How to troubleshoot issues with Fortigate Firewall?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right guys good a very good evening to all of you and uh let's go ahead and start today's topic as we all know that we are going to uh work on or probably study understand concepts of basic troubleshooting okay because a lot of times the the one thing that a lot of Engineers and um you know everybody who basically works on the firewall struggles is with how to how to troubleshoot that's that's one second is that when you are troubleshooting what is The Logical approach okay how do you uh you know go across and understand to um you know how to troubleshoot the problem how to figure out the problem and what are the legitimate steps to take okay so that is what we are going to talk about today uh you know a logical approach towards a problem 48 for all its basic troubleshooting what are the you know different level of commands that you can use how do you can use it and whenever you are using a command what's the idea behind it okay what is the reason behind it right because that's what matters whenever you are troubleshooting that is what matters if you are executing a command you should know why and what would be the outcome what would be the result of it right so that's uh that's the whole idea of today's session okay this session is just to you know bring Awareness on the 40-gate firewall to bring awareness about how to work with the photographer okay so I'll go ahead and um quickly share my screen um give me one quick moment okay my hope you guys should be able to see my screen now okay you can quickly chat box are you able to see my screen and you are able to hear me up yes no in the chat box quickly good good good yes thank you all right so guys let's understand one thing I'll I have um you know make sure I have uh you know con you know concentrated um the whole idea of troubleshooting into a couple of steps okay so these are the five steps that you need to follow whenever you are working with a 48 power okay uh these are called step five steps and these uh five steps are as follows I'll give you you know one by one what is it and then explain each step in great details we'll Deep dive into it okay all right first thing routing table check is again see uh I'm going to give you a scenario and on that scenario we are going to take up the troubleshooting so uh let me let me just show you what is the scenario see this is the one that we are going to talk about today um let me change the view over here this feels better for me okay we'll Zoom this up okay so see this is the topology very basic topology okay but in this basic topology we are going to go so deep that um you know you will know each and every step each and every smaller steps micro steps that you will take okay so very simply there is one PC which is connected to uh for a gitfire on Port one then we have another Port which is Porto and then that's connected to a different PC okay we are going to take couple of steps to understand uh what are the troubleshooting steps to take what should be the result what should be the output everything okay now on the basis of this I have designed these five steps one is the routing table check okay so how to you know uh you know how to check the table what information you can derive from the routing table I mean that's the easiest thing that you can do is executing the command that's the easiest thing that you can do but what you derive derive out of it that's what made it matters right so routing table check that's one there's a command for it which is this one get router info routing table on we are going to you know take this up and understand what exactly this means second step is Services as in whatever the resources or whatever service that you're trying to access is it enabled and if it is enabled is your firewall you know allowing the traffic or not okay next three sniffer trees sniffer trays is very much similar to what you can call as a Wireshark packet capture okay and every firewall has a different way of saying it some says TCP dump some sniffer capture some says uh you know a wire Trace so again different terminologies but the concept Still Remains the Same you are taking a packet capture on the far one itself okay why do you need this again to understand you know is that is the traffic coming to the firewall one second is the traffic forwarding the firewall or not okay step four debug flow yeah that's very very important if anybody is working with the 40 gate firewall um the the major challenge which comes up with uh with this concept is that whenever you are executing the debug flow a lot of times we do not know that if we have to execute let's say Five Command or seven commands why are we using those five commands okay so that's what we're going to you know dig deep today to understand the number of commands to use and why we are using that commands and once we once these commands are executed what is the output okay and what can be derived out of that particular output okay step five session list so I think we all know this um firewall is called as a stateful firewall right so every stateful firewall has a session table so how to look into that session table and what information that you can get out of it all right so those are the five steps that we can we'll be working with this is a capture command time must have a packet we're going to dig deep into this as well so that's the five steps that we are going to work on today right okay so I've prepared this small document as in um we are going to you know go through all these five steps okay and why we are going through those steps and what is the information what information you can derive and all that stuff so I've I've tried to you know put all those whatever I can but uh let's let's go about this one by one so first thing we're going to Ping from pc1 to PC2 okay um let me power on my even G setup okay what IP do I have it's 43 57 okay got it again yep so see this is the setup that we have I'm going to power these three devices okay now the first thing is we are assumptions PC one and two can be either local 2.1 and photos that's that's uh that's how it is even if this is a remote subnet or it is routed via the routers I mean if there are multiple routers in between still the concept will still remain the same the information the uh the output that you will get on the firewall would still remain the same you will still be able to understand the packet flow okay so it it is not necessary that it has to be directly connected even if it is a remote subnet that's funny okay so now we have these up and running let me take their consoles PC one PC2 we have 485 come on okay right I'm using admin as the username password and just to you know show you what information do I have over here so the IP address that I have is 172 16 32.10 that's Gateway is 172 1632.1 now who is this guy this is my 48 firewall okay so if anybody who wants to you know just have a quick look into what IP addresses is configured on the interface there are two ways of checking that okay one is you can you write this you can take this as a note as well show okay now show what I'm trying to you know get some information in the firewall so what is what exactly it is show show what I need a system level information so show system okay and then interfaces okay so system level information but then in system there can be so many things config you know Global configuration VPN configuration policy configuration security profiles uh authentication users administrators so many things right so what am I able to what I want to see interfaces okay so if you execute this command just this show system interfaces it's going to work no problem at all it's going to show all the interfaces that you have or probably all the interfaces that the footage firewall has so whatever depending on what model maybe if it is a middle uh medium and firewall let's say it has 10 ports okay and let's say let's say you have 1200d for the get firewalls let's say it has 10 ports okay what will happen is going to show you all the 10 codes now let's say you being an administrator you're not really interested into you know looking all at all detail interfaces you are trying to figure out what's the interface IP address on on a specific interface number so for over here if you look closely my pc1 let me Zoom this up a little bit okay so my pc1 is connected to Port one of the photo get firewall right so what do I need to do is I just need to see what sport 1 IP address okay so let's see and send what exactly we have over here so I'll say Port one okay hit enter so once you enter okay it's going to show you whatever IP address is configured if it is a static IP address it is going to show you that particular configuration okay so now we know this is 32.1 great pc1 has the Gateway of 32. now do what do you think this would ping or not let's see okay 172 16 32.1 yes absolutely fine so at least we know um from the you know basic um if you look from a basic