HOW TO CONFIGUER ADVPN IN FORTIGATE FIREWALL | ENGLISH

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Okay so so in the last session we have completed our ad uh sorry vlrp now we'll do today the adbpn so do you know what is adbpn and how it works for zipper modes no sir I think they use it will use the active directories file no nothing like that there is nothing related to that active directory tell me think about adbp and VPN this is also a form of ipsec VPN where is going England think about it try to explain what is adbpn heavy work ever with the ADB plan uh no actually oh England we are having multiple branches okay let me check in one more branch in Sri Lanka okay Africa right in your country okay so um ADB pin is also a form of you know ADB pen is also form of one kind of ipsec VPN only but the work the way of working is a little bit different what is this is actually benefit benefit uh when you are having a multiple branches okay with the same vendor like 40 gate only then only you can configure the adbpn if you are having a Palo Alto then also all the branches would be uh with the advpn only it will not work when you are having a different menu first of all second thing what is the use of ADB pin let's suppose you are having a branch one this is your ho this is your ho India okay this is Rachel India and it is connected with the internet in the same way you are having one more more branch in the Pakistan one more branch in the Australia one more branch in England another branch in Africa so all are connected with the Internet only but it all are connected with the internet and every branches is having their local networks here also in nature there is local energy Network ignore this this is our management this will not come under your real time okay so this just think about this this link only this is the internet link okay all the branches are connected with the internet so let's suppose I am having another another you know this this branches so I can I can use ipsec VPN VPN so this is it will come like this and it will it will we need to create a tunnel between this farewell to that this branch of this web branch and this Branch to this branch and this Branch to this Branch this Branch to ho2bo we can say okay so in this what it will be happen it will be it will just communicate from ho to B only okay so to b o and b o two h o H A to B O and B o two h o like that it will communicate but what if the bo2bo wanted to establish the communication they wanted to try you know they want to they also wanted to start communication from each other if you are using ipsec it will not possible when the branch Bo to Bo cannot reach okay BO2 ho only and h02 B only can be communicated in the ipsec VPN but at my point but in advpn adbpn advpn we can we just need to create a tunnel from ho to bios all the Bo's and after this we need it will be automatically sync and and share their routing tables okay and it will it will work it will start communicating from BR to Bo as well but if if you are using ip6 VPN then you need to establish one more tunnel from Branch one to Branch 3 and Branch 3 Branch 4 to Branch one so in this way you need to configure so it is like little bit hectic to configure for a network administrator so easiest way to communicate establish the communication from nature to B and Bo to bios by using a ad VPN okay got it clear okay yes okay so now come to that Tower topology and this is our R1 R2 R3 R4 I will leave it this okay and it's stored and wipe all nodes and start all nodes okay startle notes close this and we have adbpn configuration also the configuration file is it in their site if anything advpn adbp okay there is nothing like that so but but we have a testing purpose let me start all these things so this is the router this is also router then these all are routers only that we are using as a system okay so this will become our India this will become our India okay India h0 okay so now R1 R1 and internet is here because of many so many that's the reason internet and R3 will become more Park local Pakistan location locally the network okay so park Pakistan local this is our Australia local firstly a local and this is our England local and this is our Africa local okay this is our Africa local got it so let's start the configuration from R1 okay so enable configuration terminal no IP domain lookup okay interface questionnet 0 by 0 IP address 192.168.101.100.255.255.25.0 and no shutdown okay and default route IP route towards our 192 0.0.0.0 and 0.0.0.0 192.168.101.1 255. not two five five that's it okay end but it now go to the Internet how many how many networks are there in the internet for networks okay enable configuration terminal interface faster than it a two by one IP address 101.1.1101 .1.1.1255.255.25.0 and those okay this interface no switch Port we need to do then only it will assign IP address 1.1.1.1255.255 .255.0 and no shutdown okay interface which interface now two by three okay no switch port and IP address will be one zero two Dot 1.1.1 and 255.255.25.0 and no shutdown okay Zero by Zero Zero by zero IP address 103.1.1.1255.255.25.0 and no set down okay who is trying to join just allow