Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 16
20. Lecture-20: Configure and Verify Policy Routing Lab.
Policy surrounding either we call it here policy.
So, in 40, for one, if you want to redirect traffic from state to crowd.
So, we are using policy including. Maybe on your road, I’m going to one place, but you want to apply some policy this way is kind of policy based routing means based on your policy. Okay, and like a VIP, VIP person.
So, it will be treated separately and differently and all other common people like a business class and. No, and when we are traveling.
So, you will see business and also economic loss.
So, an economy class out of the state, you get out identity for road and policy bestrode is a B, which will give them extra protocol to go on this way.
So, like a business class.
So, this we call it a policy based routing, either policy routing so we can read. I think I read I wonder to some other location, whatever, we set it up in policy based routing so how we can do that one.
So, we will use a small apology.
So, let’s do it. First of all, I need one for one.
So, let me drain the firewall. Okay, then let me start the firewall and we could take our time and I need to switch gears.
So, let me try one switch sorry. And one switch this side. Okay, now I need to get out there.
So, this is our one, okay? And this is true. And also I need one as a client for the Nintendo stuff. Otherwise you can use directly the speci as well, okay? Either you can use one or two Dockery’s when it’s up to you guys anyway. Let me go. One is we have to realize this is weird.
So, these two are my client, let me change the name to PC to which we done yesterday, okay? This the only thing which we require.
So, let me try it here. Okay, now I need the connectivity.
So, let me underline this one. Okay, so yesterday we zero one interface here and then let’s connect to zero zero, okay, and connect to do sorry. I need to convince you to interface is better to use the first interface here and you know, this side or two will be connected here. Okay. No need of this one. And it should connect to this one. No new, by the way, these two and this should be connected here. Okay, this is the smart apology. What can I do? I need to start with this device. And these two, I will start after reconfigure. I already configured IDP’s, so what I will do, I will just copy it because we know how to assign IP addresses.
So, let me open there while I say we’re. I should be. Let me see, is this one here, this one. Okay, to save some time, because we’ve done yesterday this. Okay, so what I need I need to configure once to NPC when I just need to remove from Ardell 10 year. Okay, and I will assign one Daquan IP.
So, let me copy this one. You just need to remove the hair, you already know your guys, so configuration instead of this one just sitting over and when It you can keep it that way so we know what you need. Copy faster.
So, one Darkcoin and one down 200 is the gateway. And now this client is going to be the start. Let me quickly write down my IP schema. This is or IP scheme on this side. Okay, and this side we will use to SOAPnet. Okay, and here I am, Beatrice is one year old IP addresses two in the same way. Let me take care of this one. This. What I do not one. And this side already appears to do, okay? That’s. What else, yes, this site is one hundred, okay? So, we’ll start the new year as they start as wellis. And also this is Hunder. This sought me and now I need my Najman, so I will use the cloud, you can use this cloud as well and also you can use this to connect to this one.
So, right, click on this one chain, the symbol to anything, but not the cloud one.
So, anything let me check this one. Change the name to GMT, okay? And let me take this one to. Or three. For management purpose, so this is a mine management. Okay. Thank you. Now, I need to confirm that these two daughters first and that they speak softly.
So, let me go to our one on one. What I need I need to assign IP address. I need to assign I to get where I need to control it. And HDTV.
So, what can I do? I already missed one.
So, let me. This shouldn’t be too dark one. Yeah, this is our one. The IP config interface easy nosier down created one Lubic then nicer then go to line with why the password. One, two, three and everything. Okay then make them enable us to be animalistic. DPS then make is dps authentication local.
So, it is local news and this is our local user privilege. Fifteen and this is antifa here to where to push everything to a final. Ah to the hunter. Just copy and paste. Copy and paste. Done so our our one is done and do right. Let me see it in case it really starts with everything will be safe now. Going to ah do just change to and nothing else. Just heirloom because the same treatment is the same with sandwiches only change the IP.
So, I changed the IP and copy and go to ah to. Okay, and let me first.
So, do I need to do my part to his authority now, I need to work on the finger piece you do, which is basically around a little man. Okay.
So, you do what I need to do for you. Do I also create a script to save some time? That is the script I signed one or two. I’ll be no shut it down and wipe it out in the same building and them here today. It’s a copy and paste. You can actually use the script. Not only I’m teaching this incredibly well and can be screened, but anyway, just to save time that way you already know. I hope so. Okay. They’ve done this, the basic configuration which we’ve done yesterday and now coming here because we are not using one.
So, all three, there is no DCB Unnamable and we can assign a going to be my rangers’ one one for which I told you yesterday you are when you get humidify as well 190 to 168, one of the one 4.0. This is my SOAPnet.
