Fortigate Demo from Fortigate TAC

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

see the screen i'll start off okay so hello everyone uh today we have all uh joined in for a session on the fortigate firewall right um okay so before we start with the forticate firewall um you know there are a couple of questions uh always that you know what exactly it will be all about uh what is the course duration what it will con include and um how will i learn all these things so uh just to give you a one line answer um we have um you know planned this course in a way that if you start off uh you know doing the labs one by one you would be able to understand each and every topic on the firewall and it will basically make sure that once you start off it would be easy for you to understand with uh the basic configurations and what exactly the firewall is and why what is the difference between a firewall and there are other devices that we have what is the security device and you know all these things so we will start from the basics just to ensure that everyone is on the same place and then slowly and gradually we will talk about you know a lot of uh security parameters and uh infrastructure and environment and basically everything that a firewall should have and as a firewall administrator you should also know okay so we will be covering up all those things now let me go ahead and share my presentation with you guys so give me one minute all right okay so i hope you guys are able to see the screen yes everybody can maybe put it in the chat window everyone can see the screen yeah okay good just be little loud and your voice is a little slow oh is it so is it any better now yeah okay all right okay guys so we are going to talk about today fortigate firewall which is a market leader it's one of the market leaders now why why should anybody be interested or why should anybody be um believing the fact that 48 is a market leader right so what we are going to do is we will be taking you with facts and figures and um then we will start off that why we need to go through the putting it right okay uh all right so first of all before even we go ahead you know and dwell into the concept of um photigate and firewall and everything uh what i'm going to do is i'm just going to unmute you guys okay and uh let's have this as a interaction between uh what exactly you know things is all about okay so let's let this be an interactive session and um i'll take the questions so uh let's keep the questions for the end of the session but uh i'll be asking you questions in the middle of the session so i hope and i want you guys to interact as much as possible so okay so i'm allowing you to unmute yourself as of now okay now moving ahead the first thing that we always look for is that whenever we are talking about a firewall right i mean there is a lot of concepts and everything you know okay firewall can do this and that and everything but let's just start from the basics let's just start with the gap you know with the letter a okay firewall versus router i mean router is also a networking device firewall is also a networking device but what do you think is that a firewall can do and a router cannot what do you guys think i mean just asking you guys from your own experience maybe you have worked on any firewalls and what do you think um is the difference between the firewall and the router what do you guys think that is all about the i mean the router don't have the connection table it is already differentiating that right that's the that's i would say the basic or the i would say the one of the most important uh differentiation between a router and a firewall that it's the connection table right okay all right some security list router is a security list right right security is also i mean uh you can also apply some security at the router level as well but it has a basic level but now very good layer 7 inspection and there is a stateless and stateful concept so it is a router is stateless right correct okay so i think you guys quite have a good understanding of what exactly is our firewall in the router so basically the reason why i'm asking this question is also because a lot of times so there was a one of my student was attending a uh an interview in bt okay and uh he was having experience of around five years and he has worked on um firewalls for two years and three years was basically a networking background so he was asked um what do you think um is the difference between the router and the panel so you was also about you know we have the session table and uh you know it's a security and all that stuff so what i'm trying to say is that a lot of time uh different different companies also start off with this just to just to know that is the candidate um you know has just crammed up uh the definitions and you know he he knows just theoretical or he does he also knows practical information right when it comes to the devices does he have practical knowledge or is it like a theoretical knowledge right so that is what the concept was behind asking this question and we are going to take this course in a very very very practical way that whatever the whatever the labs are you will be doing those labs and you will be able to understand the concepts of that okay all right now uh for people who are not having any experience whatsoever or let's say they are basically freshers or maybe you know initial uh one or two years of experience doesn't know much about the routers and the firewalls for those guys let me go ahead and just repeat this so whenever we are talking about a router okay we are always um you know looking for a router as a routing device maybe making