Fortigate Firewall VLAN configuration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

ok hi everyone this is my first time that i talk to you in english so like this all of you around the world can understand me because ahhh i think that some of us will understand in english it's better to learn together that's why i decide to talk to you in english ok so if this is the first time that you watch my video please subscribe to my channel if you think you like my video please give the thump up and if you have any other question please comment below okay let's go back to our topic today our topic today we will learn about fortigate firewall as you know fortigate firewall is very popular today so today we will go through together with errr configuration with vlan so in this lab i will demo you with three vlan only and we do the routing vlan and we have some configuration with cisco switch so it mean that we use the fortigate firewall with cisco switch and do the inter vlan routing so now we go to our lab together ok so this is our gns3 let's start with our topology ok we have the fortigate firewall we have the switch we have errr.... the cloud for the internet access and we have pc ok pc1 for the vlan 1 vlan 2 vlan another vlan ok so give me 2 minute to connect the topology ok so this is our topology and let me start with the fortigate ok uh for this one i call it the internet this is the wan interface because i use connection with wifi that's why we need to use this address and we have errr vlan 10 for office and for the vlan 10 we give vlan 20 we call it WiFi and another one is vlan 30 we call it cctv okay ok so this is our vlan we will create on fortigate and our switch for the default username password to login the fortigate is username admin and password no password you just press enter so now let's configure our when port and setup this ip for the wan port so we can access our fortigate by web browser it's easy to manage to setup and configure our lab because err... it have the interface ok let's start the config system interface we go to edit port 1 so port 1 is the wan interface so we set uhhh port mode to static ok and then we set ip to 192.168.130.12/24 or sorry set rule to wan set allowaccess we allow ping allow https http ssh ok we can edit later so in order to access by web browser we need to enable allow access this http and https and if you want to ping allow ping ok so.....now end ok we go to web browser here and we type in the ip address here ok so now username admin no password it ask for the password change but for this lab no need to change because uhh we just testing only ahh ok keep it like this ok we go to network and interface yes we go to port 1 and edit the rule we already set to wan and alias is the name of the port we put it wan ok yeah this one if you want to enable this if no need just keep it like this ok ok so now on port 2 we have three vlan here so now let's go back to our web browser and create interface err...i call it vlan 10 and vlan 10 office ok type here we choose vlan we have a different type so here we want vlan and the port is on port 2 vlan ID is 10 the rule is lan that's ok and the ip address is 192.168.10.1/24 if you want to allow http ping ok we can allow ping for testing DHCP server ok vlan 10 so let's continue to vlan 20 ok vlan 20 and i call it WiFi ok WiFi and port 2 the same and vlan ID 20 and for the ip 192.168.20.1/24 http ping and also i need DHCP server last but not least another one is vlan 30 ok i call it cctv port 2 allow ping ok allow ping and enable DHCP server as well ok ok now we have three vlan so in order to communicate with vlan we call it inter vlan routing we need to create one more thing is the zone i call it errr... local lan and for the member i have vlan 10 vlan 20 vlan 30 these three vlan if we enable this option it mean that vlan10 vlan20 vlan30 cannot communicate with each other so it will not route to each other and if we want to allow the traffic from vlan 10 to access vlan 20 and vlan 30 we need to disable this one ok now we have this one local lan on port 2 and we have the member is vlan10 vlan20 and vlan30 we need to configure the vlan here as well we go to our switch configure this port connect to the fortigate is the trunk port ok so switchport interface e0/0 switchport we need to enable this command to allow the vlan traffic access on that port another one is switchport mode access switchport access vlan 10 ok so vlan10 it will be create automatically and then we go to another port ok switchport mode access switchport acces vlan 20 ok vlan 20 also create and another one is vlan 30 ok vlan 30 create so save the configuration and verify show vlan brief verify the port show interface status ok trunk port 10, 20, 30 correct so now let's start our client this one it will be vlan10 192.168.10.2 and this one it will be vlan 20. ok it will get that ip because we set to start from 2 this one vlan 30 our client ok now come up i don't want to set the network ok so let's check the ip ok 10.2 correct 10.2 and this one we.... set ip dhcp it will ask ip from dhcp server and 192.168.20.2 ok correct ok let's test ping to vlan 10 192.168.10.2 ok now can and this one vlan 30 ip dhcp ok so let's try ping to vlan 20 ok now can try ping to vlan 10 so now we can communicate with each other different vlan vlan 10 vlan 20 vlan 30 and we want to access the internet oh sorry we cannot so in order to access the internet so let's test one more vlan 10 to vlan 20 ok and vlan 10 to vlan 30 and we try to ping google cannot ok in order to... allow our client to access the internet we need one more step to go ok so let's go to static route and we create the route for the gateway we need to put our gateway wan gateway and interface wan port ok port 1 another one we go to policy IPv4 policy and we create allow local local lan incoming interface our local lan outgoing interface is wan why we choose local lan because local lan is the the lan zone that uh have three vlan in it that's why we choose this one ok we choose all all for testing this one all ok ok so now we go back to our client and we try to ping google yehhh ok now it can ok so now go back to our vlan 20 we try to ping ok from pc2 vlan 30 ok also can ok so now that's all for my lab today so if you guy have question please comment below and we will get back to you thank you for watching

Info

Channel: TAN Kirivann

Views: 21,594

Rating: undefined out of 5

Keywords: Tan Kirivann, fortinet, fortigate, fortinet firewall, Cybersecurity, firewall, Configure inter-VLAN routing using fortigate firewall, inter vlan fortigate firewall, GNS3, GNS3 VM, how to create sub interface fortigate firewall, how to configure router on a stick, vlan, trunking, trunk port and access port, fortigate firewall vlan configuration, how to configure DHCP Server for vlan, DHCP Server for VLAN, CISCO, CCNA, interface vlan, interface vlan routing, routing, switching, Networking

Id: SJlNe8O7aVA

Channel Id: undefined

Length: 20min 59sec (1259 seconds)

Published: Fri Mar 05 2021