1. FortiManager SD-WAN Demo - Adding FortiGates to FortiManager

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone up there my name is Deb McAdams I'm a foreign instructor here in Tempe Arizona for dynamic worldwide and I have another series for you guys so I have a couple of objectives that I want to do for several requests from the people who have taken my class and one of the big ones is how do we implement the SD WAM using afford a manager now I have videos in the playlist on this channel that shows you how to set up the SD wins but only from the perspective of the four de gates itself well what if we want to push down SD win using our you know central management r42 manager up here okay so I said okay I'll do it and I'm trying to get this done before I have to take off teaching for a week but I thought you know what I'll give it a shot so I'll probably finish this hopefully sometime in the next few days anyways I'm just I'm just pushing it to the edge here but that's okay so for this video though it's gonna be very simple all right so our goal is to eventually get our headquarters FortiGate over here in Arizona right to push down an SD win to our managed for de gates out here on our branch offices okay so we have somewhere in Miami somewhere in Dallas somewhere in New York these are licensed for de gates because I didn't want to run into the issue of us getting out of policies and things like that all right and the Swain cloud right here is just that pfsense box that has a whole bunch of interfaces and that's gonna be our make-believe Internet so and in these ten to hundreds are gonna be our public IP addresses okay and this is the real Internet this is the real Internet this thing right here is just an added interface out to the real Internet so this is why I wanted to use make-believe public IP addresses okay so these forty gates are actually provisioned just enough to receive a discovery from the Florida manager alright so they literally have just IP addresses on them and also F GMG access on a public IP address okay and because I want to make sure that these devices can make it back to the Florida manager I did give a public IP to the foreign manager also coming up here in a few videos I'm gonna show how to do some SD way in statistics with the 4t analyzer alright and how to dump them there and I know that I have a Bob one of my favorite participants from my class in the past asked me to play around with some clients eyes aside VPN options using like things other than for decline right like any connect from forum Cisco that's gonna be way down the down the road here but also I want to show you how to do it through the native windows device so on and so forth alright so I'm gonna be using this topology here for a while okay anyways so I do have things to do so I'm only gonna get one video done tonight so but we are going to just bring these devices into our central management platform and then the in the next video I'm gonna go ahead and push down the sd1 settings alright so let's go onto our manage my PC here alright there we go and I'm gonna log into the for two managers IP address alright so for the manager there we are okay do-do do-do and nothing so far it's being managed so no worries okay as you can tell here if we go to our device manager there's just not gonna be anything there because we have not added any devices into our afford a manager all right so there's two ways that we can do this one is a discovery and that's when we go out here with an IP address and the admin credentials right it's just the 40 gates out there out to have something like ddns or a public static IP address for us to find it okay but in headquarters we're actually attached to it locally so I'm actually going to use the FortiGate to show you the second method and that is the request method and that's when we go into the 48 and we request access from the FortiGate to the 40 manager and then we authorize it okay and that's literally just our goal for for right now so are you guys ready so let's go and let's discover our first device so I'm gonna go to add device I'm gonna put in the public IP address of our Dallas branch and then the admin account of that branch it's gonna go out there to the interwebs and it should discover it so once it discovers it it will prompt us if that's the right device look at that probe failed Network you know what I forgot to do guys I'm I'm the coolest cat in town do you guys know that you want to know why yeah I forgot the uh I'm pretty sure I forgot the default gateway yeah I did forget the default gateway I am I am awesome so anyway it's a good thing I recognized that error all right so uh ten dot 200 dots 1.25 four and we're gonna pass that off off of port one all right there we go not a big deal okay I guess I could have just put it in right there I'm used to having those two interfaces flipped let's try that again all right let's go back to our I suck at these guys I'm sorry all right here we go so add device all right we're gonna put in 10 200 3.1 once again try to make all that magic happen and hopefully you'll find it this time and it did okay and it was able to do this by the way and let me just interject real quick because if we look at the for the manager and I our the FortiGate on the Dallas side config system interface and edit port 1 you're gonna see this right here that's publicly facing now normally these want to be there but it's a lab environment all right but as long as this is here on a public IP address and also show you gotta at least have the default gateway so it's at if I satisfies reverse path forwarding check okay guys so other than that that's really all you need to provision of for de gates out there in the real world just ship it with a public IP address or some kind of dynamic DNS and some kind of route to tell that hey the internet lives beyond this interface and you should be able to join it to the Florida manager which is which is pretty slick so but here we go alright we'll hit next and it's bringing in the dallas/fort a gate for management ok so but let's go over to our headquarters for the gate that we're locally attached to so here we go and let's login to that bad boy real quick and let's request access all right by the way I'm running 6 to 3 just because I have not played around the latest and greatest I'm on six to zero for my course materials so I might find some neat new things too so but starting with 6 2 though to join it to Central Management we're actually going to use the security fabric settings so let's go to security fabrics let's go to our settings I'm going and there should be a button there that says Central Management all right so let's go ahead I don't know why it's