sure that it has the right information right no routing information right routes so that if in case i need to basic access any resources doesn't matter if it is private or public i would be able to access them uh if the router has the routing information right or routing table basically so if you can let me know what is the first thing a router checks let's say for example i have an ip 10.1.1.1 okay and i need to access google.com what is the first thing the router is going to look for so routing towards the destination is it available or not yes gateway the router is going to look for the gateway or the source ip this source happy towards the gate with it right okay so router is going to as one of you said that it's going to check the route as well so can i say that this would be considered as a route lookup yeah anything is basically a route lookup right i need to first of all find out that whether i have a way to find to get to that particular destination so if i'm if my destination is google okay do i have any route do i have any part that i can use to go through that um and you know get to the destination that we have doesn't matter if it's a static route doesn't matter if it is a dynamic route what matters is i need to have a route right so i can consider that to be around lookup yes anything else apart from this or what is the next um action plan when it comes to the road lookup so i'm done uh i'm looking at the route i got the route what is the next action plan so what is the router looks like in the policy is there any route map or some any any any excesses configures to towards the destination so can so what is the right terminology when it comes to the router is it policy or is it acl um okay as an interface you're talking about or the acl that you're talking about uh normal normal policy on a alto alto all okay all right so acl is basically what access control is what does it do what does an acl do it allow and deny that whatever we have applied on the interface by default that that will delay all the connections by default by default okay based on the source and description yeah absolutely right so in a way we are we are saying is that uh the e-cell is basically helpful in determining what is allowed and what is not right yes even at the bottom level yeah level absolutely uh but can you just uh just the ta can't talk can't understand very well too many people talking uh you want me to repeat something yes can you say them from you say the information is not the people because i can't understand from them a table okay see uh what we are discussing is that uh whenever there is a traffic which basically reaches your router okay there are certain things which a router looks for their certain views which the router does before it sends the traffic off right so the first thing is basically a route lookup route lookup basically means that um i'm going to look into the routing table okay and i'm going to find out whether i have a particular route to the destination now my destination is google.com okay so do i have a route do i have any path to get to this destination if yes then the second place the second uh action plan is to look for the acl that does that does uh does then does my acl or does my access control list allow me to you know um uh allow the traffic or is denying the traffic right that is the job of a router as well now when i'm talking about acl when i'm talking about route lookup a firewall also does that no no problems at all fireball also does that uh it also looks for the route hookup and also look for policies and the acls yeah in place but um there's one difference when it comes to the router and the firewall most of you guys have already said that but for the people who are freshers and you know not much aware of the firewalls in the router for them see what happens is if this is the source ip this guy needs to get to the destination of 16400.1.1 which is my google.com okay the router is going to check the acl okay acl says you are allowed okay let's say we have an acl which says anything which is coming with the ip or which is coming from 10.1.1.0 24 if the destination is 0 0 okay which is basically any you are allowed okay so anything from this particular source ip would be allowed all right now what is going to happen is that if i'm trying to access google if i'm trying to access facebook instagram whatever it doesn't matter for me because the over here this is default now default basically means that anything is allowed for me right so i would be able to access the google.com because i have a outlook i check that i have a route i have an ac in place all right so what will happen okay now one more thing let me ask you this let's say route lookup done all right acl done i'm allowed as well what is the next section what do you think the router is going to do next it's not going to do anything it's it's i mean it's job is done it is going to allow the traffic that is it okay now we also know that since the source ip and a destination is google.com so google.com always works on 443 right what now if it is four four three should we expect a three three-way hand check or should should be not in the router yes no i mean not in the router but the client machine should the client machine initiate a three-way handshake or should it not definitely yes yes so it will be a syn packet right now let's say for example i'm using 51 365 let's say it's a source port okay destination 443 acl says allowed okay now tell me one thing if there is a sin act coming back but would this traffic be allowed or is going to be denied it's going to be denied why no acl right so the problem is that acl is unidirectional unidirectional