Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 55
75. Lecture-75: Configure SNMP V1/V2 and SNMP V3 in FortiGate.
Another topic is how we can configure S&P because we discuss S&P and five courses, I remember most of you guys take my five courses.
So, let me go through quickly those who are new simple network management protocol, S&P, we are using this for monitoring and management purposes. It’s an obvious application based protocol. It work on, let’s say, one. Reconfiguration and be under water switch for a while and many other devices to monitor them, it can be read-only and it can be retried only it’s an abuse using a UDP base. It’s a UDP based user data. Graham is an agent, is using 161 bought and for trade message is using 162, you know, premises. What is and what is agent communication? There are three things. It’s an MP manager, either enemies, either network management system. The server is Olympia’s install. We call them as an MP manager. And there is an abuse configure. We call them as an MP, just like a firewall router switches system. There is an MP agent. Another thing is management information base might be MIB is basically pullup question, which did to the US is asked with each other. It’s like a database of questions. It’s an empty message. It’s an appeal, has many messages, get a message, get with basketball, get get next and trade message. Whenever something goes wrong in these devices, they will send that message. Maybe I mentioned here, like the interfaces don’t. It will send us an MP manager.
Some of the messages using by S&P of the software, which is installed like a good bank, they say, give me all the information all together so they will respond them with good response. There is good message and certain messages will sit as used by S&P managers when two cents change something and get next to get next question, because we discussed this in detail. This I’m just going through quickly. It’s an AP history word and it’s an important one. S&P, too, is an arbitrary one and two is almost similar. They are using a password, which they call them community string. And S&P can be configured three different way. It can be configured or securely and it can be secure and can be configured unsecure. Most of the time, as an importantly, is more secure, but it can be configured as unsecured as well. That’s it.
So, the same thing we can configure for to get firewall is as an FBI agent as well.
So, whenever something goes wrong and for the Great Firewall, it will send a letter to the S&P Saroya.
So, we will use the same topology, this for the Great Firewall and let’s create this is an S&P server. This Window XP.
So, let me log in like the last time we use the majority of people. There are many applications available. You can use any application. And let’s use a simple application free of cost, just one to just to see how it is working.
So, let me download Google dot com. And there is one application. It’s an MPB. And also there is another application which we call them free is an empty server.
So, let me. Three is sending B. As is and then be. The for. Okay, so there is one as an MP, not as an MP, manager, free as an MP manager. There is one implication.
So, I just need to take this one or two things with this one, either this one.
So, let me download and make this or what is a really good one you can use. There are so many is an MP, but I just need the simplest one just to do early, otherwise get a reward and so be are big and strong and so many others are there. But anyway, I just need the simplest one.
So, let’s go to this one. Power is an MP to download. This one is the free one, which we can do our job.
So, let me download this one and until I download, okay, let’s configure. Firewall, firewall is IP on narcolepsy or interfaces are configured or not until they’re yes, 100 are 234 and one that one will give to a steer.
So, let’s configure this one is done. Yeah, it’s almost. Done.
So, let me run it, okay? There are many people, by the way, I just want to use this one in real world. It will be very good application, which will show you CPU utilization, RAM utilization, bandwidth detail and many, many things. The one which we’re using now, this is a simple one anyway. It will install. Let’s go to configure it.
So, what we need, first of all, an interface. We will send a simple traffic to unhitch interface. This might is an empty server.
So, on which interface. Board one. That one. Keep in mind you have to enable there is an MP. You remember we done this one administrative access. It’s an disable but otherwise it will Nagwa choose this one. This the first step in Enoki unmetered.
So, this interface where they will send the traffic up is an MP now quota system and there is an MP click on S&P. This might be reach out to new management information because now there is an MP. Again, this this firewall is like I told you, there are two things Agent and server description.
So, I say 40, get this if you don’t want to give it to get four digit firewall locations.
So, we say, oh, I’ll be a firewall. Suppose, so. That you know what is installed. This one in context. Suppose, I it in my early. I do to do it again, so it’s going to be one, two, and it’s an MP three, if you want to configure one to create new, what is the community saying? You know, the password. Suppose, I say public. Any password enable IP address where to send the traffic.
So, you want to send them here.
So, what is the idea of this or what, 100 or 200? So, every time one nine to do 160 years, hundreds and hundreds a the here now they say what? Only Read-Only we know. I just told you that there are two or three. I say exurbia and send messages Werdum one board number one sixty. When I told you there are pupo for trade they are using 162 and for Naaman communication they are using 161. These are the thing. Look at home anything. They are sending CPU utilization, memory optimization space. You tell me Pantanal.
