49-EVE-NG Lab Setup-Fortigate Firewall Lab Topology

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay so now let's create a fortigate firewall topology and even g where you can do all your practice so let me go to even g so i have many folder why not create a new folder with name topology topologies okay you can give any name you can give 40 topology or whatever an add folder so new folder is been added click on this folder and now click on add new lab so it will be organized you know so now fg topology and click save so now a new uh workspace is open so what you can do first of all go to node and i need 40 gate firewall type 40 get firewall if you have other devices other nodes are fortigate it will show you all so keep in mind this is for to get web i need forty get firewall so i can go up and this is six forty gate firewall this is fortigate firewall i need this one and let me change the name fg so this is fg and firewall is okay i need only one firewall so this is the node and you don't need to change the cpu because there is no license so click save there is only 14 day license which you cannot change uh the uh detail ram etc and cpu so i have 40 gate now i need two switches go to nodes again it's up to you but it's better to use ioly you can use bridge as well but switches is better because later on we can create sub interfaces lab as well and change the name to switch okay and change this icon to switch okay and let's go to this is switches so i take two switches and save so this is switch 2 and this is switch 3 okay so keep them like this it's better to change this one to switch one why they give me a switch three so you can chain is switch one okay so let me exchange this is my inside and this is my dmz so i take two switches now i need one cloud to connect outside and also for management so what you can do go to network and here i told you about these interfaces management cloud 1 cloud 2 management means your first interface of your evng so this is the first interface which is net and how you can find the net one so you can go to virtual network adapter and you can find the range from here on the net you will get internet as well and also you can use them for management as well so this is the range and also you can find the gateway which is 114.2 so this the best one so i say management cloud i told you bridge is just a switch so this is management so you can type internet it's okay give them internet so in your topology it play the role of internet and also provide you management so connect this to port number one keep in mind by default dhcp is enabled on port number one so this is my internet now connect the second interface to switch one so second interface is my inside and connect the third interface to your port number three which is basically dmz okay so let me start this one and let me start this one and let's start this one so this is my internet this one my inside now for inside what you can do if you are using community edition so you can use linux and you can use linux tinycore so i can take three system and change the name to pc and you can change the icon to client and let's give them a client like this one and save so this will require less ram and less cpu you can use these and also browser is available there if you are using professional edition so you can use dockers go to dockers and choose from here gui server and just give them a pc one suppose and i need only one sorry node dockers and click here server and type pc one okay and change this to client and let me type c and go to client and this time incline i will use this one so the desktop is changed a bit so that you know so this one is here okay and what i can do i can take another one as well so let's go to docker if you are using professional keep in mind and go to gui server and here you can type pc2 and change this to client click on c and you can go down and you can choose the icon which you want so this is my two system here and three system here okay so what i can do i can change one thing more i can enable dhcp if you want to enable dhcp or dmz so it will get ip automatically in the case of dockers okay and the case of this this one so no need okay and just connect this one to here okay and this one to here and this one to this switch and these two let me connect them to this switch and let's connect this one to this switch so this is the first you can do uh almost 50 percent lab using this topology like nse4 if you want to do so let me change this style i want something else like a flow chart or maybe this one and let's change this one as well normally you see this type topology people are giving on their length and their so basically they are using this method to do okay and let me connect them like here and these one in the case of this one so let me make them flow char and let's change this one to flowchart as well okay so this will be like this and select all and you can start selected and you can select this like this way and start selected okay so this is our topology now this internet is i need to type the ip ranges go to text and here you can type 192 168 i will use this subnet for my inside so you can make them bold and this is your inside subnet suppose put them like this duplicate and this side subnet as we already know we need to type their subnet only which is 114 i told you from where you can find for the dmz you can use two subnet it's up to you but this the easy way to do it so my dmz is two inside is one and this is one one four which is i need to choose now what else you need what will be these interfaces ip it's up to you duplicate and you can use suppose hundred normally i use this one and my lips hundred you can use 254 whatever you want so 100.1 will be the subnet mask sorry the ip address of this interface of this firewall and 100 will be on this side as well and you can duplicate and you can use 100 this side as well means 2.100 100 and this one okay it's up to you if you want the last type normally the first but first is use so you can use 254 as well so let me change them to 254 it's not compulsory but