How to configure LAN, VLAN, DHCP & DNS on FortiGate Firewall (Part 3)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys this is the Igor attack today I will show you how to configure Lan VLAN DHCP and DNS on 40gate firewall in the previous videos I showed you how to set up the 40 gate firewall and also how to manage the administrator user accounts [Music] let's begin go to network interfaces here you can see all the device default interfaces configuration the name type members ipnet mask administrative access DHCP clients DHCP range in the reference at the top is fortelink aggregate and it's dedicated for fortiswitch however this can also be configured for different device or different roles administrative access is Ping and security fabric also by default you can see the DHCP range configuration next is the DMZ or demilitarized zone DMZ is used to separate untrusted devices from trusted devices it's commonly used for web servers email server or DNS servers next is the WAN 1 and Wan 2 which are for the WAN or internet-facing interface by default these Wan interfaces are set to DHCP we also have the tunnel interface we can hide interface options by click on the minus sign unhide or expand Again by click on the plus sign to view more options you can click on the table settings or right click on the blank area here you can view more options those checked ones are the ones we can currently view on the window you can tick what you want to show then click apply to save the changes now let's check the Lan interface name is internal type is VLAN switch members are Lan ports one to five you can see the default gateway which we use to access this device for the administrative access we are currently using the https also the DHCP ranges this are the default configurations let's now change the Lan IP address simply double-click on it to edit Alias is optional let's assume this network is for admin type is VLAN switch you can enter the VLAN ID or you can leave it to default we will get back to the VLAN configuration later on under interface members you can see all the interface members you can click the X side to remove it if you plan to configure it for different network or if you plan to configure it for Wan or Internet facing interface for 40 gate devices you can configure any port to be your Wan if you prefer to add interface you can choose and click to add from the entries window role should be land since this is for our internal or Lan Network for the addressing mode choose manual since we are going to manually assign the ipnet mask now enter your ipnet mask we can use the same subnet but we will change the gateway to 192.168.1.254. we will also use the current subnet which is Slash 24. for the Gateway if the subnet is slash 24 then you can use any IP address between 192.168.1.1 to 192.168.1.254. it will automatically create address object matching subnet and the name is internal for the administrative access we will enable https for GUI or web access HTTP is not recommended for security reason ping for troubleshooting purposes SSH for CLI management access we are going to enable those options for now next is the DHCP server tick on it to disable or enable you can modify the default address range based on your preference tick the plus sign to add more address range you can add more range if you prefer but make sure to exclude the Gateway IP from the DHCP address range for the netmask or subnet make sure it matches the subnet from the interface configuration for the default gateway if this device is not your Lan default gateway then you can tick specify and enter your preferred default gateway IP address however if you plan to set this as your gateway then choose same as interface IP which in our case is 192.168.1.254. now we go to the DNS server by default it's set to same as system DNS you have the option same as interface IP we also have the option to specify the IP address if you are hosting your own DNS then choose this option click plus sign to add the IP address then enter your internal DNS IP address if you don't have internal DNS then we will choose also this option but we will use the public DNS we can use Google public DNS as our primary DNS to add more DNS click on the plus sign we can add the cloudflare DNS as our secondary DNS or you can use different public DNS you can click on the plus sign again if you want to add more DNS well this depends on your preference the lease time indicates how long a device is allowed to use the IP address received from the DHCP pool by default it's set to 7 days which is too long if you have a bunch of DHCP clients and most especially if this is for guest Wi-Fi users you can go to Google and convert it to hours or days for this demo we will change it to 8 hours simply change to hour then enter the time you prefer now copy the time by seconds paste it on the fortigate at least time to explain this briefly all DHCP clients or devices will receive IP address from these pools and also receive these DNS servers and it will use it for 8 hours or 28 800 seconds as what we said if expires they will automatically receive a new IP address from this DHCP ranges again in short dhcpip address will automatically renew every eight hours based on what we said if you click on Advanced we have some other options like DHCP address reservation and IP and Mac binding you can check the other video tutorial which I added to this playlist next is the device detection this will detect and identify all devices connected to this interface this is very useful for troubleshooting and monitoring you can write any comments if you want and make sure the status is enabled click ok to apply the changes one admin session is currently connected on this interface this is because we change the default gateway to different IP