perspective that you are able to pin your Port one okay which is your gateway as well okay so we are just trying to verify the basic configurations which you have over here so if you execute this command you'll know this now why do you need this command see what happens is whenever you are troubleshooting okay A lot of times before you proceed into you know the deeper flows and uh sniffer captures and you figure out whether the problem is on the configuration or not first thing you need to figure out is that is the right interface configured or not right let's say for example the interfaces is configured is not even configured you're going on troubleshooting it's pointless right so that's that's what it is now we know that the device over here is is not just connected to Port one it is connected to Port 2 as well which is on the PC2 side right so let's let's see what do we have over here on the PC2 side okay or two enter what do we have it's 192 168 1.1 so let's let's see do we have an IP address on uh PC2 yes we do is 1.10 and the Gateway is one level so I think that's fine paying 192 168 one dot one thinkable great exactly the basic configuration is done okay fine so this command the show system interface command is basically showing me I mean if I just put show system interface let me show you this just this enter see it's going to show you all the differences okay Port one port two Port three four okay and then the root the L2 the SSL root 4D link all the other okay so you are able to see all the interfaces again if it is if you need absolutely fine if not if you want to just look into the specifics just mention that particular quote clear all of you okay now let's go one by one reading this out the document and we are going to you know take each step very slowly okay so first thing is that we need to Ping right so um I'm going to show you I'm I'm taking this as a working design okay see the problem is uh a lot of times if I show you what is not working it may create issues in your brain what I'm trying to show you over here is what is working how it is working once you know the working Behavior okay it is very easy to catch what is not working okay but if you know 10 scenarios of not working but you do not really know how exactly the thing works that's the problem so if you know once how the setup is how the design is and how the traffic flows through the network and through the firewall and how the setup is all about once you know this particular set even if it is not working in 10 different situations you'll know where to where to where to troubleshoot okay so again we are taking a working scenario so let's see am I able to Ping from 172 to Mr 192.168 okay let's try this I think 192 168 1 our 10. oh timing out okay all right so looks like we need to figure out something okay now let's look into the document and see what the problem is okay the first thing the first step okay even we look over here it says the first step is the routing table check absolutely correct so the first thing is that uh if I am on my client PC so let's say this is my client PC client PC or let's say your client comes up to you and he says hey you know what I'm trying to access this particular resource and for some reasons this is not working can you fix this for me okay now this is the only situation or sorry this is the only information that you have how would you fix this now in this kind of situations which is mostly 70 80 percent of the situations um client mostly in most of the cases does not know technically what's the problem what he knows is this guy this thing is not working for me fix this right that's that's most of the same cases so if that's the case from where exactly you like to travel troubleshoot right because there can be so many situations so many scenarios right so where to fix how to fix and where to start right so that is what we need to understand over here okay so first thing is that if the client is saying that he is not able to paint or he is not able to access anything he's not able to access particular research okay so if that's the case then what is it when it says it's not able to access so you can do a cross questioning cross questioning as in okay sir um so when you say that this is not working what exactly are you trying to access and how are you accessing it okay so if he says you know you know I'm I'm trying to Ping this guy because I have an application and that application requires uh ping service or ping features but then I'm not able to access this I'm not able to Ping this okay fine can you give me a machine to test do we have a do we have a system to test this okay you can write this down guys this is this is basically the how to approach a problem okay so what you can say to the customer is that how would you you know how would you go ahead and you know can you provide me um a system that I can use to test this out because we need to figure out where the problem is right so in most of the cases 90 client agrees to it until you have that you know spec you know unique special clients with who doesn't who do not really want to support on anything okay coming back so see let's say for example he's not able to pay so what what do we do we we do a ping and we say yeah that's it's right no it's it's a timeout okay all right so think from the firewall perspective okay when the traffic reaches the firewall what is the first thing the first thing the firewall should do or let's just say let's just ignore the uh the firewall let's say there is a router the first thing what does the router do as soon as it is it receives a traffic or a packet on the interface right we all know it's going to check for the route right so over here what happens is that the first thing every device checks is the route do I have the route to whatever the destination is okay so now we know over here the destination is 192 168 1.10 right so do I have a route for this how would this how would I check this I'm going to forget forward see the easiest thing is to work with the GUI okay we are going to do this from the CLI as well as from the UI so it will be a mix okay I'm going to show you this is configurations from the CLI as well as on the GUI so you'll know both ways okay so we log in admin now it says um I need to check the routes routing table verification so how do you do this get your info routing table all that's the whole command yeah now let's understand what exactly this command means okay uh please can you share the images um Alan let's do one thing uh guys for all of you I have a I think in the in the group right I've shared a Google form link use that link to you know put all your questions whatever you have right now okay so I'm not going to look into the chat window for now we are going to cover this up and I'll take a break from maybe in the next 30 minutes or so and in that break I'm going to answer all the questions that you guys have okay so use that Google form link ask whatever questions that you want no problems at all and there's no limitations on the question as well ask as many as you want okay coming back let's let's see so get router info without any table all okay for me what is the first thing that it says get now we all know just by the word get is that we are trying to get something we are trying to pull some information right we are trying to fetch some information so get okay what the next says router info okay get a router okay it's a router as in we all know that router is a lay 3 device right so firewall starts from lay 3 and goes till seven right fortigate viral also does the same thing so when you say get a router meaning from in the firewall itself you are just focusing on the router level Services the router the router level features okay now the next is info okay of course make sense I'm looking for information from the router's perspective so get a router info routing table okay now I'm saying I need the information of the router but what part of the router the routing table okay I mean I mean there are so many other things as well I can look into the ACLS Access Control list but no I'm looking into the routing table okay get Revenue info routing table do you know there's a there's a there's one thing which I really like about the footage is that if you put a question mark over here okay it's going to list out every possible you know permutation or combination that you can use after routing table so you have details on rip ospf bgp ISS static connected database right now depending on what situation you are in okay you would be able to you know figure out or use the other commands that we have okay now what we are going to use right now is details this is like a summary of all the comma all the routes that you have okay okay so we we can see that we have three 0.0.0.0 via 192 1643 239 then we have uh 172 1632.024 which is directly connected Port one makes sense then we have 192 168 1.0 directly connected Port two okay makes sense then we have 19168 43.0 which is strategically connected to Port three okay alrighty so we know