Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 38
52. Lecture-52: Policy, Source, Fixed Port Range NAT Lab.
A source made in dynamic video, a third method for export range. Let’s discuss what the export trade between our two export range. You know, in one to one, we can define that majorities more likely, by the way, but in one to one we are supposed to try be so those three can be utilized at the same time. But many you can use those three therapies because we give them a range that is average first come, first serve basis. You can go and use this IP button for export, which will be worth the board, but IP basis. That this IP can use that much? No, because we have a limitation of all those phone number, which I didn’t hear when I speak in support, six zero four one six. Let me show you from here, maybe you wilal this a bit confused, this one. This football drink, suppose I have internal system. And then the suicide in my case, I have 192, 168, one dark one, one, two and three and one that for. Which will be translated, I suppose one might be. Either more IP range, IP.
So, but maybe I will give them specific Bordewich.
So, but I can use only those board range if they exist there, and then I’d be there. I will be useless. They can use up to their range of pipis.
So, that’s why the name is fixed. Paltridge they will give them for export. This is your range of white board, but I bet you can use this one last time. The first one interface was it can use up to these IP six zero four one six, but this time they will be wired them. By Poul. The more you poll, the less you will be assigned, it will be.
So, you have to be able to work from five one one two. It will be white based. Suppose, if we are five people and we have something to divide.
So, it will be divided five times.
So, we will get less. If you are two people and the same stuff, it will be divided.
So, we will get more.
So, this is what we call it. But in Facebook, you have to define your internal range IP as well, that these people will go outside. But the IP is similar, either you can give them the range, you can give one IP as well. But board will be divided, but I see why you will say why, why we need this one. Suppose, one user hears accessing the website and then accessing Twitter, Facebook, suppose and so many teenagers use using. And when you come in said there is no board to look at who was there, why we have so many people say no person use everything, like maybe in one house you have a brother, but one is you do too much and they put something and you just want to wash your hands when you come back, nothing is there.
So, you see way what I believe this is finished. Everything will say, why are you here? To keep something aside for me. When you married some food, you have to make a that this is part of him. And then when he come from office, he has to eat because they will finish this dinner from him.
So, for export meat, no one, not one person. If they are eating too much, they would say, no, no, no, no, we don’t have any much. The one which they keep. But your brother. This end of this, what you can see so far, export will allocate bribes in this way, one person will not give a all the board, so nothing will be left but other bribes.
So, if you have an environment like this and you are worried that one person is eating too much and the other one is not so used to export this, the only thing otherwise is not use in real world too much.
So, let me go to find one. And how we can configure for export, so if we want a policy. I believe what policy? Hello and Go2Net, again, this is coming under a dynamic category, close this one and we need it. Nothing is there. Again, we have to go to all people that you can look from here to create.
So, let me show you from here, because we already created to show that you can see and create new this time, I will say, for export. Fixed range. I give them the same name, so overload you can use again and again and you have a range of IP, so you extrapolate one to one is the only one where you can utilize only those IP, the one you average. But the rest of all three is there is no restriction.
So, now for export, this external one nine two one sixty eight one one four two four. One hundred and one nine two one sixty eight, one one four 250. You can give them a range and you can give them a single episode, no issue issue is here. This one one nine two two one 68, one dark one is my first IP and 192 and sixty eight one dark three is the last one. One, two, three, I exclude this guy, so we will not accept anything, the port will be rewarded and these three guys. For export education. Because I have only one I saw one eye begins about how much, Ford six zero one six. It will be divided three time.
So, when I can use the airport word, celebrities finish their to where they cannot use the other guy for no Inoke. Now to Policy I for policy allowed URL and click on dynamic and use export range. Anokhi. Okay, you will not see any huge difference because, again, they can more people can go on the same time because it would be not exhausted.
So, if I want to station and let me generate traffic from here and let me generate again another traffic from Sam might be in Sam Tudorza, this one guy can go to Amazon and some other thing. Yes, they can go they can go to Facebook. And they can visit to the same time to Amazon and they can visit to Wikipedia as well. And also someone who can visit them the same time as being an odd one on one, Will Nardella, because I did not put him. Normally, he is not taking dinner, so I asked to remove them from their dinner.
So, this is also very important.
So, if you have yuzu, you have to include them in internal range, otherwise they will not go and it will not work. Really.
Sorry. Or is he an object, I’d be fool one to one, sorry, not one to one, the other one fixed for it.
So, it’s going only three.
So, they give them the ball to three only. But when my brother came in there, you know, he said, no, today I will take dinner.
So, they said, no, no, you are not taking dinner. That’s why we excluded. It’s not working.
So, let me put them forward. Then the boat will be less now and he will start working now. But now the dinner, which was ready for three person, unfortunately, your brother said, no, I have to take now, the board will be divided more, it will become less. But I be this the only difference.