selected still but let's go to 40 clout our for do you manager all right and we'll do 10 dot 0 dot one two four one okay and we'll hit apply and we need to go now and we're in and request that access so a couple of things all right just to make sure that everything is gonna work all right we better go to our network and we better go to our interfaces and port five is actually where it's attached to the Florida manager side of things and let's make sure that that for the manager access is turned on because that way it allows that Schmitz protocol to talk to the Florida manager so and we better do that too on the floor manager side also all right now that it's done doing this we'll say import later because there's really nothing on that Dallas box all right and yeah I mean I'm not seeing anything pending here too so let's do that real quick I'm like I better make sure my my protocol axis is turned on so let's go to Network right let's go to all interfaces routing tables looks like a GUI air there let it refresh well that's different come on buddy all right so here we go what's added device and that's the thing to you guys I never edit out these videos just because someone else might learn something from it so even though there's probably a good chance that I just have one of my licensing going on in one of my other labs that I don't remember turning off but here we are bringing in the DC I'm not the DC the New York one all right just like before and this is now gonna say invalid just watch and I'll have to fix that later not a big deal okay perfect we'll see imports uh later all right and let's go ahead and get our Miami one so we'll say add device we'll do the public IP address of the Miami office so 7.1 and our super-secret credentials so hope I type that in right yeah that that headquarters 40 it's just freaking out on me sorry about that guys here we go Miami hit next let's do this thing all right yeah that's so weird I have no clue all right there little headquarters what's going on maybe I'll stop it you should never really do that in real life but I'm doing it now there we go all right perfect so there's Miami so we'll say import later cuz there's really nothing there right so and if you guys took my my 40 manager class you know that there's two databases one is a universal database for all the a Dom objects things like policy packages and address objects right and the other side of the individual device database files okay by the way I just realized that Miami's not even up-to-date with the latest firmware version so I don't know what's up with that but it's still six two so that shouldn't be a big problem I don't know if it will let me but I'm gonna go ahead and try to authorize this bad boy all right so I doubt it's gonna go ahead and find it though unfortunately I don't know what's going on with the licensing so config sis interface let's edit port five let's do a show and yeah border management is on there we'll see what it does so but I'm pretty sure if there is licensing problems right the FortiGate is not gonna like it so which isn't a big deal meaning I can just uh troubleshoot that off-camera so but yeah that's kind of weird I'm not gonna lie now let's own stole my licensing who out there stole my license all right let's take a look here remind me later uh-oh it's coming through usually if there's an invalid license error it will it will literally just sit here and hang so but that's still yeah see it's fine I don't know what's going on there guys so let's just try that again I guess let's go to uh let's go to security fabric let's go to settings just like any other instructor this has never happened before I have no idea what's going on here all right so not managed okay that is fine you know what I'm gonna try the public IP address just for giggles because I wonder if I don't have that interface stuff turned on now I got a I got a fmg access there okay well let's take a look here let's go to for the manager let's log back in and let's see if it didn't successfully authorize all right zero one two four one man I'm halftime to just to like trash this video and not upload it anyway here we go let's take a look though let's see what's going on so it found the request all right HQ authorized and if it gets past five percent then yeah okay so I think I know what what's going on so I'm gonna let that build the database because that's exactly what it's what it's doing here it's building the device database in all of us settings if I go to my device manager and I go to my system settings okay as you can tell they all came through and that the goal of this first video right was to get all of them managed to at least this point okay but if I go to my system settings all right and I go to my network okay and I go to my all interfaces okay we have HTTP SSH Web Services then I'll pour one we have HTTP SSH that's fine but if we open up these bad boys also make sure that you have for two updates and also the web filtering all right now this binds IP address right that is crazy I've never seen that before so I wonder if that's something new to allow them to talk to certain interface yeah that's crazy okay yeah I'll turn that off right now well we'll cross that road again cuz honestly our whole point here right guys is just to make sure that the what she call it's that we gotta level all of our devices in so in the next video though we're actually gonna do the import policy packages okay then after that's we're also gonna look at the Sdn settings and you know what that's something I could actually show right here if because we're in system settings all right but I'll reiterate this to see the sd1 settings on the florida manager you have to come into the a Dom all a Tom's and you have to make sure right that SD when is checked okay I'll even do the VPN one just in case I want to do it down the road so and then I'll hit OK and now it will build the objects needed to supply those settings so now if I go to my device manager we'll have an SD win template over here that we can create okay and then from there we'll go ahead and we'll push out SD win settings so alright guys I know that was kind of trashy sorry about that I have no idea what am I my FortiGate sard Wiggin out on me but we got all four of them in and that was the goal and I'm just gonna leave it at that so alright guys so next video like I said we'll start deploying the SD win from the Florida manager okay take care
Info
Channel: Devin Adams
Views: 5,050
Rating: 5 out of 5
Keywords: SD-WAN, FortiManager 6.2, FortiGate, FortiManager, FortiOS 6.2, Demo
Id: w2-ssui8JPM
Channel Id: undefined
Length: 17min 48sec (1068 seconds)
Published: Sat Jan 25 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.