absolutely right okay so even if i have to ensure that the google account.com is accessible for this particular guy i would have to make not just one acl i have to make two aces right one would be for the in and one would be for out am i right so in and out there will be two acls for us right now tell me one thing this is the same traffic i mean it's not not two different individual traffics right it's the same traffic the same communication right you can consider this as a same communication now logic says that if if it is the same communication right guys mute yourself so if it is the same communication right there should be a better way to ensure that i would be able to you know use just one policy and make sure that i'm able to access that particular resource right so one of the ways uh you know a firewall is different from a router is that rather than creating two acls for the same communication or for the same traffic i would have just one policy okay and that one policy would be able to allow the traffic from inside to outside as well as from the outside to inside now how does the firewall is able to do this see the firewall is able to do this by the help of something which we have already been which we have already discussed a little it's called as a connection table right now that's the that's the one of the major or the uh you know very very important criteria which is um which differentiates a firewall from the router is the firewall table or a connection table or a session table all right there are different names which has been given but basically the work is the same so you can call it as a session table as well you can call it as although it is not being said much but a couple of books do say this so firewall table firewall uh sorry session table connection table this basically means just one thing what see a session table is source ip destination ip source port destination port and then we have something which is called as the session id okay and we have also something which is called as time or as a time stamp okay now this all information consist or they are collectively called as the session table okay now times time let's say for example what is the time right now okay so let's say this is 2 18 p.m right source ip is 10.1.1.1 destination ip is 164 100 that's 1.1 okay source port 51365 destination port 443 and session id let's say for example let's just give this at the rate one seven five okay it's a it's a basically an alpha numerical number which is um um in the session table of the forward okay now this basically ensures that whenever there is a traffic coming back for in our case a snack right the firewall is going to check this table okay and it's going to look for this information and and the firewall will see that okay uh the source is 10.1 destination is 1.1 uh this is the port this is the destination and i'm getting a reply uh as a synap and it has the same information the the port is 443 and um the these the other port is also 51365 which is matching the entry in the session table so looks like this is a reply traffic i'm going to allow this traffic on the same policy okay i do not have to create another policy i'm going to use the same policy and i'm going to allow that okay so this is how a firewall is different from a router okay router it's checks the acl and then forgets about the traffic it doesn't matter it doesn't bother but then the firewall or the yes are we excuse me yeah sorry so instead of like normal acl on the router we can create like zone based firewall or zone based policy we can enable so might be it will be maintain the system table on the router correct so you're saying that if you create a zone on the firewall yeah like a modular policy class map and all the things or zone base no see again if a router is able to manage a session then it doesn't it is not a router anymore then right so a router has certain capabilities and limitations right if it is able to do that then it is not a router anymore for example let's say we all know whenever we are talking about a switch right our understanding is a switch is always a little device right but we also have a device now which is called as a layer 3 device or layer 3 switch for that matter now lay three switch also does some for certain functionalities which is also which a router can also do but you cannot really replace uh lay three switch with the router do you know why because a laser switch cannot handle dynamic routing okay but a router can if a lathery switch let's say for example in a couple of years if a layer 3 switch is also able to handle dynamic routing then you do not really need a router in this because it has surpassed its limitation and it is now um becoming a device which can also um you know use which can also use certain functionalities which was only and only uh applicable to a router right so a layer 3 switch if it is able to do a dynamic routing as well then you really do not need a router same concept applies over here as well that if your router is able to create and manage session tables and if it is able to uh use the same policies and uh you know look for the information and just allow the traffic on the basis of that then the router has surpassed its own limitations and basically working on the firewall right so again there are certain limitations when it comes to the router and that is the limitation okay router is good okay so i'm totally agree with your definition but uh as you just mentioned that if under the layer three switch cannot perform the dynamic routing i have a doubt on this but i think they can uh perform the down uh dynamic routing as well but the major difference between a layer