So, beside one I be allowed to be I can assign anything here because these two and these are the result one is foreign affairs and two is the way.
So, anyhow, let me assign you wonder, okay, what can I do in the world to configure system interface, then add in all three, then it’ll be too late. I can take my Najman reality. This is a situation of being and certain that it’ll be statistically because yesterday we had some issue due to dynamic and then create a new road.
So, to clear the issue.
So, it’s better to make us to stick around for the safe side.
So, how we can access the right click here to console. And there is no to enter one, two, three, no password. One, two, three, two, one. Okay, you can use any password. In my case, I’m always using one, two, three and based.
So, it go to system interface the name and phone number three. Then it’s loud and it’s sort of the IP and enemies say with the showing and it go from here. If I say system interface to my IP addresses the email, but if I do see reasonable on the first boat.
So, let me take this IP and go to any browser. Okay. And the IP address, so it will go through HDTV, okay, it will return to HDTV in Maine, ambassadors, one, two, three. First thing first, let me change the name. Whatever you like, IFG, in my case. Okay. I need to. Give them some Annam to the interfaces. Okay, so let’s go to NetWare interfaces. We are using the interfaces of one which we are using for when they say you can give them any name, by the way.
So, I give them when Manuel IP and the IP youdecide. Do I believe me, yesterday? No, I don’t need to be this is a minister doing this we already discussed.
So, don’t ask you about this thing, just you being at least recapping being the IP. And they said, let me copy this one. Well, then and done so old one is now going to for two, which is this one, so let me give them any Lynn and standing going to be one hundred. Okay, Annie laughing okay. And the last one is for three, which is this one, so let us sign and GMT and Olivia Ebsen, I command this, so it’s okay and everything is allowed and minister to access in okay. Then noninterventionist. Now we need to be quiet, otherwise we can configure DNS is now coming to stick it out. But before going to straighten it out, I need to create some policy to allow the traffic. Okay, so let’s go to policy and object. There is an idea for a policy everything is denied by Diffa. I need to create one rule to include everything for this purpose.
So, I say no. Everything incoming interfaces my going to when source can be anything, destination can be anything, it will always no time restriction and the patient is allowed narrative’s enamel and whatever is being logged, the deacon’s Alsatian and okay. Done better now coming my you will be not reachable for sure if I am being rendered a choice, not reasonable. And the issue is, I know the areas where there is no road.
So, what we can do to to a static road. There is no road we already discussed on this thing. Click on Create New. And this is something he will use.
So, let me say, in the end, I want to reach a zero zero zero width and subnet mask and garroted is one two one six eight two one, which is this one on one. Okay. And when is selected, traffic will go out through my old one administrative system and I don’t want to see any priority. And okay, done, but I have another eight eight.
So, let me clone this one and just change this to do okay and change the administrative distance to 20, please.
So, it means the minister to distance 10 will win the election and win the invitations to to a free fall, and it will hold true to that one and two, that one is odd one.
So, what we can do to our one. Clear. And I’ll be back here. I think it means anything coming to this device and also I’ll be back at an apple. Now, let’s drive from here. Let’s bring it here.
So, there are three hating by the one is we know from here to there final and reconfigure an R one and R to make sure the topology reconfigure delayed and here HTTP and everything and add one in two.
So, let me try to referee for anything else I know the Frumpies seem to think is going to add one. Let me try to that to end an eight. One, two, three is the past four years doing two on one and also is sitting here for the Internet issuing here everything so far and it is also going viral. Let me try HTTP because I am EDP as well.
So, from this doctor, let me go to console and put in da da da. They got it, and username and password is one, two, three, so, look, it is going to be one. It means it should be based in. Everything is linked to add one due to this drought state growth and why that is and is administered to distance, which we discussed yesterday. Now I need a special treatment that either should be free to traffic, either being either road. And let’s see the address road as well.
So, from fishing to exert it, may three year old and articulate it where it’s going, so he’s going to do that one. And also, again, this showing here, not traffic, is in order to you Ondoy, enable Demirjian and debug here to prove that everything is going to do that one, even though it is in both rotors now going to all the setout which we won some policy to implement, to give special treatment to something. Click on policy that we discussed yesterday. This one sequence no and coming in are those to create new incoming interface problem with the traffic will come from Lane. What is the source.
So, sources might this whole subnet, it can be PC one, it can replace you do it again with BC3. It can be anything twice. It can come from any of these subnet. You can specify special interest destination. I say their destination is. And by the way, I didn’t put it here just from your understanding.
So, let me try it. And we aired this here. Okay, and let me put here. I said, the destination is and da da da da zero with its own mosque, okay. Oh, which one? I told you yesterday, zero zero two two five five protozoans. PCB is board number six and UDP is number 17. And you can use a stream control transmission protocol. as well reaches 132 and you can put anything and you can specify as well.
