Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 7
9. Lecture-09: FortiGate Firewall Initial Working Lab.
And lastly, we discussed some basic stuff, 240 here quite a while, so let’s create a smart apology, initial working live. Okay, then how everything is working and the one thing we required to configure it for the year 12 was then step by step. What day? What is coming in? So, we will discuss in detail. Okay, so we will use a small technology to configure for the Great Firewall.
So, let me go to three. You can do the same thing. And even NGOs, if you have an issue, let me know. I will do an E as well. Okay, so let me break a firewall from here, okay, which when Installed last time.
So, this is a 40 year firewall and from here I will drain the NAND cloud, which will provide me Internet. Okay, so no, don’t change anything here because it will show you two things. No need to change anything just.
So, this is my internet. Let me change it to. And I did ask you, what do what do you want to give them and next time I need one system. I did, too, it’s up to you to let me trade one, Wiltern, okay, if you don’t know where our are doodlebugs, I will show you.
So, this is one inside. Okay. And this one is my favorite one. And this is Internet and that’s taken. And the other thing is, well, what the management told me to pull out from here, this is my management interface, not a cloud in cloud is different thing and cloud is a different thing. Okay, so this one is my this will be in GMT, this cloud. We will use one management purpose to connect you to this device and take graphical user interface.
So, in GMT, this is Internet.
So, let me connect. For one will be to the Internet to interface. Or two is my land, okay? And. Board three is my management. Okay, so before doing management reach interface, click on this, this cloud, okay, the one which I drakula config and change it to. Let’s see, you can use Ramonet when you are a physical interfaces as well. My Wi-Fi, which is connected right now. But anyway I will use Lubic interface. I already created one Lubic interface. If you don’t know I will show you that one is way and your system. You can create a Lubeck interface appliance. Okay, now I will connect all number three to Lundbeck interface. Okay, let me bring this one and make them a line, okay, in this interview, and then we will do audio and let going to both and make them a line here. This way. Okay.
So, this is management, which is connected through Lubic interface. Let me change. The symbol made in my whole team was that we know this is old management interface, B.S. suppose clanked. Okay, so this speak, come on, management, see? okay. And this one is okay. Right, click on this, because this is our go to edit configuration and assign any static IP.
So, the removal from our tool here from here and here, the other minoring. Suppose, you want to use one grainge.
So, a one, not one. This is bcuz one and Gurpreet will be one down one hundred. And this is DNS, DNS. We reduced DNS and we just googled DNS. You can use one one one which is also DNS.
So, I know. Okay, whenever you do changes and the device is on, the longer you have to make them start. And. Don on again start. Okay, then this one is done.
So, this started falling, we are losing disarranged. Let me put here so this one is dark one. And the danger is this will be harder. Okay. Done and only done this. And this is intimate. Keep in mind, Internet is a cloud.
So, next to this, to how I know this is to and the range is one to two one six to eight one one four zero one two four. How I know you can know from here to watch what your network can do to. Okay. And this is also mine mind one is one one four, and we know they’re showing some gateways, one one four, not too too old either. You can check from here to an interface changed after showing and JQ on that globe, this one woman and eight from here, you will find one one fourth.
So, in my guess, this is one one four. Maybe in your case it will be different.
So, you have to use that range again. This side. This side, you can use mine when it’s okay. Now, the question is how to assign this management. And so I can take this to my Lubic.
So, I have created a Lubeck interface here, so let me assign any IP range.
So, let me go to Lubic Interface and Sahota one nine two two one six sixty three Dart. One to this system and will be one nine two one sixty three hundreds of those.
So, this is my management interface range, which I signed to my Lubic interface, you can create Lundbeck interface in your system. If you don’t know, you can use these interfaces, as wella remnant it. And we have the next one to this cloud, right. Click on the cloud. And rather than to use this one, you can use your Wi-Fi, you can use your land, you can use Ramonet one, you can use it. And I have a Bluetooth as well, so you can use the phone as well.
So, but anyway. And Mike is a user interface. Okay. It’s an amazing thing.
So, this site is my friend. This is my land and this is my management, okay? Now the thing is by default for to one is by DCB. And normally we are using one word management. But in my case this time we are using four three for management. And also, we are using Sturdivant, there is no DCP because I just assign IP here to their IP. That one. This is management this week and we will assign three hundred here to right click on this system to console, okay? First thing, first time A there is no password, I have entered the new password, one, two, three in California, one, two, three, not into four digit firewall shows, system interface.
So, you know, it’s going to IP. Maybe it’s been this one.