that this s do you see this do you know what this is this is a default route okay so now just you know give it a minute just give it a minute and see what exactly are you able to are you able to understand what this is and uh do we do we have a problem over here or is it okay okay put it in the chat box do you think there is a problem or this is fine what do you think one minute only see it says F in a star right so star is default okay and the S stands for static okay okay so I can say it's very simplified uh rather says there's a problem and uh Sherman also says it looks good okay uh Raju when you say problem can you define what problem could it be okay I hope you guys know what exactly this command means now right get routine take it all okay anybody who's preparing for the nec4 certification this is very important okay all righty next step two verify if the services are open on the port not if accessing the 40K itself okay now again this is a bracket as in if you are trying to I mean remember when I was trying to Ping from pc1 the Gateway that it was springing yeah so I was just pinging the port so that's fine but over here I'm trying to print a different IP address altogether now it says uh the the steps to say verified the services are opened okay so now let's just ignore the port part let's just say we're we're just focusing on this one verify if the services are opened okay so if you are stuck in a situation where you know you are trying to access a resource or the client is trying to access the resource and that guy is not able to access it okay how would you check that the resource that this guy is trying to access is it um you know is it is it available is it on or is it accessible or not so the first thing is see over here if you just look into the the routing part it says this is directly connected right anybody sees a problem over here no okay good now when it says the services is the services enabled or not so we know the service is enabled do you know why see if I if I do this if you go into PC2 right and I was able to Ping 1.1 right if I'm able to Ping 1.1 from the PC do you think the services is enabled or is it not enabled what do you think if I come into the 40 gate forward it's look good it's looks stable absolutely okay if you want to Ping from the 40 gate firewall itself right because as of now as an administrator I am trying to figure out that whatever the client PC okay the client machine you know the client is basically coming up and saying hey I'm not able to access that okay fine I have a 48 firewall in between let me ping that particular resource and see if I am able to reach that guy or not does it make sense to you that if you if the firewall itself is not able to Ping the destination then how would that particular Guy The Source would be able to you know bring the Ping the destination does it make sense yes so what we're going to do is we are going to say execute okay now this is again it's a command where execute means I'm trying to execute a particular tool or a feature on the firewall itself now what what is that tool it's a tool okay so execute ping and then the destination IP address so I have 192.168 1.1 all right now who is this one dot month that's me my port IP address what I need to use this is 10. thinkable is it clear Services is enabled I'm access accessible the service is there and there's no problem at all from the firewall perspective if you look from from the firewall okay um let me see do I have yeah so over here if you see this um is it working thank you come on some problem anyways so um okay so over here we know that PC2 okay it's reachable from the 48 firewall so there is no problem with the services okay but let's see what the problem is okay verify if the services are open or not yes we did verify this okay now if you are accessing the port then this is how you do this okay 2.2 if the interface is accessed via another port on the 40 gate a firewall policy must exist yes if we um if the traffic is going through the 40 gate firewall then we we do need a firewall policy right how do we check that again very simple from the GUI let me show you from the CLI first so what do I need to check I need I I need to I want the 40gate firewall to show me the firewall policy right so what I'm going to execute I'll say show okay I want to I want to show something what exactly it is I want you to show me the firewall elements okay features of the firewall what what specific feature are you talking about I'm talking about policy oh okay all right so show firewall policy in itself is a complete Command if if anybody wants to take this as a note please do show final policy in itself is a complete Command okay now remember when we were using the show system interface Command right somewhere over here yeah did you see this show system interface and then I said Port two or I said put one what does it mean specifics right I'm looking for just Port one information or just port to information the same analogy you can apply on the fiber policy as well so if you have let's say 10 policies 15 policy is 20 200 500 policies if you are if if you want to look into a specific firewall policy you can use that okay policy number or if we do not know then you can just go over the show firewall policy and it will basically list out all the firewall policies that you have so I'll show you what exactly it is so if I just hit enter okay I did create just one so that's why it's showing one but then if you have one five ten twenty or hundred it will show all of them okay so we have this as the number as is the policy number then we have this is a unique ID this is the source interface okay so let me just shoot you this in the uh GUI as well because that will make much a little easier for you to comprehend so Port IPS for three okay guys I'll show you one quick command as well get system interface we we executed show system interface now I I'll show you quickly this okay if you are able to understand great if not just let me know in the chat window okay show system interface for three what does it do very specific right Port three only enter do you see this it's going to show me that it's uh you know it's the more is DHCP uh this is a virtual domain as in vdom root as in because this is the only firewall app we have physical as in sorry it's a VM firewall uh it does not have any virtual firewalls uh working on it as of now so that's why it's root which is the default the mode is DHCP it has HTTP paying http.net FGM a lot of things okay and it's a physical interface and all that stuff where does it show me the IP address where is that I it doesn't make sense see if I do Port one enter there you go I have an IP address why the hell it's not showing me that IP address do you know why because of this guy okay there are two reasons one is because of the DHCP okay second is you are executing something which is called as show okay show is a command which will tell you just the configuration as in what is configured okay get on the other hand will show you the output show will tell you two plus two get will tell you four doesn't it make sense to you get system interface okay well I'll just send the questions spin this up you guys are able to follow me get system interface you see this port one mode is static and this is the IP Port two more static this is the IP Port three mode is DHCP and this same thing is it clear all of you yes no chat box so whenever in in your environment if you're 40 gate firewall is having an interface which is on DHCP your show command will not work you have to use get okay get is the output show is the configuration okay good so what what is the IP address do we have Port 3 is 192.168 43.95 okay all right let's see do we have 43.95 somewhere so I'll just use this 95 enter and there you go so admin admin question so let's come so this is the dashboard again we can go into the other specifics uh after maybe on a different class but we need the policy right we need to look into the policy look over here policy and objects so this is where you go you click on this you click on the final policy and there you see that whether you have the policy over here or not or we do have a policy okay let me click on edit right it does not have a name on it I'll give it a name because it's an online policy right so let's just say it's an internet policy okay now incoming interface Port one is this correct or not what do you think incoming Port one because I'm pinging from PC one to PC2 so if if if we look from the pc1 perspective Port one for 48 Port one is the Ingress right make sense right incoming Port one outgoing or two absolutely correct because Port 2 is being used uh to connect to PC2 source as of Nom Nom I'm not even saying to restrict the foreign itself is not restricting any client to come from a specific IP address as of now I'm just saying all if whatever IP addresses you can come that's that's not a problem destination as well whatever IP address that you're trying to go to that's fine okay you you can come over here