Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 37
50. Lecture-50: Policy, Source, Overload NAT Lab.
If we are using so and we are creating so many stations and we have so much user insight and all the time they are generating and creating stations.
So, do you think this is the end of this method? No, because it will be exhausting. Six zero one four six zero four one six.
So, we have another method for our source, Nade, instead of the policy, we call them dynamic source named. Where is this dynamic, Sosnick? So, let me go to policy, because this is instead of the policy, we are still talking insert the policy and this is my policy. The reason we’ve done this one here is use dynamic people, but there is nothing. They are not doing anything. There is a place I come to is asking me to show me the pool.
So, I can create from here to click and create new dynamic people, either I can do this job from here, here and as well, people would want to see an object down. There is a people.
So, I click from here or there. Come here. Let me find a dynamic first. I help to create my pool and I’m here. There is no pool. We need to create new. Oh my goodness. There are so many other things now.
So, let me give them name. Werlau. In comments, anything now and then on which I told you and know me. This this one is viewed as. The interface which we use, the existing interface which we use, we call them straight Ignat, unfortunately, but there I told you this whole well, this is the actual work load now.
So, and dynamic, then we have four different methods.
So, first, he will do the first method. We take our world and we come here. Yes. And dynamic IP pool, we have one, two, three, four method. First one is all this one.
So, now we are in now. We are in the policy inside and we are doing dynamic net using the first method. Well, what is overload? All the means, if you how much I paid, the more you like the public I feed, the more you will be bought six zero four one six. But I’d be so if you are using to IP here, this one, if I say my external IP is 100 to one sixty one one four hundred and one ninety two 168 one one for that one one. How many IP. Hundred to one pin.
So, I have an IP then multiplied by six-fold one six.
So, they’d much bought a hill now instead of one one, I think it was only six zero four one six, if I used to public, I’d be Bhullar by.
So, I really get multiplied by this. Now, you said penalities. I hail from 100 I.B. to one 110, so multiply by this one.
So, they’re much more tightly held.
So, this type of and dynamic, we call them Salsman Dynamic World and we will consider it.
So, my well-known name, I give them this name with the same name so that we can understand this is a Lord and my range public. I be the expert interface range. I will buy more ipis public for this purpose and our plan reply to our request if you want to enable or not. And so my pool is created, but it will not work like this. You have to go back to your right before farnesene allowed all policy which we created for this purpose rather than to using that interface. I will say use dynamic and click on plus and it will show you here what Waltraud and choose.
So, this will rule is nothing but from a hundred to one 110 public IP range and now we have many board number and we can create ministration as compared to the one interface IP. Now consider them 10 interfaces before it was one interface IP. Now I have been interface, so I have done time and I forgot this digits ten times six zero four one six.
So, that we multiply is better to multiply rather than to sit again and again. What is this, four zero three six zero four one six and multiplied by ten. Now I have that much more than this one. Okay. The only difference between this one is this one. Keep in mind, you will not feel the difference because I don’t have that much system to generate the traffic and. Everything will again work if I want to pick one, it will work the same way like before, but now the IPIS will be assigned differently and first come first serve basis.
So, now I went to Twitter from this one to peace, YouTube and Twitter to Facebook and to some other place. Maybe Amazon, it will work and go to server three and being Yahoo dot com, everything will work the same way. But before it was usually one HP showing me one IP. Now it will be from 10 range. How are you getting ready? I want to form The View all session this time you will see the difference. The IP will be changed. Look at one that has been assigned one that one zero two. One zero three is assigned one zero three and the third system, one zero one sorry, yeah, one zero one is assigned one zero one by nature, it’s made by by the will be first come first serve basis. It can be any IP from there tonight. Please let me do the other one as well. Let me quickly configure one is in on one configure interface easier place. You know IP address 192 160 airborne dart four to five five. Two five five five five zero no, and if you don’t know anything. And so let me ask you about the 101st Airborne doctrine, despite what I’ve been enduring that said, if I being got eight, it will ping and it will be here as well, if I refresh.
So, wonderful will be assigned one dart.
