Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 21
26. Lecture-26: MAC Address Based Policy in FortiGate Firewall.
We will create one policy to restrict a user by making a dress. There are so many ways to disagree in the policy. Right now, the user can Google, this user can go to Facebook, and if I do what I do, I don’t know which one I. These two, I will be home to as well, both rock and on the same time from here, one peace two, and we can see the trophy from holding you and we’ll do Alsatian.
So, there will be one in to this hour to pick one and two. This one and this two pieces are going for the first of our lives, living, to be honest, and then we’re going to Facebook, etc. and we can see from sources where two sources, one down to it on that one, and we can see from the logs report in. Terrific. Let me clear this filter. To show what? This the one, two and one of one. Because in all honesty, everything is allowed this our policy, little community, this policy domestic matters, is more clear. I don’t need lying to them right now. I have only one policy, which is Lamduan in a lot of everything. That’s why I bought the system again, ENOVIA. But I want somebody station. Using the Mac address mechanism, we know media access control, we can do a physical address, we call them hardware address, we call them in a serious, we give them a physical address. And so in the name of this address is for the Eggbeater address and just number in hexadecimal in the system. They will make it, if you will interface. You have will make an address if it is a logical interface or physical or whatever. You can find the address by a conflict on either way, I think it’s up to you which command you want to use and you can graphically see and you can if I say to me, it will show me all the major addresses in my system.
So, I have six interfaces on interfaces. I will make it as physically reciter. This one.
So, what I want to do, I want to rescind the policy by making a dress to lipstick, make a dress of one dark one, and allow the Lipke one not you to, like, make a dress.
So, what I need to do, I need to go to pick one, I don’t know which one is pick one.
So, let me close these two and let me do to this and find out the American address console, okay? And let me go to the terminal and I’m going to fix this limbic system, so you have to time to record them. How related is this? The hardware address? So, I will come here first. I need a you to policy and object under a policy that is Andres’s we will discuss in detail, but right now I want to create one address. Creating a new one interest and give them one major is make whatever you want, do you suppose that the icon and what type of interest you want to create, say. It is this one, make it. Is there the time to make a decision, this parliament, you can give a single address or multiple? So, what is the major address? Because I cannot copy from here, so I need to do to type in.
So, this C, e, ulen, seven, eight, three, three. And I don’t think so.
So, let me try. Or and if. Say one. Six for. If we face some issues, then I will make this to or either year or zero. I am not sure.
So, I believe this the or and from which interface it will come from. Lynn. Any comments you can do, like A, B, C, one, mandatories wonder, what do you want now is created? And it will surely in the policy now don’t worry, because when I was creating, there was A, you know, B, C one. This one, if I click in sexual and interest list, it means you’re in for the C. Now, I want to modify this policy before it was allowed for everyone. Now I said the source is not our source is the ABC Wanamaker’s, as you remember, we just created in Gleek. Now, we restricted the policy by making it less than anybody from Lane going to end source making. This is this one we put Democrats in this address. It can hold anywhere on the dial for all services and logs the station and okay. And this is the only policy review there is our policy to do that, because you know what? Let’s do this. This one is working on an art.
So, this one is working because we assign this one to make it address.
So, it can go to Twitter and it can go to Facebook. Yes, now listen on this to. And we’ll talk again soon and try anything before session, let me go to wait until nightfall. Because in our policy, there is no such reward for this guy.
So, they can not go to Internet. Because it will reach here, it will destroy this second one from top to bottom, it will check it out from top to bottom. First it will check that I’m from Lineas, I’m going to Venice is my maker. This is this one. North London makes policy next Wednesday, Thursday night. And then it. But when you see what is coming at you from Berlin, he said, yes, are you going to win? He said, yes. Does your maker does this one? You say yes. Where do you want to go? You can go anywhere. You can go any time and you can offer any services. And you are accepted and you are an agent and there is no restriction on you.
So, this would be making it is based on a district. Now, this one is getting low. But the other piece, you Conargo.
So, this is our policy. What we’ve done, we went to policy and our budget addresses, we create any major address for the makers of the ABC, then we give them the source of this. And then when we check.
So, this is going to end the rest of any book, an article for verification, you can check from so many laws, we have so many, we have to forgive you, ulceration, and it will show this. I’ll be one of this one and also, if you will, the logs and all forwarding traffic. And when you click on this one is, you know, there is a detail, but when you click to see going to and all that thing mentioned here, which policy has been heard and so many things. You can find a more detailed we do monitoring station of these in detail, what is this? okay, and we can see in more detail also from source, so you can see the source which policy is being held and so many things. Also, the logs, which I told you, you can go from the diary to see the logs.