once we click ok then we will be disconnected and needs to re-log in using the new Gateway IP address you can copy the Gateway IP now click ok to apply the changes we need to log in using the new default gateway IP address if you change to a different subnet then you should be able to access the Gateway as long as you obtain your network IP address automatically or DHCP it will automatically receive IP address since we enable the DHCP server on the 40 gate Lan interface or else you need to manually assign your IP address within the same subnet with your new ipnet mask log in again using your full access admin user we are now using the newly configured default IP address again go to network interfaces let's minimize these other interfaces notice the Alias admin as we configured the new default gateway administrative access which is Ping https and SSH and the two DHCP ranges we configured next is we will create a VLAN interface click on create new interface give it a name we will give a name of server for this demo Alias is optional type is VLAN expand the interface and choose where you want to link this VLAN interface in my case is the admin or internal now enter the VLAN ID role should be LAN addressing mode is manual since we are going to manually assign the ipnet mask enter the IP address you want to assign for this VLAN interface again it will automatically create address object matching subnet with name of server address for the administrative access we will enable https for GUI or web access ping for troubleshooting purposes SSH for CLI management access enable DHCP server you can modify the address range based on your preference again we have to exclude 192.168.100.254 because we used it as our Gateway we can set the DHCP range up to 253. tick the plus sign to add more DHCP range if you want for the DNS server choose specify and enter your internal DNS IP address or we can use the Google DNS as our primary tick the plus sign to add secondary DNS which we will use the cloudflare DNS well again this is all based on your preference for the DHCP lease time we can change or lower it again to 8 hours if you prefer to explain this briefly this is a VLAN interface named server which has a VLAN ID of 100. the DHCP clients or devices that will be connected to this interface will receive the IP address starting from 192.168.100.200 until 192.168.100.253 they will also receive the Google DNS as primary and cloudflare DNS as secondary they will hold the IP address for 8 hours or 28 800 seconds if expires it will receive a new IP address from the DHCP range again enable device detection for troubleshooting or monitoring purposes you can write a comment if you want and make sure the status is enabled click ok to apply the changes since we assign the VLAN 100 to this admin or internal interface then it should be under this interface click on the plus sign to view more interface assigned to this interface here you can see the VLAN 100 details the name the type interface members are the same as the admin or internal members or ports since we assigned to this interface The ipnet Mask configured the administrative access which is Ping https and SSH and also the DHCP range if you want to view more options like the VLAN ID you can click on the configure table at the top scroll down and look for VLAN ID tick on it click apply to save the changes now drag the bar to the right and you will see the VLAN ID column here you can see the VLAN ID which is 100. we can create one more VLAN we will do the same process so I will do it quickly we will give a name of guest type is VLAN we will assign it to the same interface with a server or VLAN 100 which is the internal or admin we will set VLAN 200 for this interface role should be LAN addressing mode is manual and enter the ipnet mask for the administrative access we will enable https ping and also SSH enable DHCP server enter your desired address range well since this VLAN is for guess then we can give a bigger range of course it depends on the requirements or your preference and again we will exclude 254 since we already used it for the default gateway we will use also Google DNS as our primary and cloudflare DNS as our secondary for the least time since this is for guests then I suggest we set it lower since guest usually comes and go or else your DHCP will be full especially if you have a lot of incoming and outgoing guests enable device detection for troubleshooting and monitoring purposes you can leave a comment if you prefer make sure the status is enabled then click ok to apply the changes click the plus sign again to view the vlans assigned to this interface we have now two vlans which is the server and the guest you can see the ipnet mask the DHCP ranges and also the VLAN ID which is 200 for guest and 100 for server in the next video I will show you how to configure the WAN interfaces well that's all for today's demonstration and I really hope you like this video if you are new to my channel please don't forget to like share subscribe and click on the notification Bell for more amazing tutorials thank you and see you in the next video

Info

Channel: IgoroTech Official

Views: 24,700

Rating: undefined out of 5

Keywords: how to configure vlan on fortigate firewall - youtube.com, how to configure vlan on fortigate firewall - google.com, dhcp, dns, vlan, vlan configuration, how to configure dhcp on fortigate firewall - youtube.com, how to configure dhcp on fortigate firewall - google.com, how to configure dns on fortigate firewall - youtube.com, how to configure dns on fortigate firewall - google.com, dhcp reservation, dhcp binding, ip binding, fortigate, fortigate firewall, fortinet firewall, vlan id

Id: AtiZv7osABI

Channel Id: undefined

Length: 14min 15sec (855 seconds)

Published: Mon Mar 20 2023