall, there are two which I told you question marks. You will see LCB and Begbie, which is a statistical proprietory, but in this case, LCP is brought on and Channel one and more more for LCB. If molds are integral to it, will unconditionality talking. Either one side has to be to. The other side has to be Bazille, but not both has to be based. Otherwise it will not work.
So, it’s better to do so. That it is is liberty to buy Diffa for the third one is.
So, I could hear it. In either case it will work, if I may assume so. Now, if I show you the general ether, general somebody.
So, now be means entering year bundle and fortunately it means it’s working in a CPC open standard protocol. And this means I’m using is a straight joke. You can use them as a as well as Alerta and you miss this one in use.
So, I am using it. Turgeman is an to to you can create as a Lantry as well, and both are supported in 48 as well. These two both are taking part and B means and what it means is working. There is no issue, no nothing. If I disable one interface then it will go to W or something. Okay, so unless you begin working another command to show LCB and copy some other command, surely you want.
So, I need to Tiepolo night but is better.
So, these are my neighbor. Zero zero in zero one which is the other side 040. Here to file one. And if I go back to 14 Girlfight one and refresh it has to be Greeno and our board channel is been configured on both side LCB.
So, here I combine for two and three and unassertive Cisco switches zero and one data is showing me the portion and is up and there is no issue. If there is an issue, it will show you some other here. You can use display to find out what is the issue.
So, this is can it be and for the guild, we call them both aggregation. You’re going to get interfaces and we can use them to combine many interfaces to work logically. One how logically one if I said sure, spinning three wheelin one.
So, here eSport is working as a one. There is no which interfaces. We are using zero and zero one. It’s not here anymore because you slash one and zero slash two is working, is approaching literates. Combine logic and yes, it will be one. Not like the other one. Okay, and then one on interfaces will be showing separately and Cisco switch which I forgot to show you. But then this it will be logically working one.
So, yes, in four together. And guess if you need to configure LCB link aggregation so you can use this technology, this feature, just interface and combine the interfaces they are so easy to create.