is dot 254 and let me change this one to dot 254 let's take this one so these are the ip addresses so you need to type like this so it will be easy for you these will get ip automatically from here dhcp we will enable a dcp and this port and dcp on this port so they will get so when you do dhcp labs so you can do it like this way so these are my uh topology now how i will get this management because this is net and net is installed in my system so i'm reachable to this firewall from my browser you get my point normally student get issue in this one so don't worry this is your internet as well and also your management as well next thing they don't know what will be the gateway ip so let me type the gateway so gateway is 2 i show you many time it is 2 if you are net a range is something else that 2 will be your gateway so i type the gateway now can i access directly this firewall no first i need to change something so let's go to firewall by default username is admin and there is no password just enter tab new password in my case one two three one 2 3 and show system interface question mark so it will show you the ip i will change this ip because we want 254 but anyway when i take graphic gui so i can change so let's get this ip173 if i type this ip can i get management no what happened because if i go to config system interface is the command and which interface is this one port one edit port one and if i go to that one and type show command what happened a new firewall what are they done they remove http and https you cannot use them if i type https so it's not coming the site cannot be provide secure connection because we don't have a license so they remove http that's the first issue which you can face so because this is unlicensed device we are using so you need to enable http for your lab purpose and you don't need to remember any command just type the same command here copy and paste and just add http that's it and end and now this ip the one which i type in my browser when you click sorry http now and enter now it will come so that's the first issue which you can face i'll show you an admin password i set one two three and now you will access this fortigate firewall first it will show you change your host name so let's change it begin and i want to give them name fortigate and i want to use this dashboard okay and i don't need this so okay and now you can see fortigate firewall is here now you can go to network go to interfaces and that's the first interface which is basically when so either internet it's up to you which thing you need to give them so i give them when but i want to make them manual and i decide the last ip to use 254 so just change the ip 254 and allowed ping http ssh https all these things because this is our management as well and click ok it give you a warning it's okay and now it will not show you so you need to change the ip again here 254 to come up okay and if we go to http and enter so it has to come now because we change the ip and also you can verify from here if we type show system interface question mark so now the ips change because we change from browser so it will take a bit of time and now when you click again so it will come up http and now admin password is one two three so that's what we decide to change the ip you can change from the cli but it's easy to do it from here second what we need this interface has to be 1.254 so let's go to port 2 how you can go you can go to network interfaces and click on port 2 and here you can type lane and type the ip address 254 that's what we desire 1.250 and allow ping so that we can ping this one and click ok third the dmz so dmz is this 2.254 so go to port number third and type dmz and here you can type 254 and change this to two because we decide this one and click ok and done so now we have three zone dmz lane and when okay and we assign the ip addresses next we need a default route so all the traffic can go out so you can go to change the dns under this one and let's specify dns 8.8.8 and apply an okay and next one we will use for the fortigate one go to static route and click create route here we say that everything coming to you forward to this one two that's the next stop i told you where is this one so i say this in the gateway is this one and the interface is when this is when interface and this is our next hop and this is administrative distance and click ok so we configure dns and we configure static route now we need one uh firewall policy because by default everything is denied so it's implicit deny everything so what you can do create create new and give them allow all an incoming interface is from lane when the traffic is coming from lane okay and going to when source is anything anybody is coming and they're going anywhere and they're going for any services okay enable net because they will not go outside until they need them on this ip114 254 and if you want to enable security profile but it's better a la all section session so they can capture all the session and the policy has to be enabled and click ok so we enable this policy and if your dmc want to access internet so you can do the same thing here allow dmz to win this is my policy name this time i say dmz going to win sources from dmz anything destination is anything services is anything enable net because they want to go out all session and okay okay if you want to allow dmz to inside so you can create a third policy as well allow dmz to lane but this time you said dmz going to lane sources you can type the source because now we know the source the source is 192.168.2.0 so you can create but in this case i say all and destination you can create another destination 192.168.1.0 but i say all you don't need to do like this but this just to show you in this case we do need that because they are doing communication inside so uncheck net all session and click ok okay and let's click ok another policy from learn to dmz so you can do that one as well you can say allow land lend to dmz you can create a such policy so lane going to dmz sources again you need to put so the source you can