I am a B.Com graduate turned Network-Security-Engineer. Being a Spiritually grounded minimalist, I'm on a mission to help 1,00,000 Working professionals achieve next-level Career Growth using my L2-TAC Experience. For this, I have created "Fortigate Firewall Mastery" which has turned Network-Security Engineers into World-class Engineers.
The firewall policy that wasn't working at 44:10 before you changed the firewall mode didn't have an action configured. The rule you created after changing the firewall mode did have an action of permit.
@@maurofadda289 the idea behind connecting devices in such a topology is to emulate an environment of lan users connecting to their gateway which is firewall. In real scenarios, we have MGMT ports which are used to keep the management pane separate from data pane.
Truly amazing and informative lecture Sir. Many things I have learnt from this session which will improve my skills for future endeavours. A Great thanks to you for the support.🙏🙏🙏
Hi Dinesh, yes absolutely. trying to manage time between projects, classes and personal challenges. will try to post something each week. Thanks for checking in. All the best!
Hey man, that was a really awesome video. Well explained, I can tell you have a lot of knowledge and you helped me understand how to create a policy in Fortigate. Thank you!
@@rakshitvidyarthi - Thanks. I tried to manage to bring up Eve ng and fortinet firmwares. However when I click Firewall in Eveng it's coming on and then goes off. Putty - Network error:connection refused. pls help
@@R_F_R_F its the permission command that should fix the issue. please go through the below link and ensure to follow it step by step: www.eve-ng.net/index.php/documentation/howtos/howto-add-fortinet-images/
Hi sir, In this lecture you have configured simple policy in fw and in policy config you have mentioned services as ALL(which allows all tcp udp..etc) . but if BGP routing is configured and what if I want to allow only https service in policy . should I enable both tcp port 179(Bgp) , 443(https)?
You've stated that Target Client is for traffic from outside to lan. When http request is coming from outside(client) to our server, shouldn't the Target be Server??
The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, the anti-replay protocol uses packet sequence numbers to defeat replay attacks as follows: When the source sends a message, it adds a sequence number to its packet; the sequence number starts at 0 and is incremented by 1 for each subsequent packet. The destination maintains a 'sliding window' record of the sequence numbers of validated received packets; it rejects all packets which have a sequence number which is lower than the lowest in the sliding window (i.e. too old) or already appears in the sliding window (i.e. duplicates/replays). Accepted packets, once validated, update the sliding window (displacing the lowest sequence number out of the window if it was already full)
question, can I use the 802.3ad interface as my vlan connection? i have a 100d running with version 5. i know this is an old device but I want to know if I can do this on the latest OS?
Hi, i was tasked with a setup of the following. 4 Vlans where they all have dhcp vlan 1 and vlan 2 should have access between eachother. And vlan 3 and 4 should be stand alone. They are also all suppose to have 100 adresses each. I created 4 vlans on 4 different internal switches and i added a 4 policys on vlan 1 and vlan 2. Since im unsure how the access between 2 vlans is suppose to be so that they can fully access eachother. but not allowing the others in. Now im not sure if this video is the correct one to use for such a setup. also i might as im very new to this kind of stuff. So would be nice to get some help.
If i understand this correctly, let me share what needs to be done on fortigate: reate VLAN interfaces (vlan1, vlan2, vlan3, and vlan4) on the FortiGate. Assign IP addresses to each VLAN interface. Allowed necessary services (like ping, SSH, HTTP) on each VLAN interface. et up DHCP servers for each VLAN interface. Configure a range of 100 IP addresses for each VLAN. reate firewall policies: Allowed traffic from vlan1 to vlan2. Allowed traffic from vlan2 to vlan1. This ensures vlan1 and vlan2 can communicate but vlan3 and vlan4 remain standalone. (if needed): Create NAT policies to allow internet access from each VLAN to the internet (assuming this was required). config system interface edit vlan1 set type vlan set vlanid 1 set interface <your_internal_switch_interface> set ip 192.168.1.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next edit vlan2 set type vlan set vlanid 2 set interface <your_internal_switch_interface> set ip 192.168.2.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next edit vlan3 set type vlan set vlanid 3 set interface <your_internal_switch_interface> set ip 192.168.3.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next edit vlan4 set type vlan set vlanid 4 set interface <your_internal_switch_interface> set ip 192.168.4.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next end config system dhcp server edit 1 set interface vlan1 set default-gateway 192.168.1.1 set netmask 255.255.255.0 set ip-range start 192.168.1.10 end 192.168.1.109 next edit 2 set interface vlan2 set default-gateway 192.168.2.1 set netmask 255.255.255.0 set ip-range start 192.168.2.10 end 192.168.2.109 next edit 3 set interface vlan3 set default-gateway 192.168.3.1 set netmask 255.255.255.0 set ip-range start 192.168.3.10 end 192.168.3.109 next edit 4 set interface vlan4 set default-gateway 192.168.4.1 set netmask 255.255.255.0 set ip-range start 192.168.4.10 end 192.168.4.109 next end config firewall policy edit 1 set name "VLAN1 to VLAN2" set srcintf vlan1 set dstintf vlan2 set srcaddr all set dstaddr all set action accept next edit 2 set name "VLAN2 to VLAN1" set srcintf vlan2 set dstintf vlan1 set srcaddr all set dstaddr all set action accept next end You can always modify the source and destination address as per the real IP address requirements. Treat this as a high level overview of what needs to be executed on Fortigate. Hope this help. All the best!