So, many things but unfortunately we don’t have a proper application. Is an MP to see all these. But anyway, look at a lot of thinking BCO far whalin as an MP, which is very good energy.
So, more than one and two is configured. If you want to configure what is a what region three which is secure one me is an important then one to then I would show you this one is done from this. Arvidson enable enabling interface and configure here. No come to listen and be manager and as an MP, politician and parent or as and and which reinstalled them to work as is an MP. Click on it right. Click Daejeon and click on Air Daejeon. What is Age and IP 101. Six year 200 are 234. Justifier why Libia 234. And what then to what is the community we put public there. If you put something else you have to change here and oxidated. Look at a showing for forty years for what it means it’s working. If G is the name Enoki now, anything goes wrong there, it will show here. And you know what Mamre. Give them the Iftah description. See if I click on the system, come back it will show my name this one already.
So, Gondek name is Madali and System Mam was forty eight something Iphigenia and system description for the Great Firewall. We give them this description system, name system location. We put them out one each, five to one. If you have so many devices it will help pull. If something goes wrong, it will show you that each firewall is done.
So, now everything is here. How we can see.
So, now let’s change something. Either down something, either connect something. Things I suppose. No, I can add on this one. It the water switching down the interface or do some other changes by the way is not necessary.
So, let me go to interface and just put this to the best so I change something. Let’s go change is there not. Still I’m not receiving I will with you. I need to receive and let me check this one is a oh it’s listing on the wrong interface. Has to be this one. Okay, ok. Let me check again on one six two because the messages coming on 162 in. Okay, and now let’s do some changes again. Okay, so let me go to dear. And best one, two, three, are you done some changes and now let’s see, can you receive log’s? The show is showing by the very need to receive loads here, it’s listing 100 DARD 162 and listing on this one.
So, by the way, this might be here to receive some love.
So, let me do some more changes. We choose what to do. Let’s see what can narrow down some interfaces. Well, no, I need to configure something we just showed you. Okay, let me go to switch and disable this interface, by the way, so it will be done. But I can’t I cannot see your screen. Same for me, also said. Okay, for some reason, I’m I’m seeing that you’re okay now. Oh, okay, ok, okay by mistake. Okay, so now let me go to switch and disabled some interface so that we can generate some logs.
So, to enable configuration interface is zero checkdown.
So, I bozkurt will generate some logs and will see here. I just need to show you some log for some reason if you do something wrong in firewall either some changes.
So, it has to show you here Bill. Now I’m receiving for some reason. Either it’s taking time or something, it has to come, by the way, up to now. Let me click on creating it. It’s yeah, it’s reachable, so let’s do it again and no shirt on and let’s go to to one and do some other changes. Let me create a steady growth year. Okay, so, oh, let’s create another round 192 and 68, the dot under the two and gurdwaras 192 on under or 200 and one interface. Just let me do something so that we can see the logs. You still for some reason I need to receive the receipt here, the logs, by the way, and let me create a user as well and the I will receive. But for some reason it’s taking time or some things. Let me create a user here, ABC and one, two, three, one, two, three. And administer to right. And okay, now I don’t have anything. I hate to receive them right now so I 100 Dortmunder. Okay log just listening on this one. Sixty two is the trade messages if something goes wrong.
So, for some reason they are not sending the logs properly and you can see the log. It will be by the very visible okay and clear text if I right. Click and gives. Sure. This board you will see is an MP logs there which they are sending out now.
So, let’s see, it’s an MP is there is an MP, okay, so it’s an MP they are not sending.
So, it means let’s go to interface. Okay, and it’s an MP has to be in there Bill on the interface. They are sending the logs.
So, yes. By the way if it is not then it will not show you. Okay, so okay. And let’s see here something still we are not receiving. Let me delete something. It means it’s not something. That’s why I thought maybe it shouldn’t be, but for some reason.
So, it’s fine delete as an MP.
So, let’s go to as an MP again system and go to as an MP. It’s in a page in the name. And let me quickly double check this one public. Oh, okay. Yes, correct. 100 or 200 is or IP and that should be anything. Query and everything. Yes. Okay, it is nothing wrong. On board, it’s not sending the logs, so what can be the issue? Oh, let me double check this one, 102, 168, 100 or 200 and probably enable no need of secret IP and trade messages. Okay. Oh, oh. Okay, your policy may be not there, so it will stop them.
So, let’s see policy in our view, so let everything and learn to read source is all because normally it’s not an urban interface, so therefore it has to be normally.