and you know create an interest object and I can say only allow 170 to 16 Network or only allow 192 168 that's why I can do that as well but as of now we're just keeping it simple all Service as in uh what service is allowed so if I just say HTTP and https do you know what will happen even then if I try to Ping it will not work okay but if I do this All That means every protocol not just HTTP or https TCP UDP FTP whatever you protocol that you can think of this is allowed look over here these are all pre-configured it is not that I have configured this this comes pre-configured on the 48 firework okay do you see this in the other negation you have purpose and that right in the remote access you have rpcs PC anywhere RDP Association and these are all pre-configured right so what am I doing I'm pinging right ping uses icmp and it's over here but if I'm using all that basically means it includes icmp as well yeah so service is that action is that you're either allowing the traffic or you're delaying the traffic right so I'm saying accept as well now let's leave this inspection it's a different topic altogether and uh let's just leave these as well uh do I need that no not really right do I need security profiles um no not really because I'm just trying to access an IP address right I do not need any scanning on it okay so as of now no we don't really require it's not mandatory right next login logging is just to you know tell you that the traffic is being logged on the vertical firewall itself or you might have a syslog server you might have a 40 analyzer or you might have a different um you know device that you can use to you know save all your logs so if that's the case you can do that as well security events is if you have these enabled these antivirus are filtered and all that stuff then security events will generate logs if you say all sessions then it does not matter if your security profiles is enabled or not enabled it will still generated okay where is the problem I do not see any problem over here does anybody see any problem chat box what do you think is there a problem in the final policy can anybody think about a problem maybe in the cloud on the policy no how about all the other people it's an honorable policy what do you think do we have do we have a problem yes or no quickly chat box do we have a problem return traffic okay Bryden says we need to add a policy uh okay so guys again as I said 40gate firewall is a what kind of a policy what kind of a firewall stateful firewall okay what does stateful means stateful means that if the traffic is going out from the inside to the outside and if the traffic for that is coming in then you do not need a reverse policy if it is a stateless firewall then you do need a reverse policy for example a router Router is a stateless device right it does not know about the stateful table that's why you need a policy from inside to outside and then you need a policy from outside to inside for example Esa it's also a stateless so you need two policies single same traffic but you need to process for it okay so unfortunately that's not the right answer but let's let's just figure out what the problem is okay so it says policy it's it's all done third sniffer Trace okay so we are we are yet to figure out what the problem is okay so it's a sniffer Trace now sniffer meaning that you are trying to figure out that whether the traffic is coming on the 40K fire or not okay tell me one thing very simply enough if I ping 192 16. it's timing out we we just saw that right but um if I do the 170 to 1632.1 what's this IP this is my Gateway I can ping this does these two pin commands tell me that once I'm whenever I'm doing this is it going to the 40 gate firewall or not can you confirm this just by these pink months to be honest no do you know why because you are pinging two different IP addresses okay this does not verify that the traffic is actually coming to your firewall but how would you confirm this then if if this is not confirming one way is to use a treasure comment right do you know all of you do you not trace it yes the next way of uh understanding that whether you are receiving the traffic or not is by a sniffer capture okay so let's just quickly check what was the command for it sniffer um yeah so this is the command for it okay so we know it's diagnosed if a packet any host pc1 PC2 and 4 0 L okay what does what the hell does this mean right so let's let's see this let's go over here or moreover okay so let me log in guys are you able to follow me are you able to understand what we are doing right now can you put this in the chat window please yes no are you guys able to follow me till now am I going too slow yes good okay so now we are trying to figure out is that if the client is saying and if he is getting hyperventilated or whatever it is if he is saying that he is not able to access the resource whatever resource it is you need to figure out the first thing is that whether the traffic is hitting the firewall or not because there can be chances that your configuration is absolutely correct but the traffic is not even coming to your footing It Forward okay so the first thing is always make sure whenever you are troubleshooting you need to make sure that the traffic is coming to your phone okay then you can figure out whether the problem is on the firewall or not if the traffic is not even coming to the firewall just stop everything and just make sure you check with the network team and just make sure you ask them hey you know what uh you need to forward this traffic to the firework itself once we receive this traffic then we'll see what needs to be done one you know what what what needs to be done then okay now let's see what the packet sniffer does for us so now we are what we are doing we are we are debugging something we are trying to fetch some information from the 40K firearm right so how do you use this you say diagnose I am diagnosing some um you know information we have so sniffer is the syntax as in for the packet capture and then diagnose sniffer packet okay because if there are so many things that you can sniffer but we as of now need packet information and uh where do we find packet what do you think logically where do you find packets interfaces right doesn't matter if it is on the Ingress interface or it on the egress interface does not matter but where exactly you receive the packet interfaces so I'll say interface over here package so if you do a question mark over here so it says interface and as in either you mention interface as import one or two or three or four whatever it is whatever Port you want or you say any I prefer I personally prefer any you know you know why because from the last 12 years of experience what I've understood is that whenever you are you know filtering packets okay it is always better to understand the two-way communication do we all agree to this when we ping it's a ping request and a ping response right so ping request and ping response it's a two-way communication so if I just say you know just the request I simply request then it will just show me half information half information is wrong information remember that's the truth half information is always wrong information so I need both ways I need to look into the both sides of the coin okay so that's why always go with any that's my own personal session that's how my mind works okay I need to see the whole information so any diagnose what sniffer okay what I need to sniff packet okay what interface do I need to significance it's any it doesn't matter what interface it is okay what is next again question mark you see this notice um to is it UDP or is it port or it is it I mean what do I need to filter over here there can be so many things what do you do now you you say inverted comma okay so this is the place where I am filtering the traffic okay because any itself means I mean there can be millions of packets coming in and out from the foreign can you look into million packets no absolutely not so what do you do you filter out and be very very specific as to what exactly that you want to use or what exactly you want to check okay so I use inverted comma that is where the filtering starts okay and now it's like um I need to I need to check what we are doing pinging right so ping is icmp so let's use icmp okay and I mean I can go into using multiple PCS host and all that stuff but let's just keep this simple okay just icmp if it is icmp show me okay now again question mark do you see this it says or verbosity level meaning as in how much detailed information do I need on the packet level okay so um how do we extending uh Raju will take this after some time okay put this in the Google form I'll I'll answer that once we are completing this okay so diagnosis of a packet icmp and then it says your opacity level as in how much detail do I want how much detailed packet do I want see to be very honest um one just gives IP which is um useful but if you can get a little bit more information then it becomes very much