So, you can go to the. Copy this one and first time it’s just the management by this I.B. and then change for three and typographically and i.p, either you can command this in detail. We have a one lecture by command. What is this command or this or what is sure what is left to do configuration. But anyhow, in this case, I will configure system which system I want to go to interface.
So, now I’m in interface mode which interfaces use for management for three.
So, let me go to a board three time table one and two time three. Now it’s two, four, three, okay, and now I’m in for three. What I want to do with all three.
So, it was basically my idea for this study. This one is DCB, I want to change the more to now I want to alone, said Eloise’s, which I think I want to allow.
So, you know, the management was so hdb hdb want to know. I want to detonate what I ended up being.
So, on this interface, I allowed these management protocol, but I want to apply the asset of the IP addresses, so Diepsloot IP and which IP one to 160 in three hundred and twenty four is the mosque and now type in enemies to share the configuration and come over from the configuration. And so let me check on the insurance system interface in question mark.
So, you see now there is an IP. And the other side, we have decided we did our one, so it’s better to execute being. And let me bring this IP. Yes, you can be my own, I’m and one is the system episiotomies, my eligibility is there, so no need of anything is also come up. Now, the Lubic interface now will do any browser and type there. Diaby, which will be one hundred. Okay, so let me go to Browsr Internet 101, Section three that ended in my guess, you can give any IP. It’s not to be this one. Admin and password reset one, two, three.
So, now I log in to it’s asking you, do you want to change? So, let’s change the name.
So, EFG is the name altogether for the hostname and we’ll come up here. Okay, so that’s the best thing we could come up now. We’ll discuss our latest status and report. Now we want to configure a smartphone to use their peak in excess Internet and we can see their traffic and everything. Let me go to this book in IED to Internet. No. Because there is nothing going figure in between, there is a firewall coming, so it’s not working. This is not reaching way to do the Internet.
So, let’s consider a small things.
So, first of all, I need to go to the network and go to interfaces. I have three interfaces, basically for one in both tooling and poultry management. Okay, so these are we will discuss in detail interfaces after this class.
So, let’s do a fast interface on this one.
So, what an ambitious mirin interface it’s going to be through the A.P., let me give them my name when I get into it, you can assign the role as well if you want. We will discuss indeed in this one anyway. It gives me the just the name and the name so that we understand which interface of this one.
So, I say, well, and let me make them a manual IP and give them 100.
So, it will be easy for us to enemies one one four nine hundred one down under and management is three down under, it doesn’t. We like this one. In my guess, I’m doing this one. We don’t need one a.m. of this interface.
So, let me remove this one. This one, this one just to be low on this remote interface. And okay, so my when interfaces Rudy is here and now it’s coming with the. Now let’s go to board to which is the interface.
So, Paul two is here. Click and if mbn and men will I be so let me assign I’ll be one hundred and twenty four.
So, that means you can drive like this with. It’s up to each one is easy for you. But being divorced from divorce is easy to do it man will learn this one redecide one under.
So, one down under this interface and just being on this interface and. Okay. Now, coming to this interface, just need to give them a name otherwise known as one or three, and we already assign IP through commands.
So, time. MGM, you suppose, energy and time management, so at least we know everything is already there and we are already laughing and deepest in it, and it’s just that she threw Khama and.
So, this was the first state to assign I.D. to the interfaces, forget about interfaces, what is the how do we know what is being what is these things? We will discuss a bit later. First and second degree murder in has definitely everything, and the industry will do in detail again, what is DNA is why we are using what is the advantages. But anyhow, she continues here to and as we near DNS to translate domain name to IP, an IP domain, whatever, they are using their own business, we don’t mean this one.
So, let me change in that. And other DNS is one that one dark one. Okay, we will do this and this one is another business which is faster than the Google one and apply in your case you can use your own isbin.
So, business is done talking. Now we need the road so that the environment traffic can go out to the Internet.
So, let’s go to the where there is a state take it out on the net for.
So, whenever you celebrate anything, it will be green like this one, okay? There is no road to go out being uncreative new. Okay, so what is my next one? One four? We do Internet idea I speak to in my case I IP is one one four two and I show you what is one one four and you want to guess it will be different and it’s always two in your case. Guess what? Only about two. But you have to worry about this subnet and will be changing your case.
So, I click on safety ground. I say anything. Zero zero zero zero zero. Any traffic gateway should be one to one sixty eight one one four two next to this one. Okay, and when interface is selling to deliver, it is not you can do this, why you give them the aliased so that I can understand when interface administered to discuss, we will discuss again and which we call them Ayittey. And this is definitely animal and there is more option, we will discuss priority, but anyhow, just start this one and press, okay? Is.