So, it’s better to sort of beat them by source.
So. I believe it is. And the IP is four.
So, four has been assigned one for. Okay.
So, let me repeat this one time, and I am nimble and subtle, what I like think so, yeah.
So, someone is also going and let me refresh this one and let me refresh this one is Rick. And now let me see the three.
So, three has been assigned one zero three if I check one zero one.
So, one zero, I’m just building to show you one thing. One is assigned one one four one zero one. My main purpose is to show you what is the difference between the last one and this one, the only difference, again, is the source energy source has changed, but the only difference is last time it was using only. When I to let them know they are using Bhullar Bible to translate control, see, and I don’t need control, see, okay. And we can see from here.
Source said this source, Nadine. This is their destination, their wind and solar for this five one one six and SportsNet board is also five one one six. They keep the same board number. If you don’t want to, you can preserve their SO. Let me go there if I missed something so we don’t need an sosnick. Year for reunification, normally, I just want to see. Okay, just me, just so we can really fly from opposition. Okay, yeah, we get really far from commanders with.
So, if I want to for quite a while, edman one, two, three, I suppose if you don’t want to GraphicLy.
So, this the command policy, see from here is with so many precatory who so is better get system specialist so they support no, you repeat expire and this the suicide because one out with my insert IP address, the source support and the source is can move them to one to one, but one is translated to one zero one and one or about the three. No, it is, too. I need to look for another one. We have three, four system.
So, one, two, one dart one, one, two. It should be the end somewhere, okay? Six prior to that one.
So, I need to regenerate some profit from our one. It will come here now. Let me go back to 40, get control, see clear and you will see for now. Here, here, 101, Ford is translated to one zero four and it’s going to end a destination here a little Louis with a source named Destination and Destination, their local destination. It is nothing because you haven’t been your destination yet. We are being sosnick, so you can really find this one from this command is a really good system specialist. Either the best ways to really from here on the station. Let me go before this can really find some other place. Yeah, these two are the best way to otherwise come forward. And you can also see if we want to logs from forwarding traffic. You will see also.
So, source and I need to enable if there is this one is good for our destination there. There is no source, nobody did.
So, when we do destination we will come here. Its destination is written here.
So, no, you can read far from here. These two places are able to verify, okay, that this was the Saker.
51. Lecture-51: Policy, Source, One-To-One NAT Lab.
The dynamic inside dynamic, we held, third option, the second option, one to one.
So, what is one to one is the name suggest suppose if you have three in life, you need three external IP. The more you have internalized, the more you need public IP to prosecute them, it will be equally.
So, then you will see why we are using them. Why not go directly? The only thing is security. Otherwise, if you configure a private I.D., then you need a public IP to communication is like normally I give an example then if you remember and you get and also in Saudi Arabia, in every house, supposedly four people are living in one house. All four people have their own car. But in Pakistan, in India and the whole house, we have only one car for the whole house due to resources.
So, one to one is like a UK if you’re living in U.K. and in one house, his wife has your own car, husband is their own car, son in their own car.
So, whenever they go to shopping, they will start their own car and they will go there, too. This is one, two, one, and serve in the house outside. They your own car. Bisymmetry ScanSource Naib one by one. But in Pakistan, ironhorse India is as well. We are using this one. The first one interface one, we have only one God and will my brother bring it back so I will take them, then I will come back so the other guy will take them.
So, this is going one to one. Now, this is not like the other one. Let me go to live, then maybe it will work, but it will work on a first come, first serve. The person who came first, they will assign the IP if the poll is finished, nobody else can go. It’s the only issue in this one.
So, let’s do it in the same. We will use the same topology. This my one one 16, one one for his own site and one and two section one is my insert B, C one is one, two, three and four. Oh said we have some somewhat and internet. Let’s go to year and we’ll talk again. Again, we are doing in policy, Nate, so I will go to policy and policy, okay? And this time I will say I’m not using Mallord, so I remove Warroad. But really, you can create to create here, either come back again here I p’pool, so we already created World Glimmered that one, create new and this time say one to one. And choose one to one again, the range.