him 0 by 0 f 2 by 2 by 0 2 by 0 i p address uh one zero four one zero four dot 1.1.1 255.255.25.0 and no shutdown okay no switch port and this IP one zero four okay and no shutdown okay exit interface first ethernet 0 by 1 IP address IP address what is this IP 105.1.1.1105.1.1.1 255.255.25.0 and no setup no shutdown then Okay Internet is done Park local so in the park local what is the rip enable configuration terminal no IP domain lookup IP address 192.168.102.100 255.255.25.0 and no shutdown the interface we are not chosen right interface versus Net Zero by one IP address 192.168.102.100 and 255.255.25.0 and no side down okay fine and IP route IP route 0.0.0.0 and 0.0.0.0192.168.102.1 fine then Australia local enable configuration terminal interface versus Net Zero by one IP address 192.168.103.100 255.255.25.0 and no shutdown okay IP route 0.0.0.0190.0.0.0192.168. 103.1 right England enable configuration terminal no IP domain lookup IP address 192.168 what is the interface interface fascinated 0 by 0 IP address 192.168.104.100 255.255.25.0 and no shutdown okay and IP route 0.0.0.0 and 0.0.0.0.0192.168.104.1 okay local wait a minute enable configuration terminal no IP domain lookup interface first ethernet 0 by 0 IP address 192.168.105.100 255.255.250 and no shutdown IP route 0.0.0.0 and 0.0.0.0 192.168.105.1 then okay so all all the routers are done now we need to start from India Pakistan and now we'll configure this all this routers okay so India admin admin admin conflict system interface config system interface edit port number what number which one port number two and port number two is a one zero one dot one dot hundred port number one it is port number one okay not not port number one it is support number two exit not exit in config system interface edit port number two port number two set allow access ping okay set mode static set IP 19101 right 101.1.1.100 slash 24. fine and what is the port number one port number one is also there so next edit port number one set for static set IP 192.168.101.1 slash twenty four say it allow access Bing okay next end right India done the configuration India h0 India local no it is a it is a firewall the firewall okay now configure the Pakistan the name Park the name Australia name England Africa Africa India then Pakistan will have to do admin admin admin config system interface edit port number two set allow access ping okay said mode static set ip102.1.1.100 slash 24. okay and the next edit port number one port number one say it allow access ping set mode static set IP what is that set IP 192.168.102.1 slash 24 and the port number next edit port number three set mode DHCP okay say it allow access ping because port number three is our management which is connected to this one right then go to the Australia admin admin and the admin config system interface what is this conflict system interface edit code number one say it mode set mode static set allow access ping set IP 192.168.103.1100 list 24. okay port number one is done one zero three dot what is that oh sorry wrong IP port number one yeah wrong IP OD one and settled okay IP 192.168.103.1 slash twenty four and just say it allow it set more static set mode static set allow access Bing okay that's it and the next edit port number two port number two set allow access ping set mode static set IP what is the IP 103.100 103.1.1.100 slash 24 okay say it after that next edit port number three port number three set mode DHCP set allow access ping okay next nothing is there end okay now go to the England England admin admin admin config system interface edit port number one set mode static set mode static set ip192.168.104.1 slash 24 okay set ping set alarm next edit port number two set mode static set allow access being set IP 104.1.1.100 if I'm not true 104.1.100 correct which interface in which interface okay which interface port number two only right slash 24 fine next edit port number three set allow access being okay set uh [Music] set mode bscp next Africa not only that uh set allow access ping https HTTP all these things immediatric okay go to the Africa first admin admin and admin config system interface edit port number one say it mode is ping okay say it IP p 192.168.105.1 24 and next edit port number three next edit report number delete what what I read port number two three set alarm X is being https http and set IP 105.1.1.100 1.100 slash 24. https HTTP okay then port number two is a one zero five dot one was it wrong wrong port number three uh unset IP and set IP okay and uh set mode tscp next edit port number two say it allow access ping and set mode static say it port number two say Type e 105.1.1.100 it's list 24. okay set allow access being https http okay okay anything else I'm missing the Port 3 is already done next edit port number three say it allow access love X is being HTTP https https https okay no dsap is already done admin admin the Pakistan uh config system interface edit port number three say it allow access love access ping https HTTP okay in Australia also port number three config system interface edit port number one two three set alarm access being https HTTP by Mist that's why I am repeating okay by