So, this thing is clear that this range is important, the internal range and for export and also for export means, but IP is allocated a specific range. And when they exhaust their end, they will not lose any more station and how we can really find gold before 4:00 p.m. And if you check the station, everyone will be assigned to fifty to fifty to fifty. But this is not like our interface interface. The first one. Remember the first method, interface one. What is the difference? Here we are also using one IP here, whereas one might be the difference between the interface one and this one, for example. Let me show you how many import we can use for IP six zero four one six. And this one guy, I suppose he generated a huge traffic. Go to Facebook, Twitter, this, and they create four and all the board utilized by this guy. Even though many people can use this idea to go out, but unfortunately, when the other guys try to, it’s just so far we’re told. No, I’m really sorry. We don’t have much, but we have that much wood, which all is being utilized by one this guy.
So, unfortunately, I cannot take your traffic even though I can pick because I can convert. I like you to one I beat. But this is meaningless. Useless because I don’t sell any pork which used by when I beat them. This guy will ask this fight one way then why I’m sitting here. If one guy is eating everything and nothing is for me, then why I’m here.
So, the solution is this one for export. Where is where the hell is too far? Mean there was this no this one Facebook. Now, the same story to apply here on this same apology now, this time reconfigured for export.
So, sorry. Now we know how much we can look at, but again, we’re using only one IP, two fifty six zero four one six. And how many system you in? Sorry to it will be downloaded twice, I suppose. I would say 30000, but this one.
So, when this guy tried to go out and create too much, we need three to thirty thousand. They will tell him stop. That’s it. Then this guy will ask him no, no, no, there is too much. Let me use that one.
So, that’s why I wanted to ask him why. And what about their today what he will do if you use the other one.
So, and this one, the method which we apply now. Now the firewall can ask them that you can not use more. You exhausted your part. Now the remaining is belong to someone. Is this the only advantages of sport I tried to show you in real world scenario and now the rest of thing is the same. One wonder to wonder three one for every IP is translating in one IP. It can be to IP as well. Don’t be confused. The only thing the board will be more so is if I would to people for export range instead of one IP, I can move before it took it. The only difference now I have more power to divide, the more internal I will get more taxation and they can create more taxation because but I will look at those this all the time. Six zero four one six. That’s it, and you can verify it from anywhere graphically and also you can use.
So, now one part two is using pool 51 because he increased the only one, no one is using 250, 250 and 250. If I generate more traffic, it will allocate the other IP as well. It can be any IP. There is no restriction.
So, the three method which we’ve done, there is no such restriction. The only restriction is this one one two one one load has no restriction. Stating there is no restriction means but IP based and flexible. There’s no restriction. Yeah, there is a limitation, but limitation is different thing. One, two, one is some restriction. Only those people can board them. The more you have, all the more people can do this. The only thing in this one. Okay.
53. Lecture-53: Policy, Source, Port Block Allowcation NAT Lab.
And sources and he inside the policy is in dynamic, basically is for block allocation is the same concept like of export, but this is a block of education. We create block size and produce. And I told you how they identify this one. Here it is the formula. Suppose, we hear external IP range from one to suppose one IP, it can be dangerous and blocks is 128 support IP. How many will because we are using one IP to be wired 128 blogsite by their six zero for one six.
So, total possible block will be four seven two because one IP and one IP we have six zero four one six four one IP. If it is two IP then you have to multiply and then one divided by 128.
So, how many media here, a black size four, seven, two and black per user and supposedly it user.
So, one point, the aid multiplied by we almost one zero dofor per user maximum port, No. You can understand this is a difficult one. It’s like a sport, but this one, this this time is for the user and blog sites, they looking at them.
So, then how you can find out the maximum number of gentlemanlike begin to handle.
So, before this, when I be when I be, how many can afford six zero four one six divided by per user.
So, the user is one zero two four.
So, 59 to 59 i.p can be handled by this blog sites and blog user. Anyway, you will not understand this one. I don’t know how to do it, so this is the dynamic one, the last way to configure it. You can use a single IP and you can use a range of IP. How we can configure them again. You have to come to IP. All created IP will create create new. And the last one is this one. Board, Black Education. Click on this one, give them support, 192 one sixty eight one one four one fifty and one one sixty eight one one four one one fourth of my external library and I will use one IP. I will use that. You can increase and decrease this one, but you are required to follow your IP range and okay and will do policy again. We are using insert the policy net. And choose dynamic, remove this one, by the way, you can choose multiple well. It’s not only so it will apply one thing while the other, so it’s not can be won only in dynamic anyway, poor communication and okay. And there will be no such difference. Everything will be accessible and only one IP will be used, but they will look at them a block of pipes to use.
So, everything is accessible. Amazon, Wikipedia, everything. And even if you drive from someone, so what speak and you want from one, it will work, okay. And if you check from here admen. One, two, three. Good system. Station, just so you are using only 150 IP, which we assign, and again, we are using soullessness destination. There is nothing and these are the IP one, this is the IP and there should be three IP as well and four IP as it should be in the data somewhere. It’s just to. This is war and this is three, all of the money is one but four days allocated for blog sites. And also, you can really find graphically if you come to for the view on the station is the best place to check them. One fifty one. And it’s better to check the source subject by one by one, I think.
So, one is using one fifty. And if by chance to do so, two is actually using this site. And I hope you see three years or so and I hope this report as well.
So, they are also using the same source IP.