Fortigate Firewall SD WAN Configuration step by step

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome back to my video for this video you will learn how to configure sd1 on 40gate firewall and here is the network topology we have the isp1 and isp2 and for the one one and one two is we called sd-wan and here is the one one one two and lan ip address you can check details about sd-wan link document in my video description here is the document about sd-wan this document show you detail about sd-wan and how to set up sd-wan step-by-step so now let's go to our project and do our lap in gns3 now let's start fortigate firewall and remote to fortigate via console for the default login user admin and password no password enter new password after we need to set static ip address on fortigate to remote access via web browser and i used port 5 for lan so we set ip for lan to remote from pc client to set ip on fortigate enter command config system interface and after enter command edit port 5. you see here is the port 5 that's we used for internal network lan now we set port 5 to static mode and set static ip and after enter command set allow us as ping http https to allow ping and access on web browser enter command end to save configuration now we have set local ip address for fortigate and we can access from pc client on web browser now let's start the pcvm now go to set static ip for pc client and here is my static ip for pc client now go to opencmd and ping to fortigate ip address to make sure it ping reachable or not ping to fortigate ip192.168.1.1 now it's reachable so we can access fortigate on web browser go to open your chrome and enter 40 gate ip address after enter login user and in password to access fortigate web interface and now we login to fortigate on web interface successfully for the next step go to network and interface and here you see fortigate port 1 port 2 and port 5 are up and for port 5 we have set the ip address 192.168.1.1 now we go to edit port 5 and alias enter name lan enroll we choose lan and here we enable dhcp server to give ip for pc client automatically the default dhcp start from 2 to 254 and you can excluding ip that you want and for dns server we can set specify dns for client for example i use google dns 8.8.8.8 and 1.1.1.1 after click ok so now let's go to pc client and check it get ip from fortigate or not enter command ipdhcp now the pc client get the ip from fortigate dhcp server correctly and enter command show ip to show more detail now let's go back to fortigate on web interface and go to edit port 1. after enter alias name 1-1 and choose role as one for addressing mode we choose manual and enter one one ip address here is my one one ip address 100.10.10.10 10.10.10.2 24. after click on ok and now we go to edit port 2 for set the ip for 1 2. enter alias name 1 2 and roll choose 1 after enter 1 2 ip address and here is my ip address 200.20.20.24 and you can allow any service that you want for example i allow only service ping and after click ok now we have set the ip for 1 1 and 1 2 already and for the next step i will show you how to create sd-wan and add 1 one and one-two to sd-wan go back to fortigate interface on web and click on sd-wan here is the default sd-wan you can use the the default sd when or you create new one now i will show you how to create new sd-wan click on create new and click on sd-wan zone after enter the name sdwan and then click ok here is the sd1 zone interface we just created for the next step click on create new and choose sd1 member after go to interface and choose one one an sd1 zone we choose sd-wan that we have created and gateway we enter the ip gateway of one one here is my one ip gateway for one one 100.10.10.1 now you see an sd-wan zone interface have a member 1-1 and now we go to add 1-2 to sd-wan in interface we select two and sd1 zone we choose sd-wan and gateway we enter ip gateway of one two and here is my one two ip gateway after we add one one and one two into sd1 zone so both one will integrated from i1 2 gateways 200.20.20.1 and now you see an sd-wan zone have two member one one and one two for the next step go to sd1 rules and here is the default sd-wan rule sd-wan rules define specific routing options to route traffic to an sd-wan member if no routing rules are defined the default implicit rule is used it can be configured to use one of five different load balancing algorithms this example shows balance traffic between the two one connections if you select session option is to balance traffic equally between the sd1 members by the session numbers ratio among its members use weight 50 for each of the two members or if you want one one run traffic more one two you can enter amount percent that you want and for split over option it's the same session you can set amount download and upload for one one and one two for example if you set amount download and upload 10 megabytes for one one so when one one run traffic reached 10 megabytes it will load balance traffic to one two you can test and check more detail about sd-wan rule in my video description and for source destination ip it's the same source ip option for volume this option to balance traffic equally between the sd-wan members according to the bandwidth ratio among its members and for this lap i choose source destination ip option for next step we go to configure static routes and click on create new and interface we choose sd-wan we choose sd-wan because sd-wan are the routing ip gateway of one one and one two and after we go to policy and object and click on firewall policy and then click on create new enter your policy name for example i enter the name allow sd1 access to internet incoming interface we choose local lan an outgoing interface we choose sd-wan so incoming interface local lan will allow outgoing throw interface sd-wan soros we choose all destination we choose all and service we choose all and then click ok now we have already configured fortigate firewall and for the next step i will show you how to configure on the isp1 and isp2 to access internet now let go to configure cisco router on isp1 start the cisco router and remote to cisco router via console and then enter command configure terminal to enter privlege mode enter command interface ethernet 0-1 cisco ethernet 0-1 we connect it to 40-gate firewall and we call it a 1-1 now we set the ip for ethernet 0 1. and enter command ipnat inside after enter command no shutdown to start cisco router port ethernet 0-1 and then enter command interface ethernet 0 0 to set ip for ethernet 0-0 for cisco ethernet 0 0 i connected to cloud so now let's set the ip for ethernet 0 0 192 and subnet mask 255.255.255.0 after enter command ipnat outside and enter command no shutdown to start cisco port ethernet 0-0 and now enter command ipnat inside source list 1 interface ethernet 0-0 overload and then enter command access list 1 permit 100.10.10.00.0.0.255 and enter command enter back to user privilege mode and enter command right to save configuration now let go to pc client and test ping to one one ip address now we can ping from pc client to one one on cisco isp1 and let test ping to google.com after we go to configure cisco router isp2 enter command configure terminal and then enter command interface ethernet 0 1 to set ip for cisco ethernet 0 1. and enter command ipnat inside and after go set ip for ethernet 0 0 enter command interface ethernet 0 0 and enter i p address for ethernet 0 0 and for port ethernet 0 0 internet command ipnat outside and now create net enter command ipnet inside source list one interface 0 0 overload and create access list enter command access list 1 permit 200.20 dot now go pc client and let test ping check pc client ip to make sure it's get ip and dns correctly dhcp correctly now ping to cloud ip gateway six dot 192.168.136.1 so now pc client can ping to my cloud ip gateway and now we can test ping to google.com again if it not working we need to configure static routes on cisco router on isp1 and isp2 on isp1 enter command configure terminal to enter priveleg mode and we enter command ip roots and enter 0.0.0.0 when 0.0.0.0 and enter iproot to internet is 192.168.136.1 and then go to isp2 and create iproot on isp2 well done so now let's go to our pc client and let test ping to google again now we can ping to google.com and now let go pcvm and let test open any website now let test openyoutube.com now you see our pc client can access to the internet thanks you for watching my video if you like this video don't give me a subscribe for more video lesson for my channel goodbye

Info

Channel: iShare

Views: 35,369

Rating: undefined out of 5

Keywords: fortinet, fortigate, sd-wan, Fortigate Firewall SD WAN Configuration step by step, Fortigate Firewall SD WAN, sd wan configuration in fortigate, sd wan configuration step by step, sd wan configuration in fortigate step by step, how to configure sd wan in fortigate firewall, sd wan configure on fortigate in gns3 appliance, how to configure fortigate sd wan in gns3, sd wan lap in gns3, fortinet tutorial, sd wan fortigate setup, fortigate sd wan configuration 7.0

Id: 0_S4XJ5IpBA

Channel Id: undefined

Length: 24min 32sec (1472 seconds)

Published: Mon Jul 04 2022