three switch and router would be on the physical level wherein the router provides a different types of ports where then we can connect the van connections and whereas the layer 3 switch would not give us that possibility [Music] so that is the basic i believe the difference between a3 switch and a router see i mean um if you go for a google search i mean right and just look for the differences between um a la three switch and a router right you might get maybe 15 20 or maybe more than that the idea over here is not that uh this is also there and that is also there the idea is that every device has a certain restrictions and limitations all right and there is a there is a certain place where every device is required right for example um if i have to connect let's say 20 devices right i do not need a router i need a switch right if i need to um you know have different connections between different networks i need a router over there right um there are certain you know um i would say star sign that a router can also do that job a later switch can also do that job and a firewall can also do that for example a startup if a company is just a startup maybe just 10 people or 15 people you do not need anything you just need a small level firewall it will do basically a job of your switch your router and a firewall right so again situations and on what exactly the you know the situation is or the network diagram is or the company's growth is that depends a lot on the network that you are basically working with right so again every device has its own limitations and uh place where it basically functions better okay your your answers are absolutely right but what i'm trying to say over here is that it's just the matter of uh you know a little bit um beneficial over the other device right because as i said router um good a great product when it comes to you know routing protocols it it is a great product when it comes to you know connect connecting different networks right with dynamic routing protocols it's absolutely brilliant right but when it comes to inspection let's say for example if i need to apply some security inspections to it a router basically you cannot do that job right for security inspections of my application controller maybe ips or maybe av anti-virus i need a different device for that right that is what basically we are talking about over here that what exactly is the difference between a firewall or router so this is what we discussed okay so uh it also says that every firewall is just to you know give you a one liner so every firewall is a router but not every router is available right so absolutely right that every firewall is a router because every firewall is able to manage um routing can do static routes can do dynamic routing as well right so whatever a firewall sorry or whatever router can do a firewall can also do that plus some additional benefits to that okay all right now let's uh first of all um this is just the difference between what exactly this uh firewall and the router is now let's talk about why 48 i mean there's there are so many firewalls out there right we have palo alto we have checkpoint uh we have uh source wire we have um cyber rome we have sonic wall then why do we need fortigate i mean it's just one vendor out there right so let's talk about why do we need for together uh for now okay and couple of years uh maybe two years three years um let's 2018-19 there was a huge uh spike in the requirement in the demand of the fortigate firewall let's talk about that for for some moment so for a gate easy to implement and lean stand stepping stone into the security demand yes so this is this is this i added off um in the in the line over here the reason is that um see let's say for example i always talk about from my own experience i have around 12 years of experience in the field so um when i was you know into this uh starting off uh with the networking and i you know started learning ccna and then i started learning ccnp i went till cci and i i did the examination for that as well so while i was doing that ccnp till ccnp it's all about routing switching bgp protocols and all the kind of you know information or your knowledge is mostly on on the network on the routers on the switches and all those stuff right but when you surpass that okay and then you go into ccnp security then basically you're talking about security right see uh asa you're talking about asa firewalls so a stepping stone into security domain is why because fortigate firewall basically uh makes it a little bit easier to understand the concepts of the security firewalls and it becomes easy to handle the firewall as well because um if you have worked upon you know let's say apollo or a checkpoint um you'll you'll notice that it is there's a lot of features and there's a lot of things on the same page okay uh which is not a really a bad thing i'm not saying that what i'm trying to say is that when it comes to implementation uh this is much crisp and clear okay that is what i mean you have all the options and everything there but then my point is it is a little crisp and clear it becomes easy for a refresher or maybe a guy who is new in the security field to get a concept a little early as compared to these firewalls okay all right so hope to enterprise over to enterprise basically means that you have small office to home office which is um as i said a startup network maybe five people 10 people or maybe a couple of a couple of machines routers and switches uh two enterprise level to thousands of users and thousands of uh devices in the in the indian environment gartner report i'm not sure if you guys have heard about gartner report