Fortigate Firewall Integrate with CISCO Switch

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone welcome back to my video so.... in this video we will learn together how we connect our fortigate firewall with cisco core switch and the DHCP server we designed the network like this because we want to prevent our fortigate firewall to use all the resource like this the fortigate cannot handle all the traffic so it make the firewall busy all the time ok for those who is watching my video in the first time pls subscribe to my channel and give the thump up if you like my video and don't forget to comment below if you have any question ok so let's go back we have the DHCP server it handle for the client it means that if we have many vlan so the client in different vlan need ip address to access in our network that's why we have 1 DHCP server to handle for the IP and provide ip to the client in our vlan the core switch cisco core switch that we have is to handle the traffic in our network in our vlan so like this the traffic between vlan from 1 vlan to another vlan we do the routing inside the core switch the core switch will handle all that traffic and allow or block the traffic based on our design base on our access list in our core switch one more thing is about the fortigate firewall fortigate firewall will handle all the traffic in our network want to access to the wan port it mean go to the outside world to the internet the fortigate firewall will handle for this traffic it will allow to access or block base on the firewall policy so we design like this it mean that each devices can handle for their job their own job our core switch do their job firewall do its job the dhcp server it will know their job what it will do for the resource it mean firewall and core switch and the dhcp server it mean that they do their job and they have enough resource they make our network flow and network design is go very well so... also we it easy for us to troubleshoot for the issue next time it is base on the dhcp serve or on the core switch or on the firewall so we can troubleshoot later if we have any issue in our network ok so like this we go to the lab together and ahhh do this lab together ok so this is our lab my my previous lab that I I do the DHCP relay with core switch layer 3 it mean that the like I said uh the core switch will handle the inter vlan routing we have vlan 10 vlan 20 vlan 30 and vlan 7 the inter vlan routing between vlan will handle by our core switch and we have dhcp server here so will provide all the ip to different vlan this is vlan 10 vlan 20 and vlan 30 okay we vlan 20 and another one vlan 30 if you want to know all the configuration you can go to my previous video and uhhh watch it agian I will put the link description with this lab in the in the description you can find it what we want to do is we want to have fortigate and then ahhh cloud to access the internet okay so I will start the fortigate and this one we call internet okay internet I use 192.168.130.12 this is the wan ip for fortigate because we share with the fiwi and for the here for the fortigate connect to core switch I will use ahhh.. another vlan is vlan we have vlan 10 20 30 and vlan 7 ok so I will use ahh.. okay i will use a lan 192.168.17.1 ok this is our lan so we need to have one more one more vlan vlan 17 it will be I will say 2 because 1 is for the fortigate and 2 is interface on our core switch one more vlan is ahhh vlan 17 I called it ahhh firewall firewall or fortigate ok fortigate ok so what we do is we go to our fortigate and log in with default username admin no password and we go to config system interface and then go to edit port 1 port 1 is the wan wan port ok so we go to port 1 and set mode to static set ip to 192.168.130.12 allow access ping http https ok for our port port 2 set ip 192.168.17.1 okay 24 set allow access ping http https like this we can access our fortigate firewall with web browser so we go to 192. ok here it remember my last history ok admin and then ok we can go to network interface for the port 1 we go to edit we edit some setting we called it wan and for the role wan and for port 2 and then we called it local lan and the role is lan the ip address for wan and lan ahh port or lan and wan interface yes you can say interface or port here you can say port ok wan port and this is lan port so this one it will be vlan 17 ok so we now we have the ip for lan and wan now we go to our core switch and then show vlan brief we not yet have vlan 17 so we need to create it we name it to fortigate ok and then exit interface vlan 17 ip address 192.168.17.2 255.255.255.0 no shut and then we can description link to fortigate do show vlan brief ok now we have vlan 17 here what we need to do is is we do the default route to our fortigate firewall ip ok let's verify the ip address first do show ip interface brief ok vlan 17 ip route all the traffic all the traffic that not route inside the vlan we go