So, I report here six. It’s up to I click on DCP, so definitely a six by before now the source code always the source code is random for most of the traffic.
So, I say from zero to six five five three five. These are the improved phone number, which is from zero to five. This is for number one or number. There are two dial for no physical like HDMI import USB port. That is a physical form. These are the original form and I showed you yesterday as well. Again, if I need to time, I will show you both the whole list. And number twenty, the source code is random, but the destination I know it is a port in eighty in most places now in Web services. I told you yesterday is a special day. If you want to do some special treatment to the speaker, get in the of like a delay like priority, reliability, cost and such things so you can it with them. I will show you from Wireshark Web services is like a normally wiggill type of services special determine quality of services, which is gone now twice and we do is around those stuffs. Okay then then ction I want to fight in traffic rather than to stop policy routing. And when I want to do because everything is going to ah one on one IP is one nine to one sixty eight to Daquan.
So, I want to give special treatment to 192 to ah to for anti board and if you want any comments and statuses and namal and ok.
So, my policy based routing is done, you can create this thing with no, it will take from top to bottom, just taking it out said that everything will go to to that one. Now, let’s see from here, it’s one of the real pressure. It will move to R to its R2 now is a special treatment because we say that everything has to go to R one beside eighty four because this is a traceable to our to okay if you want to verify right. In another way.
So, let me do and another thing from you do and let us go into one, two, three is going to add one. Yeah. Let me change. Either you can create a new rule. as well.
So, all this year old. Let me change this to 23 utilities using 23, 23 and old. Now you’re going to see this will become one of these this one again, because everything is going to Ottawa, but now let’s see, this was the fourth one. But this time, if I reconnect, it will go to look. It is going to to and before it was going to run because I change my policy road rather than to. Eighty four days here. Twenty three. And this way you can put four for three. You can put twenty five and you can put anything and you can take out.
So, this was the issue yesterday where the only single issue was a restart restarted this device.
So, it was not.
So, that’s why you know what I click here. The traffic was going to Atlanta because it was not there is a policy was was not working. They were diverting everything to Ottawa. And so this is called policy based routing and how we can see, if you will, to monitor around routing monitor.
So, this listing is part of a dynamic and steady guest mentioned he is static and dynamic and refreshing. I assure you, based on these things, it is a bonus. You you your so there is a policy based it out also.
So, if you want to change their policy based routing is an name on this firewall or not.
So, you have to come to a routing monitor and click on policy so it will show you a separate table. Okay, from here to source to destination next door, protocol and action. And if you want to enable driving like a destination for travel source and source, also you can verify it from here around. Look, definitely if you want to start something like here.
So, as I said, I would look up. If you have a huge crowd and you said I need something for a destination, I need to entertain that I want to do anything is for anybody to click on the search.
So, if anything is the answer, it will look like this one.
So, this road is while you are local.
So, I would look up as basically to search if you are huge in our case only, or three year old, we can find that. Engli so you can search by this way and this way is really simple if you see anything related to Lane.
So, it will be yellowtail, okay, but the other one will be all together. It will be selected. And suppose if you want to search for. And because I don’t have any and there are also there’s way you can search by this condition for so if you want to search for to report. Okay. And and that it is your destination IP.
So, far, source and protocol is anyone interfaces.
So, it will highlight the whole world in search. It will be only yellow, bright and refreshing. Definitely. If you want to refresh and you New York, an area where I am and routing Wantage, I’m not an idiot.
So, it will be accurately routing, automatically steady growth.
So, you are here now.
So, these are Maistre to reconfigure to Renauld administrative distance and priority. If you want to put any comments on the status, the exact interfaces, next talk and destination addresses. Okay. And so you can do it from here either in the right place to do it. Okay, you can clone from here, which means copy. If you can edit and CLIA, it will take you to the routing detail logically because we haven’t discussed your CLIA if you want to leave and if you want to disable them temporary so you can disable its here to disable. Right. You can enable it again. Okay, and if you want to delay it from here.
So, this is a restricted crowd place where you can feel the security throughout. And this one is far. It’s the same approach. Right. You can enter it from here. You can enter it from here. You can enter Double-Click, okay, and you can copy and paste.
So, it will create an exact copy. You can delete and you can set up the status to enable or disable if you want to disable it temporarily to check something, troubleshoot something so you can disable and enable. What else he had to the policy set out in which we changed the way traffic are diverted.
So, let me move quickly if I missed something and okay, so we have all this command, which I saw yesterday, get it out in full routing table so it will show you the routing table in the command, okay?