any chance because already in the port number three Africa then config system interface edit port number three set allow access set allow access https HTTP pink and set mode DHCP for that we don't want to take a risk okay go to the India admin admin Source system interface question mark what is the IP 75 Dot three okay code number three we need to configure here config system interface edit port number three set allow access ping https HTTP set mode DHCP right and end support number three wait for a minute meanwhile check for other other firewalls Pakistan Source system interface question mark 192 168 192 168 anything 75 port number three is no IP it is not taking IP right config system interface edit port number three set more DHCP okay set more dscp say it allow access being http HTTP in so system interface 292 16875.157 192 157 right so this is our India admin admin admin later okay status India okay light go to the port number one and the interface port number three manual okay then then after that we have a Pakistan so system interface brief or system interface question mark 198168 75.158 192.16.71 58 right 57 here 758 here 158 admin admin then don't save because if I was yes you are here yes I'm following [Music] network interface manual this park Pakistan then Australia so we're already having right Australia he said so system so system Australia so system interface question mark 75.150 192 150 admin admin [Music] later [Music] which location virtually right [Music] the U.S and the network [Music] network interface [Music] okay rule manual okay then to that which branch inland so admin admin so system interface question mark 75.156 192 156 okay admin admin don't say later okay network interface all right [Music] [Music] okay status [Music] foreign England right yes then last one is Africa admin admin store system interface question mark 75.155 [Music] admin [Music] admin don't save later okay and Network interface manual okay okay status and Africa [Music] you would mute yourself Africa okay so all the config all the all the location we are done right so now we'll start from we start configuring from the India site admin admin so first we'll do uh our 101.1.1 so static route only we need to do aesthetic roads here also we need to do the static roads in another third one okay so let's begin from here static routes create new 101.1.1 right so 1 0 1.1.1.1 code number two and along with we'll do what uh VPN wizard this will be our A2 right so go to Harmony spoke click on this awareness book the type here India ho okay India h0 and it will become your Hub or spoke it will be a hub so we'll choose in the role we need to select a hub Hub only okay next interface incoming interface the packet will come from port number two so incoming interface at this point hub huh we are choosing as a hub anymore restart our spoke okay okay then next incoming interface bit port number two password is a 14 8. okay I choosing the 148 as a password okay next so one zero this will come by default okay 10.10.1 you can change it also as per your requirement okay so I can use the till 254 we can use okay whenever the user will connect uh by using this VPN then this will be this will they will you they will get this and they'll be 10.10 dot series IP They will receive on their machine okay local interface which is the local interface port number one right so we need to choose the port number one IP address automatically it will come local subnet nothing more than that only single we are having if you are having a multiple one then you need to choose a multiple one okay and that next and it is created okay you need to create once you create Okay add another sorry sorry we we have to do add another where I missed cancel just cancel this and go to that VPN wizard cancel cancel and we need to select multiple one okay so so have any spoke tunnel we have to delete this India to h0 we need to delete it is in use already in use where it is that end users India is okay automatically policy will create it okay role policy we need to delete and we need to I actually I forgot to you know use that option just a minute I'll show you what I forward one and two this we need to delete okay static routes is there city crowds nothing is there VPN go to the terminal let's delete this create new a basic wizard it will become our herb and his book so it will be a hub and India okay next port number two the traffic will come from the port number two and it will be the password will be a 14 it 148 next 1 0 10 10 series and local interface will be port number port number over no port number one remember this one uh two uh two five oh that we can use or not use that is up to you okay another I will use six five four double zero is a is a bgp okay BCP attributes AAS number okay so it come automatically whenever you're using uh this uh this one that how many spoke okay adpn so how many local networks we are having a single local area networks how many tunnels we are having we are having how many tunnels we need to create one two three four right so four tunnel we need to create you can create multiple tunnels two three and the four five six like that you can create okay up to 