So, basic interfaces DNS to grow, but still our system is not reachable to the Internet and do something more, and that one is the policy going to be down. There is a policy and object and there is IP for policy and IP for policy by default. There is one policy implicitly to deny everything. That’s why our Internet traffic cannot go outside.
So, let’s create a new policy and whatever name you want to give them suppos. Allow anything. I give them this name, you can get money from where the traffic will come in coming under fire.
So, my incoming interface is limited. I give them the aliased name. This the incoming interface. What is the old interface to win this one? okay, so who will be the source again, we will discuss in detail right now, I will say all the means anything.
So, nine zero zero zero anyone.
So, I say on nation again, we will discuss in detail. You can give us specific destination. And my guess this time I will say that is the end can be an Internet, anything to do and say which time. But I don’t know. I say start time zero and zero anything Saturday or Sunday of the day of the week and anything of the. But you can put a restriction schedule is only this time again I’m going to say always so don’t change this one. Sundresses again. I will say all the services you can and again we will do indeed. And so I say I’ll listen to one source, any destination, any other time. And on services, education is a sin because I want to accept inspection more. We will do in detail right now is named as a and we’re definitely when you are local, someone is going outside, has to be native to this IP.
So, yes, again, we will do it in detail. Okay, and security profile. We will do in detail. Yes. The only thing to the station.
So, logs that we can see the logs in detail. Okay, so choose all station log in our traffic on station. What do you want from land. When is going to generate a log so that we can see just to see it and don’t change anything. And I spoke.
So, we don’t want to see as well. Okay. Now we can check the traffic, it will go if everything is okay.
So, let me get this one so now you can reach to Facebook and let me go to generate a new one, Twitter.
So, now my traffic is going before it was not working from land to and now I can go.
So, what I done, I apply eyepiece to interfaces, then I configure DNS. Then I we got around the entire country, got a policy, and now I think it’s reasonable to do the Internet.
So, this is our basic way to configure for one day how I know that it’s working. First of all, we can see this policy by saying that says YouTube.
So, let me refresh from here knowing so it will show some traffic, by the way, if this one is being hurt so far from here. Okay, so you will see look at three point sixty and traffic is being passed through and out anything I mean, just working second thing from here, I can drink water, baseball. And last time we discussed use a genuine sort of definity my in Lynn Sweet I Lynn.
So, when I click on Lynn, you will see one dark one who is wonderful, this speci. Will determine and if I say if going to be so, this is my busy one dark one is showing you as a source and destination, is this on Facebook dot com? Because I was to top application and they were not showing here when you don’t have a license anyway to stop using issuing another thing for you, everything, they are starting for 40 the means view to reaching source.
So, I want to see the source of my sources on that one and this Mashaba use. This is the station they created in Benwood. They used real results.
So, this will be our destination, Facebook. And because the first time the user unit through DNS traffic to issuing here that again, we will do indeed in another is policies which policy is being hurt.
So, we have only one policy allow anything. Their policy is being used on station anything station which created.
So, to start from because first of all, they will be business. Now there is a Twitter and also Facebook and from beside here, reaching souls, reach your destination, reach from dashboard land traffic on station. And there is a log and report again from here forwarding traffic. You can see also that is there.
So, one third one is the IP address. This time destination is this one. This is the reason and this is the policy has been hit. Okay, so it means that everything is working and you see the traffic is passing through this firewall.
So, let me go to slide if I missed something. Okay, so we changed the management IP by this camera and this time here I tried one one. But in my guess, I don’t want to do one, six, two or three. It can be anything okay with me in we to interfaces and we give them a list that we know this which interfaces. We are working three interfaces. We utilize lan and when and management interface. Okay then reconfigure DNS. We want to network and DNS configure DNS distractedness to use. This time I use one one one. It can be anything then we can if you that a defined road.
So, in this slide I use a dart two because of data time. My network interface was eight but this time I network there is one one four.
So, that’s why I told you you had to drink. You are one and that’s why I didn’t incumbencies really. Eight. Okay then what we’ve done then start to grow. We can then create a policy, allow prophy land in alcohol, anything. Okay, no nature into anything. Allow natural to be and policy. Then we saw the traffic from here bc reconfigure bbc ip like this way here I configure salwan within this newly reconfigured one. Okay, so this the ABC and then we generate some traffic here, our user name. But anyway we use a Facebook so from source we really fire from for forty will destination then on station we Wherify from to Dylan and DMS is one way to verify and from this traffic as well forwarding traffic is really so you can see.
So, this was the smart topology.