say all but you can create as well like address address group okay like address suppose i say lane subnet so 192 168 1.0 and this is slash 24 just type like this and you can type 192 168 1.0 and slash 24 and this should come from lane so you can create like this as well which is more specific okay and they are going to destination so in destination because dmz we already know so you can type dmz and 192 168 2.0 and slash 24 just we know that what we are using and 192 168 2.0 24 and you can type this is ntmc and ok ok so now it's going to dmz and services again for which services you so you can choose any services in this case i say all no need of net again because it's inside and all session and okay so we create three policies okay dmz to lan dmz to win land to dmz and learn to win so this is our topology which you can create now you can style them as well if you want which i will show you so policy is there now we don't have ips you can assign ip address statically either you can enable dhcp go to interfaces so we need to enable dhcp and dmz and dhcp on lan so what you can do go to lan and go down you can enable dhcp server so the 1 to 253 because last ipv we are using okay so they get the range automatically same as interface ip dns will be the same and that's it and dhcp is enabled so easier and go to dmz as well and go to dhcp service ranges from 1 to 253 okay and that's it and click ok now if i go to pc4 so i will get ip automatically if it is not so what i can do go to network and make them dhcp apply and exit and exit from here and let's check it's get the ip or not automatically so yes is get 1.3 and i hope so i will reach to internet as well because everything is ready so if i type here so i can go to internet and i can see the traffic if i go to logs and report forwarding traffic so after a while because it's a virtual environment so after a while you will see yes come up so 1.3 which is this system is going to this one and allowed all rule is using because we create one rule by allowed all from length to when basically so i can change this one to allow lane to win traffic so i can change the policy name so you will see the traffic now if i go to pc1 on dmz so i hope so it will also get ip from two range so go to application and go to system tool and here you can type ifconfig it's better to type if config ethernet switch get 2.1 ips correct and if i ping a dot 8.8 it has to work and if i go to any browser and go to any website so my traffic will work okay so if you follow this way so it will be so easy for you if i go to mozilla so it's going there and let's go to twitter.com okay so yes it's working and if i go to traffic go to logs and report forwarding traffic so now you can see it's showing allow dmz to win and here and also if from dmz pc if i ping the inside this is inside which is i i think so the ip was uh let me check what was the ip address it is 1.3 so i can ping 1.3 as well from dmz because we create one rule so if i go to terminal and ping 192 168 1.3 so yes i can ping that one and what is the ip address up here ethernet 0 2.1 because this is a web server as well so if i go to pc1 sorry pc4 which is here pc4 so i can get website as well 192 168 2.1 you see ubuntu is open so from here i try to access this one is working and from here i ping this one to working from here i go out where working it was netted on this ip and also from here i go out to it working so we test everything and it's properly working okay and you can see the traffic here as well look at this all the traffic the logs and if you need more traffic you can go to dashboard you can see the status you can see the security you can see the network here you will see all the routing so we have only one route and you can see and you can see a source so these are the source 2.1 1.2 and 1.3 if you need the destination vx is 88 and so many others so it will show you an application i don't think so because they don't have website it will show you the policy which we use so we use two policy dmz to win and land to this one and also it will show you all the session this is the good session we use dns and so many other traffic so this the way how you can create a simple topology so we the net you can use for netting as well static net and other net which we discuss in the course and also you can do a lot of other stuff and later on just change the topology and as per your design like for vpn you need to change for ha you need to create a new topology but you get the idea how to use even how to create a topology here in this one
Info
Channel: AA NetSec
Views: 3,984
Rating: undefined out of 5
Keywords:
Id: 4XP6yhAVk30
Channel Id: undefined
Length: 25min 9sec (1509 seconds)
Published: Thu Dec 09 2021
Related Videos
New Year Gift EVE-NG Training Course FREE
AA NetSec
1.2K
Configure Site-To-Site VPN on FortiGate Firewall | Step by Step
Net Config
134
Install EVE Community Edition V5 | ISO Format | On VMware Workstation
AA NetSec
10K
THE ULTIMATE PORTABLE DESKTOP GAMING PC SETUP 🔥🔥🔥
Jammy Munky
460
How to Install EVE NG + Images | IOS XR | IOS XE | IOL | JUNIPER | vIOS | LINUX NETEM
VeruRedes
8K
Fortinet Certified Associate in Cybersecurity | Free Exam & Training
AA NetSec
2.7K
Linux on Windows......Windows on Linux
NetworkChuck
91K
How to Configure Load Balance on FortiGate Firewall? (Step by Step Guide)
SILAS INFOTECH
10K
How to Configure IPsec Site-to-Site VPN on FortiGate Firewall?(Aggressive Mode)
SILAS INFOTECH
180
How To Setup Cisco SD-WAN in EVE-NG (In Hindi) | SDWAN 2023 | Network Geeks
Network Geeks
3.9K
NSE7 | Fortinet Certified Solution Specialist | Exam & Training
AA NetSec
454
OSPF configuration on Fortigate Firewall and Cisco
Aloui Hosni
107
CN Lab 05 Task
Iqbal Khan
41
FortiGate VM: Getting Started Guide
Safe Zone Strategies
1
Install EVE NG Community Edition V5 | ISO Format | Urdu
AA NetSec
374
NSE4 NSE5 | Fortinet Certified Professional Network Security | Exam & Training
AA NetSec
1.1K
A Closer Look at the Proxinator: Combining Virtualization and Storage with Proxmox and Ceph
45Drives
14K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.