useful so two is again the header as in the IP IP whatever IPA is and then whatever Mac information I do not really need that information to be honest what I need is over here print header of the packets header means the source type in the destination IP with the interface name now see this is very important I should know from which interface the traffic is coming in and to which interface the traffic is going out does it make sense all of you so you are going to use this now again you can go with the fifth and the sixth as well but this is mostly used when you are working with the tack environments somebody from the tank is coming in maybe it's a very intense um issue that you're trying to figure out and they need everything for the packet okay that's where you go with the velocity level six otherwise if you are using your own troubleshooting analogies four is more than sufficient you won't use more than that until this you need you're working with attack and they need something okay anyways coming back so I'll say four now I'll again do a question mark and I'll show you something okay see what they say it says count sniffer count okay meaning I am going to sniff that package I mean the photo gate is saying I'm going to snip the packets but how many packets do I do you want me to sniff one five ten hundred thousand how much so if you say zero this basically means uh you keep on sniffing I'll I'll tell you when to stop that's zero for you if you say uh 10 then it means that hey you know what as you count till 10 and as soon as there's 10 packets just stop okay so that's what you're saying so 10 or if it is 100 same energy okay if you say 0 then basically you keep on running and I'll tell you when to start okay so uh let's let's just say um let's just hit four oh you know what let's just not make this confusing I'll say five seconds okay five packets again space and I'll do a question mark let's see what does it say now okay so it's the same what what the timestamp would be I mean what uh you know on what time zone you want me to show you the time okay because it's going to slip the captures and it's going to you know present you the time as well what format do you want back so again you have a UTC time and then you have a local time so always go with the local type of course because it's looking much more sense to you otherwise it will be you have to convert the time zone so what's what's the what's the point okay so use l now is it clear is this clear is the command clear because once I execute this there will be so many new information coming in is the command clear to all of you yes or no chat box is the command created to all of you type in the chat box yes or no good I'll hit enter this okay now see what I'm saying using original sniffing mode interfaces is any and filter is icmb very much simple straightforward right okay good do we see anything no of course not because there's no ping which right now happening okay already so I call this moment of truth let's spring and see what happens oh sorry it's 32.1 uh uh ignore ignore ignore please ignore please ignore so 92 107.10 okay and timing out there you go I'm executing five packets remember this okay one two three four five is it clear all of you five packets okay so I click I know for the gate knows how to count okay all right so now let's understand what this means this is the time that's okay okay that's uh not something that you need to really need to look for until as you're doing some performance issues that then you need to look into the time as well okay maybe a story for a different time okay coming back Port one traffic is in so Ingress okay I'm receiving traffic and when I'm receiving the traffic um hold on let me let me just try once more if I can get this guy to work from you please work please work yay works okay all right so let's let's just figure this out Port one okay in is egress 170 to 16 32.10 who is this guy this is my Source IP what does this Dash means this Arrow basically means I am going towards this IP 192161.10 who is this there for me destination correct what is this then protocol what is this guy type of the protocol as in it's an equal request yeah okay now again the second package it's also the same the third the fourth and the fifth all of them are exactly the same now I'll give you just just quickly compare this over here traffic is coming with 32.10 Source IP same right but over here the realization is 32.1 that's my four gate interface but do you know one thing just look closely should I zoom this up foreign look over here Eco request equal reply equal request equal reply okay so somebody is giving a reply right so basically this guy 32.1 is giving their plan so see over here Port one out and 32.1 but do you see any kind of reply over here no no reply oh then what's the problem do you know what this basically means if you have a packet capture which says diagnose different packet any okay and any after any you you have icmp and then you you're you're just seeing one can I say this is one way traffic can I see this yeah it is one way right I do not see anything else even even after even after you know hold on let me show you this even after having any over here which means it could be any portal still I can see only one-way traffic something is fishy something is not working the way it is supposed to we are still not close to what the problem is yeah can you see the Dilemma such a small problem such a small topology three devices still you're not able to figure out what the problem is okay point over here my dear friends if it is one-way traffic and this is any if it was 4.2 different scenario but look over here it is any meaning it would be any interface still this is one way traffic do you know what this means this means 40 gate is okay now over here there are only two situations this is how you derive conclusions from the packet capture okay if you this is any and you see one-way traffic this basically means the 40K is dropping the packets and there can be only two situations what is the situation one situation one no routes okay situation two um no slash yes thank you good policy now tell me one thing we did check the routes and we did check the policy then when the where the problem is okay now I'm going to tell you the problem okay I'm going to tell you where the problem was okay that's one and then we are going to execute the uh you know the debug flow debug flow is very very detailed and for you to understand how the paper flow is I have to first of all fix the problem okay then you'll know what exactly the problem sorry the how does the debug flow Works how's the fortigate firewall Works internally okay so coming back um if not is the package differ clear to all of you type in yes or no in the chat box is the packet sniffer clear to all of you this thing yes 100 good okay I didn't name this what happened okay please let me put this again internet access okay all right guys a little small challenge for you I'll give you 30 seconds okay and just go through the policy foreign if somebody can point it out great if not I'll let you know anyway quickly randomly check what's what's happening what options what is it yay policy is disabled maybe a fresher has done this I apologize I am the fresher so okay enable the policy absolutely just configuring the policy does not make it work you have to enable the policy no no do you do you see this um one thing I have to do so now over here this is enabled okay exactly enable this all apply okay problem was this only the policy was not enabled okay no no no no no the parent policy can't be for internet access the van Port is not selected as our main device okay no but then see I'm accessing uh I'm trying to access PC2 which is on Port 2. so if I if you look from that perspective the policy is actually correct yeah Port one to Port two because I need to access 190 168 and that's on Port 2. so for policy is correct from that perspective if probably I have to access 1.1.1.1 which is a Google DNS then probably I have to use port3 but not in this case right okay so yeah so policy was disabled now do you is it clear when I when you look into this okay when you look into this and you just see one-way traffic there are only two situations either the policy is misconfigured or there is no route now we did saw the rubs didn't we what was the command can anybody tell me get doctor info routing table details okay there you go I do have an interview Associated right of course not the problem the problem was the firearm policy now let me show you one thing more um I'm I I'm not sure if it has or not um yeah they're good there you go there you go config fiber policy there you go now I'm not sure if some did somebody noticed this or not do you see this foreign so whenever you are working on the predicate firewall if you are able to see the information and it is just one-sided traffic quickly check the final policy and just see whether it is disabled or whether it is misconfigured or not okay that will quickly let you know what the