FortiGate Initial Setup - FortiSwitch and FortiAP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Today we're looking at setting up a basic network with a FortiGate a FortiSwitch and a FortiAP. Hey everyone! If you're new here, I'm Gregabyte and I talk all things network and security and focusing lately on Fortinet Solutions. So I'm a visual person, so I wanted to break this down for you. How? I've got this set up today. We've got our Fortigate 90 G setup hooked up to the internet. It's hooked over on port A to the port eight of our FortiSwitch 108F-FPOE. Then on port one we have our FortiAP hooked up using Poe. And right now the only thing that's configured is that basic configuration we've done in the first couple videos with the Fortigate 90 G. So we'll hook up the FortiSwitch, which is currently not configured at all, and the FortiAP, which is also not configured at all. First off let's double check which ports are our for to link just to make sure. So we can see here at the top that we've got FortiLink with members A and B. And we've got a currently connected. Before we do anything else let's go turn on the wireless and switch controller. If we go to system feature visibility and then turn on the switch controller and the wireless controller and then hit apply. You'll see now over here on the left that we have Wi-Fi and switch controller. If we drop that down, the first thing that we're going to want to look at is the FortiLink interface. So if we look at this right now this is just set to the default. it's using the IP space of 10.255.1.1/24. And it sees one FortiSwitch currently connected. By default, in a secure state, we don't want to authorize new devices. So we've got that turned off currently. We do have the ability to do split interface, which is something you might want to do. And we've got DHCP set up now FortiLink is going to be the type of protocol that we're going to use to communicate with our FortiSwitch. So this is purely management and configuration. So we'll move over into the managed FortiSwitches. And in here you can see that we have one unauthorized switch. So if we click on this we can actually go and choose to authorize it. Now that we've off authorized this it's going to sync up with this device. And it's going to start giving it a configuration. Right now there is nothing configured. After a minute we refresh the page and our FortiSwitch is online. We can even see that it's connecting from an IP within the subnet that was in FortiLink. So the next thing we're going to look at is actually the FortiSwitch VLANs. By default we have a handful of different VLANs preconfigured Vlan one. And then a lot of the top Vlan IDs We're not going to use any of those today, What we're going to do is going to create a Vlan for the FortiSwitch administration. If we go to create new. Create a for AP Vlan, we're going to choose to call this Vlan 60. We're going to give it an IP address of 192.168.60.99/24. Inside of here We'll turn on ping administrative access, as well as the security fabric connection so that it can talk over CAPWAP. We'll turn on DHCP server, which should grab the IP space from the IP that we created earlier. We're gonna have device detection turned on. And other than that we're going to leave everything else the same. Okay. So we've got the FortiAP Vlan created. Let's go over to the port and change it over into that Vlan. We'll head over to FortiSwitch ports. We're going to go to port one because that's where our FortiAPs hooked into. And we're going to change the native Vlan from the default FortiLink over to the FortiAP Vlan that we created. And we're going to apply that. So now our FortiAP has DHCP that it can hook into. Now that we've done that let's go over to managed FortiAPs. And we should see that a FortiAP is waiting for authorization. So let's click on that. And just like in the FortiSwitch we're going to authorize it. I'll right click it and select authorize. Now this is also going to take some time to get updated with the configuration that is created inside of this Fortigate. So while it is figuring all of that out, we'll go create that. We'll head over to SSIDs, create a new SSID. I'm just going to name this one Example SSID. But that's not actually the SSID that will be broadcast. We'll change this IP space to 192.168.61.1/24. We're going to turn on ping, but for this we're going to expect that there are no admins. So we don't want to turn on any web access or anything else. We'll turn on DHCP server which again will have the IP space based on the address for this SSID. And then we can change the SSID that is broadcast down here. we'll type EXAMPLE. We can scroll down a bit further and we'll set a password for it. And we'll just be Fortinet1! We're not going to set any Vlan IDs here. We're just going to keep it like that. We'll hit okay to apply it. And now we've got a tunnel SSID that's the default mode. And that's what we're going to use if we double check our for the AP profiles will automatically see the default for the AP 231 G profile that was created. And the thing that we were really looking for is to see we are using tunnel access IDs in all of the radios. Tunnel, Tunnel and Tunnel. So that's what we want because we created a tunnel SSID if you want you can go manual on yours. But that's what we're going to do in this one. let's check out our managed FortiAP and see if it's connected now. so after a little while, we can see that our access point is up and running. And we're running on channels 1 and 165. And we don't have any clients running right now. So the next thing that we need to do is actually allow this traffic to talk across. So we'll go to our policy and objects firewall policy, create a new one. We'll name it wireless. Select the incoming interface as the example SSID and let it go pretty much anywhere. Not a secure design, but it's just for testing. We'll do source and destination of anything. And a service of anything. We're going to accept it. We'll use Nat and we're not going to do any filtering on it right now. We'll log all sessions right now and hit okay. I'll drag this above my testing policy, which is just a fail open. Now let's take a look and see if we can hook up into this wireless network. We'll turn on my wireless card and we'll connect to this example. Wireless. I had already typed in the password, but now we're connected and secure. We go to wireless and switch controller and look at Wi-Fi clients. We'll see that. We can see my computer, which for the AP it is connected to, and a bunch of other information about it. So now we have one side configured on our FortiAP, which has access to the outside world. but our FortiSwitch still doesn't have a Vlan that can be used to get access out for wired clients. So let's go back to FortiSwitch VLANs. And we can choose to either utilize this default for link which is the default Vlan but it is Vlan one. Now we could choose to use this default FortiLink Vlan one, which currently does not have an IP address assigned to it, and change that over to something else. Or what I like to do is create a new Vlan. So we'll go to create new. name this wired. Go to vlan ID of 70. And just like before we'll give it a 192.168.70.1 slash 24. We're going to turn on the ability to ping. We don't have any downstream, Fortinet devices that we would expect. So we're not going to turn on security fabric connection. And we're going to turn on the DHCP server, which should fill out this information. I would still like to detect different devices on here but nothing else. We'll go and select okay. And now you can see we have a wired Vlan. We just now need to apply it over at our FortiSwitch ports. So we'll go to ports two through seven. I'm just going to hold shift to select all of those. And we're going to change over the native Vlan from default FortiLink over to wired. And I'll apply that. And now I can see all of these ports have a wired port on here, just like we did with the FortiAP. We'll need to go into policy and objects firewall policy and then create a new. We'll call this one wired. Using the wired Vlan. Allow to go to anything source of anything. Destination of anything with a service of anything. Now it will log all traffic hit okay I'm going to drag this again above my testing. So I'm going to switch over my wired port into this device and we'll see what we can do. So now that we've disconnected the wired connection, let's test out that wireless connection that we had before. We'll just go to fortinet.com. And we can see that we got access. As we connect back over into we'll go into port seven. Since it was ports two through seven that was enabled. I'll go and turn off my wireless. That's always a good sign. We'll turn off our wireless here. And again we're going to go and let's go to fortiguard.com. And we can see we can get out to websites. All right. I hope that was helpful for you. and setting up a really basic configuration with a switch and an access point with your fortigate. If you've got a different network that you'd like to see me test out and setup, let me know in the comments below. I'm always looking for unique, different use cases and even common use cases that I may not be thinking of. If you've got a Fortinet stack today, is this how you've got it configured or is it something else?
Info
Channel: Gregabyte
Views: 3,706
Rating: undefined out of 5
Keywords:
Id: 1tCI14uaQow
Channel Id: undefined
Length: 11min 45sec (705 seconds)
Published: Thu Apr 04 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.