anybody have any idea what exactly is a gartner report hands up anybody know what exactly is a gartner tell us about the leading uh like the firewalls uh products market okay and okay right so gartner report is basically um an entity or an organization which uh gives you ratings all right now this rating is not just for the security products or the firewalls it is for uh even routers switches sd-wan van optimization security van you know a lot of other technologies and other domain as well but gartner report basically is an entity which has certain um you know just like a checkpoint or checklist which they need to ensure before they give you a security rating now why they provide a security rating just like you would like know that you know these are the top five songs or these are the top 10 songs all right or these are the top five products in the market or these are the five top top five mobiles in the net in the market just like that you have gartner report which basically uh talks about these are the top five firewalls on the market and the reason behind why these are the top fives in the market right so this is what exactly a gartner report talks about okay now let's see so we start off can you please sorry to interrupt can you please repeat the significance of uh soho to enterprise point uh see soho to enterprise is based soho is small of his home office so small office home office basically means that the um you know the range the product range of fortigate firewall basically start off uh from a very small concept of soho where you might need you know eight people or ten people just a couple of devices two enterprise levels where you have thousands of devices right so that is what the what the concept was that it can handle 10 people it can also handle 10 000 people oh yeah okay thanks no problem okay all right so first slide that we started off was market leader and then it was holding it so why is it market leader see this is called as a magic quadrant okay okay all right now market leader right gartner okay all right now market leader gartner report in magic quadrant what these things are see um whenever you're talking about magic quadrant see quadrant basically means that um you we can all understand this this is quadrant let me just number this up first second and fourth okay now quadrant this is basically divided in one of the ways over here is that this is called as the completeness of vision okay and this is called the ability to okay uh all right i think i've got myself one mute anyways okay so the completeness of vision what exactly this means completeness of vision basically means that what is the company's vision for the next five years 10 years 15 years down the line where does the company look and what are its goal and what exactly is the company doing so that it can basically help the future in the next 10 years or 20 years okay that is the completeness of vision now when it comes to ability to execute right ability to execute is basically the same stuff so you have a you know a goal for 10 years how quickly and efficiently you are base uh you know slowly and you know progressing towards that uh goal that we have that is called as ability to execute now on on these two um criteria the quadrant is made where this is called as the first one also called as the niche players i hope you guys are able to see this right niche players niche place basically means a lot of uh people who are doing what they what the what the what the market is requiring right now okay so this quadrant is basically what the company or what the market requires right now okay they might not have a great vision for the next 10 or 15 or 20 years they might not have a great execution plan but whatever is required right now they would be able to give you that maybe what is required for the next two years or three years or four years not maybe not much but you can say it's it's like a quick fix okay then you have something which is called as the visionaries visionaries are so force and force point basically what they are doing is when we say visionary what we are what what the gartner is trying to say is that their plan of action or their their target or their goal for the 10 20 years is great absolutely fine but when it comes to the ability of execution right the ability to execute that is not really up to the mark okay they are a little bit i would say you know a little um up to the mark or maybe a little bit lower than that they have a great vision no problem at all but uh they are not quickly and efficiently executing those tasks okay so so force and force pointers first point comes into the category of visionaries then the third one is called as challengers what are challengers see challengers basically means their ability to execute is like in its is impeccable they are executing quite quite fast they are able to meet meet the market demands and whatever is required right now they are able to execute that okay juniper networks um so juniper so just to tell you jennifer networks was a couple of years back juniper was also uh in the leader quadrant now it has shifted to challengers okay huawei is coming up cisco is in the challenges as well okay now the next is called as the leaders which is the last one leaders are basically those guys whose ability to execute is impeccable as always and their target and their vision is also absolutely brilliant so they are targeting their next 10 years or 20 years and what will be the future would be look like and how they are basically helping a better future and also they are making sure that their ability to execute the plan of action to get to that particular vision or that for or that future is