255 you can create got it got it yes okay yes fine so now what is the benefit of this I will tell you why we are using it why we are adding this the next then create so now we are getting some keys here look this will become for branch one branch two Branch three four five six it is not mandatory like it is a branch one means for this one only you can use any key with anyone but you have to be used with the single one only okay this keys I'll show you here in the okay Pakistan foreign Network interface word number three that is done my static routes we need to do connected with 102.1.1.1 so create new and uh 102.1.1.1 okay port number two VPN wizard to be okay to Pakistan to India okay I when he spoke so this time role will be a bespoke okay so now this key is the configuration key so the this this is asking about this Keys okay this case copy any keys but you have to use with the single one so we'll go with the sequence one copied and paste it here okay paste it here apply okay next port number two automatically resource and the password is the 4D Nate okay check the password once again 148 next next if you wanted to change you can change okay that's up to you next local interface port number port number which which port number is a local Enterprise port number one and port number two is a outgoing support number one okay support number one and the ipv is in okay local subnet we chosen already it will it will select automatically so it is created okay tunnel is up tunnel is up Okay so uh az1 interface okay that's fine now we go to this this interface which which branch after that we have another branch that branch is Australia right it's in the Australia static routes we need to do 103.1.1.1103.1.1.1 right so we'll use 103.1.1.1 port number two okay fine now what is the VPN wizard oven spoke he spoke okay so Australia to India the key again it is requiring for a we can use second key this time and we'll use this into this one line next 48 password will be 14 Nate okay next if you want to change you can change interface port number one only might be port number one only I'm using Okay support number one that's it okay next create then now this this interface which which brand England and Africa so England Gateway will be 104.1.1.1 right so our Gateway will be Network and static roots 104.1.1.1 code number two okay policy and object or not required by not viral right it will it will automatically create okay and Wizard and uh create new so which bra which which area we are in England right so we'll go to the England to India Eng to India okay now how many spoke it will be also he spoke and next where is the key key will be like this this is our third key so we can use here okay remember this key is very important you need to save it okay 14 8. password I'm using the 14 day next port number one next and created last one okay okay fine static routes Africa so 105.1.1.1 005.1.1. 05.1.1.1. static routines now we'll have to go for the VPN wizard so Africa Africa to India okay how many spoke so this will be also already spoke now go to the firewall one select the key okay copy this key apply here apply next here 148 okay next port number one next create okay then okay so we'll go to the India okay now go to that is dashboard and go to that admonitor and here ipsec so if you create this wizard okay then now go to the dashboard go to the ipsec monitor how many networks India India to which India to which only it is showing right one zero two one zero three one zero four one zero five how many how many more other other Branch we are having four branches right one two three and four branches we are having correct so it is one zero two one zero three one zero four and one zero five so one zero two one zero three and one zero four and one zero five with this it is created tunnel with all this okay now if you check the same thing in other Bo okay it will show their own self not it will not show by a branch okay it will not show other tunnels like three four tunnels it will not show here if you check in the dashboard in the eight head monitor ipsec head monitor typically don't save look here it is showing India only right here also it will show a dashboard and the ipsec but in h only you can you can get all the branches details but in BIOS you'll get the ho details only okay In Here Also if you check you'll get the India okay Park to India like this you'll get here also okay dashboard air monitor ipsec then add monitor okay here also go and check here baseboard and if you check this is in our England Branch okay so here you can find only England Branch details okay England to India so in this one we are having a another one so ipsec and this is done head monitor then now this is a dashboard go to the ipsec Monitor and learn save happy SEC monitor after this you'll have to yeah this is Africa to India now check the tunnels okay uh here in the VPN and create an IPC tunnel so inactive India to Ho is inactive dialogue connection something is getting wrong like that it is telling right now we'll have to send some packet from 192 our Gateway 192 168 101.102 101.1.1.1 101.1.1.1 admin admin here from here local okay let's suppose from India I'm able to