to the fortigate firewall show ip route ok we have default route to the firewall connected route with different vlan ok now we go to our and then this switch no have vlan 17 we go to add vlan 17 so our vlan 10 let's show the ip the dhcp server start from 11 we can check here we can check here so now what we want to do is we want vlan that want to access to the internet need to access to the fortigate firewall with vlan 17 ok let's try to ping our fortigate firewall let's ping the core switch first 17.2 ok cannot so we need to go to our firewall and do the routing from our firewall so we go to static route create this is the gateway of the wan so interface wan okay ah one more thing we we not we not yet reach the firewall so we need to route from our vlan as well ok so let's say go to vlan 10 gateway gateway we will use 192.168.17.2 because the fortigate firewall connected to the core switch with vlan 17 that's why we use these ok by port 2 and then we can core switch so let's try to ping from here ok cannot go back to our core switch ping 192.168.17.2 17.1 ok show ip interface brief okay ok i try to change the administrative distance so let's try again uh sorry everyone i think we not yet configure this port to access port vlan 17 so let's check together show interface status yes it should be this one it should be access port vlan 17 that's why we cannot reach the fortigate firewall yes like i said if we have any issue we easy to troubleshoot the problem ok so let's go to interface ok sorry my mistake i forget to configure the port ok so let's try agian ping still cannot show interface status let's try ping from here ok i think now we can so let's try ping again ok success and then let's try from pc one ok we can ping the firewall so can we ping to google 8.8.8.8 cannot access to the internet go back to our fortigate firewall and ok this role we can say we can put the command here route to internet it is easy for us to know which role is we go to policy and object address we create address for our network we can say vlan 10 vlan 10 is our office and then i can change the color so which color green ok i can say green here and then for vlan 20 yellow purple okay vlan 20 i can say wi-fi yellow here 20 here ok and then another one is purple vlan 30 cctv okay so let's say let's say we want these vlan office and wifi access to internet and for the vlan 30 we not allow to access the internet but we can communicate with each other for vlan 10 vlan 20 and vlan 30 ok so we go to our firewall IPv4 policy policy allow access to internet incoming interface is port 2 local lan outgoing is our wan port and source for the source we we allow only vlan 10 and vlan 20 ok destination you can go to all go back and let's try to ping ok now can so if you tracert uh what is the trace command ok trace so here we can see we go through our vlan 10 and then we go to our firewall fortigate firewall and then this is our gateway of our wan yes that's correct so it mean that the traffic that to access to the internet need to go through our fortigate firewall and for this pc if it wants to communicate with vlan 20 or vlan 30 also can let's try ping test 192.168.20.11 cannot we can check the ip let's say ping to the gateway can so ping 192 168 10.11 uh also vlan 20 can access to the internet cannot maybe ping the fortigate firewall uhhh i see because... at the moment at the moment we only do the the routing here only do the vlan 10 only we can say we can ok we can clone here 20 route to core switch l3 we can say route to vlan 20 yes let's try let's try together okay so why cannot okay now can okay so uh ok so if you go to our forget firewall the traffic that goes through our forget firewall forti-view all session ok we can see from local lan to yes we ping to google from this ip if we try to ping from our vlan 10 this is vlan 20 so if we try to ping from vlan 10 we ping we ping 8.8.8.8 and we will see the traffic go through the fortigate firewall as well let's say interface local lan now we can see our vlan 10 yes our vlan 10 that's you can check all the traffic here ok i think this is our lab for today and i hope this lab you can have some clue for designing your own network environment so if you have any question please comment below and i will get back to you soon.

Info

Channel: TAN Kirivann

Views: 33,496

Rating: undefined out of 5

Keywords: Tan Kirivann, fortinet, fortigate, fortinet firewall, Cybersecurity, fortigate firewall, fortigate integrate with cisco switch, inter vlan fortigate firewall, GNS3, GNS3 VM, trunking, trunk port and access port, routing, fortigate VM, routing policy, vlan routing, firewall, how to configure DHCP Server for vlan, DHCP Server for VLAN, routing protocol, policy and object, IPv4 policy, switching, CISCO, CCNA, multilayer switch, interface vlan, interface vlan routing, Networking, DHCP Relay

Id: p73pnRNxcn8

Channel Id: undefined

Length: 36min 12sec (2172 seconds)

Published: Sat Mar 13 2021