also good okay that is what the category of leaders is all about okay so palo alto is over there over here fortinet we are very much so uh so in we we are getting to know that fortinet may uh be giving an equalizer or maybe a little bit over uh in the coming two years or three years maybe let's see i don't know uh maybe but palo alto is also doing a great job over there and we have fortnite and then we hit checkpoint checkpoint is slipping down a little bit for some reasons and um cotton and pilot is really really high in the market these days so i always suggest and i always say that um you always should um you know look for the market and what exactly the market is uh demanding right so always look for the leader quadrant and not just the for not just for the firewalls even for the sd-wan or advantage or different uh technologies that we have even for the cloud right so look for those um particular location particular gartner report look for the leader section and prepare yourself for these products what will happen is since you are preparing yourself for the leader quadrant okay you will always be uh i mean rest assured you will always be in demand why because if you know palo if you know fortigate firewall let's say for example you let's say in the in the leader quadrant in the cloud you have aws right so if you know palo if you know for ticket and you know aws do i have to tell you that you will get a job do i have to tell you that you'll get a you'll get a good package i do not have to tell you all these things because this is this it's understood right so we always talk about we always say and we always suggest whatever is required by the com by the market right now okay and whoever is in a leader quadrant go for those guys because that will basically help you uh push yourself to the next level as well so let's say for example if you are right now so just to give an example one of my student he was in eight lakh of package uh he would have gone through the firewall and he have gone through some certain cloud um courses as well and then now as of now he is into you know quite a good package 80 of hike and and good events he is working with so my point over here is that i will suggest all my students to ensure and make sure that you are always learning some technology which is always in the leader quadrant because leader quadrant is basically people or vendors or companies who are going to strain the market and they are relevant and they are also doing a good job with the product that they are basically providing okay so for palo get in checkpoint these three are the leaders if you want to learn firewall you should go with these three firewalls okay all right now let's again come back to the 40k firewall all right okay so why fortigate see a lot of companies have started doing this that rather than you know having so see let's say example i'll keep it very simple okay so let's say you have a laptop right what does your laptop have maybe oopsie let's say your laptop is my pen okay so let's say your laptop has an i5 processor let's say you have 8gb of ram okay and you have on top of this windows 10 i5 8gb is fine enough for windows 10 but then let's say for example you have to you know use um let's say for example you might have to use vmware okay and in the vm where you are creating a lab for yourself and since you're creating a lab for yourself you need a lot of resources now suddenly this 8 gb of ram is basically not helping anymore you need a little bit more so you thought let me go ahead and add 8gb more all right now this is a windows laptop this is fine you are an end user no problem at all but when it comes to security devices it they do not function like that right whatever their hardware resources is it is just like that you cannot really add more to it uh but there are a couple of devices who does that my point over here is that fortigate firewall has something which is called as the ac chips now what is asic chips see asic chip is like a dedicated chip apart from your cpu and memory which helps the traffic move along quickly in the firewall okay so all the inspection okay all the security inspection okay is basically done by this guy okay now uh as per whatever your product is it's going to be a little bit different so for example look over here you have a fortnite 40 asic this is called as np6 right we have np 8 as well we have np 10 as well now it depends on the product that you are having okay now what is going to happen is that when it comes to the np6 or np10 this basically all is on the basis of whatever your product is higher product higher end product will give you a higher asic chip a lower end product might give you a lower chip but you will get this asic chip my point over here is that uh the cpu and the memory is basically required for you or for the traffic to be processed once the processing it is done once the inspection is done then it is forwarded to the exit interface the asic chip basically helps in the in this where the traffic goes to your cpu and now the cpu will not going to process the traffic the cpa is going to redirect the traffic to your asic chips okay asic chip is going to go ahead and you know look for the processing and scanning of the traffic and then it is going to exit so what is going to happen is your cpu is always free okay there is uh when it comes to the fortigate hardware the best thing or the one of the best thing about this firewall is that uh the cpu and the memory spike is comparatively less as com you know if you compare this with any other firewall vendors out there right because your cpu memory is mostly free your 40 asic or your asic chips are being used for uh