So, let me choose on an okay. Okay, now let’s see, we can see it’s in heavy traffic on board, one is an MP, so still I cannot see the traffic. And let me create another policy. Okay, and for the last time, I need to see I don’t know how is not working, it has to, by the way, and it has to work as an MP as enable. Yes.
So. And now I need to see the traffic is sitting empty still, I cannot see it’s an empty traffic on this interface. And by the way, it’s enable let me double check. It’s going to be okay. And you’re let me go for the last time system as an MP. It’s an giant word and one word and two. And it’s okay. Yes, come up now.
So, now if I go there to look at now, these are the laws which I am receiving.
So, they say this the board no. Wants this to be somebody change because I make them straight, okay? And it’s like now if you do some changes.
So, let me go to the administrator and create a user. Suppose, A, B, C, one, two, three and one, two, three, and give them anything I just want to see so the traffic will go. But it’s visible by the way, you see, if you click on simple according to what is the community public issuing in clear takes everything. What do you do in public? We put the ideas or called the community the password and the same thing it will show here. Okay, so this the system, you are the name we change. It is not still year to year. The administrator we created that trip is still not here. This trip message and getting other messages. Let me quickly show you those get messages. If I go to my server and say system description, great.
So, this is a good message. You will see, get here, get response, get request and get response and trade message, which I do know there are six messages right here.
So, get a response. I get request, which was I think I get requests, I mhere, there is a get request as well.
So, I said get requests so and they send me great response here.
So, get request, get response and trade message three messages. You can use certain message, as well and Hezbollah messages. Well if you want to get all the details at once, I don’t think so. There is getthere. There is another it’s a tool which you can get all the details all together, like if you want to choose on and get the detail.
So, for that purpose, you can use them.
So, now I’m receiving, but in real world, it will be a good software which will show you the bandwidth detail, everything that will be visible. But the main thing is how to configure your side is this part.
So, it was so easy, which unfortunately for some reason has stopped working. But the interface which you want to send is going to choose that one. And the simple thing is just go to system and click as an MP, put the detailed extra description and it’s an important one to detail and that’s it. But it’s an important three. There are three categories to create user name. It’s required it’s not required a community.
So, I say user one, no authentication, authentication and privacy. Three, type privacy and no privacy is I told you here it’s an MP can be configured in three different ways. No authentication, no privacy authentication, no privacy in authentication, privacy, which I explained them in five courses.
So, let me go directly ensure you if you no need to look me CIA one authentication which authentication. I use it and define what is the password. I said one, two, three, change. Let me go. One, two, three. Do you need privacy.
So, I say yes. Which privacy. A Yes and I want to change a yes. Password is real to change the traffic. One two one sixty eight hundred Dortmunder this the image in a Massawa again pretty soon and everything is similar like it’s an important one to keep in mind. User one and be five and a yes password is one, two, three and okay and now my is going to be within three is configure with the third option. The more secure one now would do as an observer rather than now delete this one because this is an important one and two. Right. Click here. Daejeon Erdogan this time one nine two one sixty eight hundred two three four which is five one IP and choose Werdum three. Look at what again. Three is asking them in their means username.
So, I say user one authentication password was one, two, three. But I receive password. I put one, two, three authentication. I use them five and privacy. I use a yes and okay if true here.
So, it’s ok and ok. Now let’s clear this one. Because now it will come as a Virgin three, so let me clear this one and now let’s do some changes and you will see this one.
So, let me do. But this time it will be encrypted. Look at encrypted. Up to this point, it was what Google wanted to know. Is it encrypted? PDU encrypted video? Look at I cannot see anything. It’s it’s an important three now. And all the traffic is encrypted now. But if you go one up, look at S&P, Magento and public is the key. This the difference. Every traffic will go now. Encrypted Werdum in here I will receive. Okay, now let’s do some changes so that we can see.
So, what I need to do, go to network interfaces and gentlemen professor’s description.
So, let me go there and change this to ABCDE and. Okay so it will send encrypted is what three and we will receive them.
So, it’s still not sending and let’s do some other changes and hopefully we will receive some traffic here. Okay, and let’s do some other changes. What to do. Let me go to the system and let me create a policy or something.
So, let me create a policy level two or three all on and okay, now let’s see again for somebody that is taking time to receive the traffic. By the way, up to now we have to receive encrypted BIDU and it will show you here, but it will be encrypted. It will show here. But and the way it will be encrypted.
So, it’s taking time anyway. You can see now this will be like encrypted S&P Worryin three anything. Let me see if I missed something.
So, we then as an agent Wardian one in to community stream and you can newsis our country as well, okay? And you can choose here and you will see the traffic. That’s the thing which you can verify.