So, I said one one six to eight one one four da hunter 192 168 one one four, not one zero one. Let me give them. Okay, sorry. This is one little one. I cannot give them the. And this should be one zero two. Why are you here to use this strange 192 168? Do you think this one one hundred twenty six billion. No. Oh, yes, okay, you are using the other one.
So, let me give them suppose two hundred and two zero two because one is the one I use in the world. The other one, so they like give me.
So, I said my external and you start from two hundred and finishing and two zero two. Let me make them one.
So, how many. I’d be one. I’d be able to talk to three and. Okay, so that was overload because that’s why they gave me a now 200 to Boothville one. It’s, it’s not used. The reference means the first one is use. This one is not used that way. Let me go to you for policy again. And this time I will say I don’t need one alone and I want to use one, two, one. And okay, now you will feel the difference. What is the difference between this policy? No, first come first Bess’s FBC one, first do communication, the first IP will be assigned to PC one, which is 200 and we’ll be sure to visit two zero two two zero one will be assigned. And this third, when Salvatore’s try to reach it, will not work until these two IP is being written. It means nobody’s using them. Lizzi so let me go to PC one. They’re resorting to Italia is working and let me go to this one.
So, Amazon is working to PC working and let me go to server. Let me try being before the thing was working. It will not work. Here is working, let me rephrase. It is working and Amazon is working, but so it was a temporary fail. It’s not improving. They cannot. You and I can bring the IP deal tonight. It will not work. Yeah, it will start work if those two IP is being released to them.
So, if I go to what is 40 Blue Ulceration, so I have only two IP, which is being used. Two hundred and two zero one one that one used two hundred and one that you used 200 this race there were three Kanagawa because this is one one that the more I have the range the more my inside Buchenwald site. But in this case getting not only to a piece which is used. Yes. If I think this Alsatian then this speci has some chances to start work.
So, let me say, okay, no, wait a minute, decision and look at this started, it gives you the time to the first date. The second might be the same. No wonder that because that one three is one three, if I should, you know, he’d get the chance.
So, if it give the chance one three, so station is showing me one that is use and one third one, so he has been not using one but two. And who is one to two, then their P.C. will not work anymore.
So, there is one part of the species too.
So, I don’t know which is waiting. This one. It will not work if I click on a Facebook, it will not open again, same story if I stop this thing because he is using the IP. One, and if we are there, you have to wait for the washow they have some time until either you can disconnect them like this way and say, okay, now this will start, it will be released. And is Facebook whatever their existing look at is starting on Facebook before it was just moving it on. This is called one to one it, and also you can really find this one, if you will, to get to men one, two, three to command base. Get system. Station based.
So, why not do that using two 01 IP and one not the one they’re using 280 again. We are using sorceror destination. There is nothing there because this is not a destination that we are using and we are doing source. 30 Matarazzo alternate and second Mytilene dynamic that we are doing. Let me come back yet again.
So, insource Nedved an interface, then Rearden dynamic. Werlau And this one is one to one.
So, why they’re calling one to one, because also we are planning to IP, right? Yeah, I mean, and Cisco, you remember, we call them Dynamic Bull. Yes, yes. Yes, we call them here. And it was the same concept there was as well. But they changed the name to one to one, meaning there was the concept is a dynamic sort of dynamic.
So, you have Bhullar pipis.
So, on first question basis, you will get the IP.
So, it means a thousand people can go outside, but at the time those people can go to the one you have arranged.
So, we’ll be able to range so people can go on. At the same time if you have been a piece of brain.
So, Ben user can go on the same time. This the only disadvantages of this one. Otherwise, if you like, I suppose in your house you have to go to two people at the same time and go outside.
So, in the car is big. The other two people can take them to go out.
So, when they are coming back so they can use them.
So, anyway, they call them one to one. Otherwise it’s not the name. They changed the name. I mean the naming, by the way, which is not fair, but end of the day, concept are similar. Okay, so this is a done. There is nothing to show you more. This the way to do work one to one.