problem would be okay now let's say for example okay we did everything everything that you can think of still you know you're not able to do it you're not able to fix up the problem okay then what to do now see as of now I have enabled the policy now ideally it should work no it will work actually let me show you this it will work 100 percent now once this is working I'm going to show you how the debug flow works once you understand the debug flow in a working condition then I'll again do some you know misconfigurations on the policy and then again execute the debug flow and then you'll see when if it is not working what kind of output comes up okay uh rename it because it's confusing yes I do agree that it's not internet access uh let's just say this is uh PC2 axis yeah is this clear I hope this is not confusing now okay thanks Ryan for this I to mention PC2 okay good um yeah so let's let's just ping this and let's see if it works there you go it started to work good now see this is zero I'll refresh and then you'll see something over here do you see this byte section the the extreme right column bytes then refresh this and click on file once again and this time there you go you see this 840 bytes good uh we know the policy is working for us great now yeah no okay alrighty so now let's do one thing now uh let's go back to the uh the document over here see the whole point is the the reason I uh you know went through the whole concept of all these uh things very slowly was because the debug cloud is very complicated and I'm I'll try to make it simpler for you but it's it's quite complicated it stopped me anywhere you feel like you're not able to understand okay all right so we have we are done till now okay there are uh three steps done this next is debug flow okay traffic should come and leave the 48 if not proceed with the deeper flow so basically in a way it's saying that um let's let's say for example the uh you know that what the 40gate firewall is doing when the traffic is coming in the firewall you want to check that okay there is some problem you are not able to figure out where the problem is so you are taking help of table flow so if that's the case then um you want to understand that what does the 40 gate firewall is doing as soon as the traffic is coming to the 4K firewall that's where you need people okay so if anybody asks you in an interview what is deeper Pro this is what you did maybe a lot of time the customer even asking can they they can ask you although that it's less but there are chances they may ask you okay because if you are troubleshooting some scenario and they're just casually sitting beside you they might ask you hey you know what what does this they do they can also they can also test you does it does it really know what he's doing is just you know randomly trying something okay so debug hero is when you want to understand what the photogate firewall is doing how the traffic is getting processed in the fertigate firewall behind the curtains that's what debuffer flow does for you what route is matching what policy is matching what uh Nat is being implemented uh is a traffic getting denied is the traffic getting forwarded is it traffic getting um allowed what what it is everything every process it will tell you so that's what debug flow does for you so if anybody asks this is what you tell okay moving on so you have one two three four five six months okay now we know um you know we'll go to we are going to you know take one by one and we'll see what every command does see um as per my own experience I'll probably say this command dying debug enable should be used at the last so you see the dynamic enabled and ID oh this is long hold on holder sorry I'll remove this okay the first thing is um you'll see this die debug flow filter see the flow filter basically means that um again just the same analogy which I used in the capture okay if you are using the filter right yeah so in in this section you have the any and then I'm putting a filter of icmp why because I just want to see icmp that's it nothing else okay so I'm filtering right same analogy is over here as well that when you are trying to understand what is happening on the 48 firewall then you have to filter for some specific traffic right because if you're not specifying the filter then it will basically show you you know just you know throw you everything the predicated spirals to that will be a problem for the forget firewall itself because it will consume a lot of CPU and memory Plus for you as well because it will give you so much information that you will not be able to understand what to do with that information okay so that's why you need a filter for it okay shouldn't we start with the diet debug uh reset uh see direct debug reset is also um it's it's like when you so for example if you have if you are you know continuously debugging some information and there there have been so many filters that you have already used okay then you basically use the dial debug reset where it will reset any above any pre I mean any con any command or any debugging that has been used previously okay but if you if you are using the first time then you do not really need this but yes as a practice I will probably say that's that's a good practice to go for so direct debug reset is an address over here hold on thank your king So tag teamwork research you know at times so many things come you know comes to my mind and I'm like you know I'll have to put this I have to put this I have to put all these things I kind of you know forget a little bit small details so thank you for that okay so direct debugger they said again this command um in a way is saying that you should always reset if there was any command any debugging which was used previously before come let's say for example you have multiple shifts right so you as an administer test coming onto a different chip there was a guy who was working before before you so he was using some debugging commands as well so um you want to make sure that your output should not be um you know mixed up with some filters which was used previously so what you do to say debug reset as in if there is any debugging commands which was used previously it's going to reset that okay next flow filter as in so you're going to see the flow of the traffic okay and when since you will be going to see the flow of the traffic you are filtering the flow for a very specific IP or maybe destination IP or your Source IP it could be protocol there can be so many things so let's let's come over here in admin okay so now so the the first amount is that debug flow filter diagnose debug flow filter okay and then if you put a question mark you see this it says um here BT we rename Proto add or adadr basically IP address saddr as in I call this saddle saddle Source type address dagger which is the here DVR this is destination IP address then you have the port then sport as in Source Port then B Port as the destination Port negate as in anything apart from this so there are so many filters that you can use okay now what we are going to do here I'm also going to use a printer right so over here what we are going to do is either you can go with a particular protocol you can use a IP address and whatever the case will be so I am going to use adbr okay now depending on the situation you can use either add or okay or saddr or data but uh what I would probably suggest you as per my own experience is that it s a d d r and dadr okay this will only show you again as with the same analogy of the packet capture that you if you go with the source or if you go with the destination it will just show you one-sided traffic okay because just that destination it will show you just that traffic so again it's it's one-sided traffic so addr will show you the both ways so that's why that's my own concept my own logic that I use adbr okay but it's not that you have to always go for that you can go with the sabr and dobr you can use this you can create your own lab and you can test this out see what what kind of output comes up okay all right so we'll use this flow filter ADR and again I'll do a question mark let's see what do we get host type it's telling me telling you to go ahead and you know put in an IP address over here so I'll say okay it's a 172 16 32.10 that's my source ID right so I'm saying EDD as in it could be in the source or it could be in the destination it doesn't matter to me if it is this IP address do let me know okay like deeper flow filter done next we'll copy yourself done deeper console time stamp enable again very much similar to the sniffer command it is just telling you that what time stamp the traffic will be coming in so I'll say paste okay next tag debug flow show iprop iprop is your route as in um you know if there is any routing interfaces any routing um information which is available for that traffic it is going to show you that so I yes absolutely I want to see that so I'll place this up okay is it clear all of you I prompt I propose your routing dig deeper