reach or not okay admin admin so execute ping uh 192.168.102.1 so it is Raising right one zero two dot one from India and it is it will raise to 1 100 as well okay in the same way India two one and two one sixty eight one zero three dot one teaching 102.3.100 okay reaching 103 Dot 4.1 okay reaching 4.100 India is able to reach any everywhere okay so like 5.5.1 reaching and 5.100 it is reaching right from India from this firewall from ho firewall we are able to reach here here and everywhere okay so now uh try to Ping from Pakistan admin admin execute ping 192.168.101.100 it is reaching from here to here 101.100 right from Pakistan to here from firewall to it is aging now check from router from India to this one okay okay got it so in the same way also we can check the reachability from Pakistan firewall to execute ping 192.168.103.100 it is reaching right reaching okay so reachability is there okay so in the same way we can try to reach from R1 to our um R1 to this is our R1 right [Music] ping ping 192.168.102.100 means Pakistan okay wait a minute it will drop some brackets [Music] try to hit from the Pakistan local to India enable ping 192.168.101.100 reaching from Pakistan to India it is reaching because it means something wrong in the India India router enable so IP route if you hit 0.192168101.1 101.1 182 168.101 Zero by zero something wrong with this file router otherwise Pakistan is able to reach to here then Pakistan can reach to uh 103.103.100 okay 104.100 means every Branch can reach to each other okay one zero five dot one hundred so Branch to Branch connectivity is working right so I don't know why it is not working it should also work anyway ah Gateway is there config system configuration terminal IP route 0.0.0.0 and 0.0.0.0 192.168 168.101.1 okay in done uh interface ethernet 0 by 0 0 by 0 i p address 192.168.101.100 uh I think we missed something on that time of the configuration of okay Now set down in if you're missing then it will not come right being 192.168.102.100 so still we are not able to reach the Pakistan or any other Branch one zero three try two one zero three one zero three dot one hundred okay so something wrong that during the configuration of uh you know IP sectional okay let me check if it is possible then we'll try to resolve it or else India to h0 edit one zero four one zero three one zero two everything is there and Network Port one port two here we selected a port two okay and incoming interface we are not choosing any interface we are not choosing at that time right that time we are not choosing the interface okay so we can we miss something on this this during the configuration of this so you guys can edit the interface Port one at that time okay during the configuration you also need to choose support one data we missed they start fine so this is about about adbpn okay anything any question on this yeah all good sir right Mr Trump yes sir fine so I'm stopping the recording so before recording is stopping I so we done this one also okay today so restart the rest will do very soon by uh we'll start by the Monday for this real meaning okay uh most probably will I'll try to fix it I mean to completed this session by next week okay these are nothing more than this will be a one this will take one day HD when it will take one not one day up an hour okay let's begin with the HD one also after this recording okay let me close this stay tuned how's the session yeah
Info
Channel: FIREWALLCAFE
Views: 3,210
Rating: undefined out of 5
Keywords:
Id: UHhBgXnogzI
Channel Id: undefined
Length: 56min 10sec (3370 seconds)
Published: Sat Aug 19 2023
Related Videos
[Fortigate] Hub-and-spoke ADVPN using IPsec VPN wizard/Dynamically add spokes using autoconfig key
TechTalkSecurity
8K
How to troubleshoot issues with Fortigate Firewall?
Rakshit Vidyarthi
8.5K
FortiGate IPsec ADVPN with SDWAN and Dual ISPs
Verifine Academy
23K
HOW TO CONFIGURE ADVPN WITH FORTIGATE FIREWALL WITH MULTIPLE BRANCHES IN HINDI
FIREWALLCAFE
740
Configure Site-To-Site VPN on FortiGate Firewall | Step by Step
Net Config
151
FORTIGATE FIREWALL BASIC CONFIGURATION IN CLI & GUI
FIREWALLCAFE
1.2K
How to configure SD-WAN in FortiGate Firewall
IgoroTech Official
17K
Configuring ISP failover using SD WAN
Techy-World
3.2K
Fortigate Firewall Troubleshooting : Become Expert in 30 minutes.
Tekguru4u
113K
HOW TO CONFIGURE RIP | ROUTING INFORMATION PROTOCOLA | FORTIGATE FIREWALL || IN HINDI
FIREWALLCAFE
94
HOW TO CONFIGURE SDWAN IN FORTIGATE FIREWALL | IN HINDI
FIREWALLCAFE
1.2K
Mastering Site-to-Site IPSec Tunnel & SD-WAN Setup on Fortigate
Static Route
14K
Day_3 Fortigate Dashboard & Static Routing and policy
FIREWALLCAFE
148
High Availability (HA) Configuration on FortiGate - FGCP | Lab GNS3 - From Scratch!
KBTrainings
5.3K
Palo Alto BGP Simple Configuration
Firewall Life
6K
White Board Session - ADVPN Architecture Explanation
Fortinet Guru
11K
HOW TO CONFIGURE IPSEC VPN || FORTIGATE FIREWALL | IN ENGLISH.
FIREWALLCAFE
75
[Fortigate] Hub-and-Spoke VPN configuration
TechTalkSecurity
7.3K
NAT CONFIGURATION IN FORTIGATE FIREWALL || IN HINDI || FORTINET NETWORK ADDRESS TRANSLATION.
FIREWALLCAFE
127
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.