So, many were toward you. Because we have a long weekend drink from source, which is the source you can see from here on that one, because the other piece is Nardiello, you can check their destination. We are entering destination, okay? Also, you can see the bonuses. Which policy has been there? We have only one policy lent in an all station where you can check and also from Besch. More from and DMZ. We can verify from here why there is where it will show me their top source sort of sources. Wonderfulness is in this one because in their time it was the largest sources here as well. And this nation is Google most of the time.
So, we can we for you from here.
27. Lecture-27: Local User Based Policy in FortiGate Firewall.
And we will create a policy by local user because we want them to integrate the 40 year old firewall with a tool directory, which we will do later in the polls. Right now, I want to show you if you want to allow someone by user in the policy so what you can do, but then use that we will create locally in the 40 year later, they will show you. You can use Timbalier, you can use it to get into the interior to 40 year firewall.
So, what we need to do first, we need to create a user locally. And if you need a group, you can create a group, as well. This is the way to create a local user. When your user is done, what do you need to do to put in the policy and then when they login, they have to put the user to log in to use the Internet, either to use the resources to hold it to. First, you need to create water to use it in device. Don’t worry, we will discuss in detail again, but it’s connected to our policy.
So, that’s why we are doing what the user definition and create one local user.
So, here are so many where we will discuss in detail later in the day and into law and so anything right now I’m doing local news next and give the minimum of user one. What will be the password? One, two, three, next. Just described them to the other direction, if you want. We will do in detail later on. I don’t need anything. You want to go? Yes. You want in group? No, I just need one user just for this purpose. It’s created. It’s a no go to policy in budget, our main being, okay? And let me give you this one the first. It means you will not go any. P.S. One piece of you is allowed by I.P. address this piece. You do IP address if I will do the first piece. This will be not allowed anymore. No, he can go now this way, because before we know them, winemaker’s and I deleted their policy. Now, I want by user, it’s not going to clear this one is doing this because up based on makers, it’s going to but one policy is being DTT. It’s not a view. Let me create a policy this time by user.
So, P.S. one user incoming is definitely Lenn going to win source now list these things.
Sources use at this I’m not the is willing to say can do and what is the user name user. But don’t give me some error. There’s the user but from where this user will come from, which B.S.
So, I say this user can come from any B.S. inside the PC. It can log in from anywhere inside the lane, but it will be user one.
So, you have to be on as well and destination. It can go anywhere and can use any services and it will be nature and opposition will be regarded and get. Now, this time, I created the policy by user. P.S., one by yuzu, you want to look in, come on by using. This just to show you, so now if I go to who is already asking open ended for glugging, you know, it’s asking, so let click on the philosophy user name.
So, what is the user name? You cannot do anything until you put the user name.
So, user one and password is one, two, three. And, you know, you get a login. Why is asking again, by the way, let me put again. Okay. There will be a to continue. Okay, let me do it again. It’s asking for some reason it would click on anything if you ask for the username and password and it’s going now because I put the username and password. By the way, how do we know? Let’s go back there. First thing first, this policy will be held. The use policy, so let’s do it if the policy is being heard. Yeah, there is a traffic bias. Second thing I can really if to monitor. There is a monitor and there is a firewall user of this one. And it’s user one is logging and is using this, let me be scanning them. Didn’t pick it to the right and to you again. Now, if I go back and click again, it will ask the username again. Okay, it is to us, by the way. Let me go again, he wants you to continue. In Los Angeles, search continue and is the user name.
So, I say use that one because I created only one user. One, two, three is the password. When I click on, then, you know, they can use the website and everything. Until it’s been disconnected here, if I had information that one will be a game here you can find under monitoring monitor firewall, using a monitor. And is it a slogan from one dark one I be in, it’s great and terrific is being served. One foreign fighter in the middle of this fireball means there’s a local news that if there is no war because we did not create a new group. And again, this year, and again, we will do it later on anyway, and detailers when we want to use it, but anyhow, you can write a and you can declare to remodify. And also you can see the traffic from so many places.
So, they stop it and they use it for the user. And you can see why they’re really eager to show you some logs. Forgot to show you last saw. It’s already authenticated again, I think on this one, they use it. I think so, because I am looking for A, B, C one. Is the big one, so let me click on anything. It’s moving, it means I am authenticated no more then one of them is you do. I don’t know which one I created. I think so. This one out of this. Oh, my goodness. Each one is. I just need to show you something like this, right, if you hold the source now, it will show the user name is real, the IP. Look at this. The difference. That’s why I was very happy to be here, to show you I should use that one, but then this one is narrow. And also, if you go to law and order forwarding, the traffic unit will also show with you that, you know, the IP address with one or two. There is no nothing from here to here, but when one is targeted to issuing user one. Now issuing user one, is this the only thing to show you? So, this is the policy. If you want to restrict someone by user and you can see the report from fibrotic, which I assure you, and you’ll get rehabilitated or disabled from the animal to monitor the final rule. And we are going to do it again.