float Trace start 100 okay so flow test run 100 basically means do you remember in the sniffer capture we used to go with this capture this is five I said it could be zero it could be ten it could be 500 it would be 50 right same analogy applies to over here as well if I say oh sorry okay fixed so direct debug flow Trace start 100 meaning that it is going to show you 100 lines flow the flow the packet flow from the packet flow I'm tracing for the 100 100 lines the first hundred lines okay to be honest 100 lines is more than sufficient but then since your live troubleshooting probably 200 or 500 is is okay but let me tell you once you are you know you know once you are attuned to to the debug flow 100 for you it will be enough maybe for starting thousand lines and fifteen under two thousand nines uh you know people normally starts with that but then slowly and gradually you'll you'll filter this to a smaller number so 100 is fine with with what we are doing right now meaning now start the debugging okay so this debugging enable basically means that you are debugging with these particular commands that you have used it's going to filter the traffic on the basis of that now before I execute this is it clear to all of you type in the chat box yes or no is it clear to all of you the debug flow the commands which I use for the deeper Pro and the logic behind using that particular command good so I'll say enable um debug syntax and then yeah it's it's similar for all the services so again if you want to use the again you can you can use these are the syntaxes right kddr ddidr sport service Depot you can try this in you know uh check what kind of information that you get thank you and then so the debugging is done okay the commands is in place now as soon as I start a ping over here you'll see a lot of information okay let me show you so yep 1.10 so see right now nothing right so hit enter okay now I'm canceling this out because just this one single packet let's see so much of an information yeah now we're going to take this very very slowly every line and uh what does every line means okay stop me when you feel like if you're not able to understand now what I've done is actually I've highlighted the ones which you have to look for I mean because there's so much of information not every information would be reliable or not every information will be making sense to you but there are certain which you as an administrator should be looking at okay first thing is that if you look into the first packet okay it says received a packet okay good makes sense protocol equals to one what is protocol equals to one I see okay this is the source IP do you know what this thing is Port thousand Source Port then we have 192.61.10 okay then Port one the type is eight again this is icmp type the code is zero again it's a nice empty Port ID is this this is the session table ID okay now this is nec7 certification training but then um uh just try to see that what this basically means to all of you okay see this is enough the received a packet what is the protocol what is the source what is the definition this is more than sufficient for now next sequence one means this is the first packet look over here init IP session common okay so this basically means that look over here allocate a new session okay that basically means that traffic is allocated to a new session table entry okay so it is going to be inside your session table okay so that's why it says it's a new session no existing session it's a new session okay now next look over here I prop dnat Check Line message import Port 1 hope is not identified see this basically means the traffic is get coming from Port one right do you see this this port one this is what one so it knows that traffic is getting received on Port one but as of now the 40 gate firewall has not figured out what would be the next spot for it okay as in what is the next uh outgoing port for the traffic okay it's not yet figured that out okay look over here into this one IP route input common okay look into this place Flags Gateway 192 and 62.10 Via port 2. you know what what has happened it figured out that okay I am trying to access uh 1.10 and this window 10 is a ritual vehicle is it clear all of you okay so eyebrow forward check message in Port one out or two okay do you know what the footage file is doing have you heard about this terminology route lookup that's what the foreign okay clear yes or no chat box keep telling me so I know okay it should not be like I'm just keep on containing you know without you guys understanding what takes place okay okay now next is I prop check one policy if you want to take this as a note because this is important these one okay as soon as you try to you know look for these words right you'll you'll figure out some you know relatable content which will make sense otherwise there could be so many things because see as of now I just use one ping and then it generated so much information when you are troubleshooting in your environment there can be thousands of information that will come in the deeper flow so if you are looking into this specifics it will be easy for you it will be quicker for you to be honest okay so I prop check one policy look over here policy one return matched action is accepted okay it's possible matched look over here I prop check one policy again policy one is matched action is Success okay it is just very fine it's just verifying that the traffic is matching both ways incoming as well as I'm going okay good so we have verified that information as well let's look over here I Pro forward check I prop captive portal is captive portal equals zero do you know what the captive portal is you know what happens is whenever you're trying to access an internet or any website it will through your username and password page that is captive motive so zero basically means there is no Capital photo okay so that's fine do you know why why am I telling you this any candidate for going for a receiver all right so forward forward Handler look over here this is like 100 confirmed information so uh till here it was you know still verifying is the traffic matching the policy is the return traffic matching the policy is is it uh you know confirmed with all the ports and everything then it says 100 yes Allowed by policy one some distance from the ceiling okay so now we know uh the route lookup has happened okay this was the route information so now we have the port 1 and Port two as in Source in that session interface it also checked the return traffic and found that uh the policy one is matching for that return traffic as well and then confirmed over here by policy one as in the Ingress as egress both ways the policy is getting matched okay and next is basically the same information now look over here do you see this let me let me Zoom highlight this hold on do you see this um find an existing session ID reply Direction do you know what has happened the first thing happened was allocate a new session do you know this so what has happened is that the 48 firewall has looked for the 48 looked for the traffic look for the route look for the federal policy everything is allowed session table entry mate okay now what has happened is it was for Eco request icmp Eco request this is for equal reply okay why see reply Direction that's fine I know this is this clear the people what I have explained till now yes or no in the chat box it is super clear to all of you the route look up the policies everything that we talked about now the same information is over here as well I've tried you know mentioning uh one Niner on the two liner of the debug flow as what does each one does okay the next is it also basically tells you the same thing see Allowed by policy to allocate a new session uh denied by forward policy is if you disable the policy you know remember we we had the policy but it was disabled so if you disable it again it will be like this okay so for you guys if you want to do this if you want to test this house out please do this as your homework okay apply this in your event setup disable the firewall policy and see what kind of information that you get okay or change the policy rather than having all in the service use you say HTTP and then ping and then see what do you get so there can be so many permutations and combinations I want you guys to try this and make sure okay so I've mentioned all these things so that this document will help you out okay session list see once this debuff flow is done right the information will be in your session table okay let me show you one thing quickly oh sorry wrong password uh and then yeah diagnose systems let me just go to check on technology okay so the command is get system session list so this command basically uh talks about or tells you all the session table information everything about the session table information okay so um yeah we'll I'm going to share this document all of you so whoever is register you'll get that document so don't worry Okay so yeah so get system session list