you know scanning of the traffic you might have i'm not sure if you guys anybody have gone through any firewall have you ever heard about ppp parallel path processing we'll talk about this in the course but ppp is just basically one of the ways of saying that your traffic is basically um you know getting scanned and processed at the same time okay we'll talk about this in quite detail in the course but asic chip basically helps in that okay all right now forty guard update network so forty guard update is basically one of uh you know these are servers okay these servers basically handle all kind of updates signature updates anti-virus ips and application control everything so that your firewall is always up to the mark and it is always up to date with the right information so that if in case there is any uh known attack your photographer will be updated quickly okay all right now customer hardware i mean customer hardware purpose built for security basically depends on whatever your product that you're hiring um sorry whatever product that you are purchasing it is um it is based on whatever the requirement so the product cycle of the product range is on the basis of uh the security infrastructure meaning um whatever kind of security infrastructure you guys have you will have a product related to that okay all right now um coming back to something which is called as the course i mean because end of the day what i'm going to learn from this right this is what it matters now what we are going to learn is this we are going to divide or subdivide the course into two parts which is which will be called as the security and the infrastructure okay the security is mostly all the security concepts of the 40k firewall you know the introduction the policies the nat the authentication the logs the filtering application control ips ssl vpn right this is all the security part of that fortigate infrastructure basically talks about or covers a topic which is mostly on the infrastructure or the design level or the concepts of how would you deploy a firework in the network so routing vdom vdom is um vdom is basically called as virtual domain okay now virtual domain if anybody is coming from cisco background you might have heard about something which is called as a virtual context right and anybody know this virtual context right so this virtual context is basically um in cisco you can call this as a virtual firewall right so over here we call this as virtual domain right concept is still the same it's just that um it's a little difference of saying terminology is a little bit different okay that is what it meant it means then you have something which is called as the ipsec vpnight everyone knows that but we are going to talk about this in great detail about what exactly apsec is what is the vpn and then how do you basically deploy this on the ipsec okay all right now high availability anybody is what is vrrp gl bp actually i have muted all because due to disturbance so we can ask later no problem at all so basically high availability is all about you know we are in glbp so vrp and jlep is like is a way of uh making sure that you have always have one device um so that if in case let's say for example you have a device and for some issues or some physical issues or cable issues or maybe electricity or current issues that device goes down for some reason then you have a different device that can basically help to ensure that traffic is automatically directed towards that particular device and for the end user there is no um you know network issues or no um connectivity issues for that matter right your network will always be up and you will always have a stable and a stable network which can also help in you know issues just like your if in case one of the devices falls down you have another one to handle all the traffic that is high availability um we fortigate firewall has something which is called as fgcp which is fortigate clustering protocol this is a proprietary protocol we'll talk about this in great detail in the post but um the top the concept is more or less the same a little bit difference of implementation but uh the concept is more or less the same in the high availability diagnostic performance see diagnostic performance basically is more mostly about troubleshooting when it comes to troubleshooting what commands do you use how do you use them and what is the approach that you should go for right what i normally do is i always talk about from my own experience after 12 years that if in case you are approaching any kind of uh an issue in the network how would you go about and troubleshoot that particular network okay what is the thing that you should be looking for before even you start before you jump towards a conclusion what is the what are the things that you should verify because end of the day a lot of time it happens that you might have um you know given a statement that okay it's because of such and such issue and this is not happening but then it turned out to be a different problem for that matter right so diagnostic performance is all about troubleshooting i'm going to guide you with my own experience and we'll tell you that what exactly is needed for a firewall administrator anybody who's basically handling a firewall what does what is an expectation and how does you should be going for a troubleshooting guide okay now let's go ahead and open up the session for a q a okay now let me unmute yourself thank you

Info

Channel: Skilled Inspirational Academy(www.sianets.com)

Views: 1,795

Rating: undefined out of 5

Keywords:

Id: HR9IgW1neu4

Channel Id: undefined

Length: 46min 38sec (2798 seconds)

Published: Sun Oct 24 2021