this command is basically telling you any traffic which is in the session table this is session typically now see over here it's all UDP UW where is icmp it is not there because the session table has a time limit there is a time limit so for UDP now this do you see this 156 this is seconds okay so this traffic is valid and it's in the session table for 156 seconds then this is the source if there is any net it will show up over here if there is and then what's the destination and if there is any destination net okay so maybe what is Nat and how to read this uh particular destination that source and all these things probably your different situation different scenario or a different session all together but uh that's what it is okay so UDP as in the protocol this is the protocol section this is the timer section as in what the time is 156 seconds if I do this again it may be a different number so 156 147 the lease is 42 seconds this is the source IP then the decision IP so the reason behind telling you this is I'm going to execute the Ping again and I'm going to take I'm going to show you the I70 packet in the session table okay execute this okay and come over here oh the debug is still running yeah I have to show you that as well so see what happens is if you do not do this and this is a very very common mistake see I I did this right in front of you so this is a very common mistake that a lot of times when you are debugging in you know if you're just looking to into the problem there are times people forget to turn off the debug so what you do is you say diag nose debug disable this is going to disable the uh D1 debugging for me also once you do this you say diagnose debug and reset these two commands are like mandatory you have to execute these two commands after your debugging is done why because if you do not do this it will keep keep the debugging engine running for you okay uh that's a very good question anybody who has the answer if not then I'll let you know anyway so uh very good question okay so what happens is um the traffic that you see this is self-generated traffic by the 48 firewall and this is for 40 guards service the 208 it's a 40 Guard Services trying to make a connection to the 40K server do you know why this is happening because it's a evaluation license device it does not have any licenses to it so it is trying to connect to the 40 gate server and trying to figure out whether this guy has any licensing or not so that's the basic communication which is happening and that's why you are seeing this information okay yes uh I'll show you quickly one thing hold on okay okay see this 191 student 43 is 1995 who is this guy or three now Port three is connected to my internet right yeah that's why you are seeing the society resolution okay and this 96 45 and uh this looks to me a 40 guard server let me check direct debug oh sorry anyways so uh but yeah so problem uh it's not the problem but 9k6 is a server over here 96 45 45 um I think it's a business let me just quickly check if if that's the case it will help you out and quickly check so I think this could be the DNS server on the photographer yeah there you go do you see this 96 45 45 right that's what it is right yeah 96 45 45 do you see this and it's 53 so it makes sense right make sense okay thank you no problem okay um what I wanted to show you yeah so get system session list okay now do you see TCP TPC TCP UDP but where is where the hell is ping so let's let's execute the Ping once for okay so good we have again a system session list and there you go there you go okay so now we can see that information is present in the session table as well do you know what this basically means this basically means that when your 40 gate firewall has uh allowed the traffic through the policy that you have okay it is going to take that information and save it in the session table okay but do you see this as well 58 57 54. do you know what this is seconds so if I execute this again you see this funny 22 21 18 20. so while we are talking in the next 15-20 seconds you will see slowly one or two lines will start to get out or get will will be will be exiting the session table because that's the timer for the for any traffic to remain in the session table so I'll do this again let me show you see wow what time is zero see this so that it's just if I do this again they will not see the ICP traffic at all see gone is it clear session table is it clear why the traffic would come into the session table and why it will exit the session table until how much time can you see the information in the session table by the expiry condom is it clear to all of you yes or no in the chat box so guys this is pretty much it that's it that's the end of the document and that's basically the oopsie I did something wrong hold on that's the end of The Document Plus the end of the session as well expiry means uh remaining time it will expand yes that's that's true uh it's it's like as soon as the traffic is received on the 48 firewall it is allowed by the firewall policy so icmp has a by default value as in uh for 60 seconds it will stay there now see do you see this for TCP the value is three four nine three just that divide this by 60. so you'll see how much the the actual amount of time is so it's around so so take this three five nine it's this is around uh five minutes I think right so that's the limit for TCP if it is a TCP connection if it is a UDP connection it's 140 very less do you know why look away it's a DNS traffic right that's why the timer or the expiry value is less that's why the expiry value of icmp is less 60 seconds but TCP is more in minutes you know why traffic is going out 80. it's actually um you know another kind of traffic anyway my point is that the expiry basically tells you for how long the traffic will remain in my session table and if the traffic is session in in the session table it means the it's been allowed by the vertical firewall okay all right so what we did today was all about how to first of all figure out the problem with the routes okay how to check the routes how to check the firewall policy from the CLI as well as from the GUI okay then how to figure out whether the traffic is you know getting Allowed by the firewall policy or not right so we did check that as well so these five steps that we did follow today and we were able to figure out the problem now what I want to understand from you guys is were you able to follow the whole procedure was there any place that you would like were you not able to figure out what the problem or you you missed out or was not properly understanding what's what's the problem okay uh let me do you want to make it quickly um just check I'm not sure if you guys have um you know use that Google form just give me one quick moment ah let me see where the Google form link is from there you go and uh okay so I think uh the Google phone does not have any questions okay no problem so what what we did was okay all right so I think uh yeah so that's that's pretty much it for today all right so what I'm going to do right now is I'm going to conclude the session okay um I'm going to share this article with all of you okay maybe by today I'll see if I can do it today if not today then probably by tomorrow okay now I would like to understand from you is that um were you able to understand the whole process these five steps that the the debug floor the packet sniffer the session list all of it were you able to understand yes or no so Raju you can create the address objects from the client maybe I'll um you know tell you a different um on a different session yeah Okay so okay so thank you for those kind words pretty much Clear great so um guys I'm going to upload this into the group okay so probably in some time you will have uh access to this videos if you want to go through this again no problems at all if in case you would like to answer or probably have any questions let me know okay so I'll I'll see what I can do and probably you know I'll create another session and then we can figure out that so think of what you need to learn next okay so I'll probably have a poll again maybe tomorrow or maybe day after tomorrow okay and then we'll I'll see you within couple of days okay till that time you guys have a great weekend ahead and I'll see you later good night bye bye all of you

Info

Channel: Rakshit Vidyarthi

Views: 5,840

Rating: undefined out of 5

Keywords: fortigate, fortigate how to, fortigate firewall training, sd-wan, Network security, VPN, Cybersecurity, Networking, IT security, FortiGate, IT infrastructure, UTM, FortiOS, Next-generation firewall, Web filtering, Network firewall, FortiManager, FortiAnalyzer, FortiGuard, FortiSandbox, ccna, mcsa, linux, ipsec, ssl, security, network, firewall, computer science, engineer, windows, kali linux, network security, network course, network +, network engineer, cisco, sophos, palo alto, asa firewall, azure

Id: 6IMuMFaqqMc

Channel Id: undefined

Length: 95min 5sec (5705 seconds)

Published: Thu Jan 12 2023