Installing FortiGate Firewall on ESXi Host from Scratch for Home Network

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone in today's video I'm going to show you how to install the 40 gig firewall on the XSI hosts before I begin please support my channel by subscribing and hitting the notification Bell so you'll be notified when I release more videos so I'm going to open my exercise I'm also going to open um for the gates website which is support.forina.com um first thing I'm going to do which is actually very important um when you're trying to download each design um version of 40 Gates is to go to register from your website put in your email address and click on register I'm going to go to the registration process with you so I'm going to put my email address here and click on register enter the capture code get verification code that would send you verification code to your email once you receive the verification code in your email you put the verification code here okay I got the email of the code six seven five eight four seven this code is definitely going to be different from the code you will get from your own email um so click on register enter the passwords you want to use its password is what you're going to be using to log in to um for the cloud which is where you're going to be downloading the um the software needed to install the um the exercise version of the file um sorry for the gift firewall on evohs I will enter your name your last name and all the details that are needed here I'm going to go into this and then I'm going to click on submit you agree to attempts and condition and click register click complete now you can log in with the email that you provided and the password that you entered earlier foreign and click login so once you log in you're going to see the welcome message it will tell you how many products you've registered uh one thing that um 40 gate or foreignty is doing right now is that for a trial version they are only allowing you to use one email per device per registered device but if you have the license you can actually use multiple devices but since uh we're going to use the trial version you basically just use one email um then we can actually register the products and go from there now the next thing we're going to do is to go to support here and we're going to download the VM images now when you click on VM images that will bring you over to fortnite VM deployment images since the product we're trying to download is a 40 gig firewall so you choose 40 gigs and then it would ask you what platform do you want to install it of course we're installing on a vme exercise so you click on vme exercise it's going to give you all the version this is the latest version we currently have which is a 7 version 7.244 as at a time of this recording so here you can see we have a new deployment for 40 OS and this is actually the file here um the size of the file is 85 Meg there's an upgrade from the previous version if you have a previous version of VM um and then this is a 7.2 this is actually an upgrade this is also in new deployments uh for VM on this this is the file name here and this is actually zip file which is as compared to this one which is Dot oh you see this is actually also in the uut.ov.zip file so um this is the size of a file so I'm going to download I'm going to be downloading this one with the you can download um this but I prefer to download it so I'm just going to download this and uh once the download is done so currently it's currently downloading once download is done I'm going to open it I'm going to show you how what to do when with the kind of esxi version that you have so this is the file that [Music] um came in a zip file you can see we have the digital drive we have different OVU file there's hw13 over you have hw15 over here there's a NXT and sxt.org and 64. we have there is a v app the ovf uh this different version actually work with different exi version that's why you need to actually read the text file the readme text file that comes with it the redmi text file that comes with it will tell you um what exact version you have so if you have exercise 7.0 or higher you're going to be using um you're going to be using the vm64. overview which is going to be this one hop here if you have six point version 6.5 of the EXA version you're going to be using 13 uh if you have version 6.7 U2 uh or later version you're gonna be using hw15 I'm going to log into my ASL hose and I'm going to show you how the version and then we're going to agree on which version is actually appropriate to actually use in this scenario I'm going to pause so now that I've logged into my exercise version you can see I'm using version 6.7 you can actually find your version here on the hosts um I'm using version 6.7 I'm using the u3 which is update three um that's the current version of my ex iOS so um if we look through the text file again what you're going to see is I'm using version 6.7 and this one says U2 plus which is from update 2 plus so this would work so I'm basically going to be downloading this particular file um if you look down here you could see 6.7 it would also as well work with this particular one but in this case I'm only going to be using um this hw15.ovf file so which is going to be this so I'm going to extract all the files I need into a folder I'm going to select that select the Data Drive and then select um the virtual drive as well um this added three files I need I do not need this other ones here because basically this is all I need this the aw15 and this one the other ones are not applicable for my installation I'm going to extract this I'm going to create a folder um create the folder for it any way you want it to be so I'm going to create a folder I'm going to name the folder any name you want to name for the gates 7.2.4 that's the version and um I'm going to extract the file into that folder so as you can see these are the three files which I've extracted the total size of this data is about 87.4 it's not so big so what I'm going to do next is I'm going to create a VM on my ex iOS to do that I'm going to come to virtual machine creates register VM uh this time around I'm actually going to be deploying using ovf file if you remember that the downloaded file that I have is actually a DOT ovf file you you remember in the readme file you have the ovf so I'm going to be downloading uh sorry I'm gonna I am going to be deploying the virtual machine from ovflow I'm going to click next I'm going to click here and then drop every file that I have um that hasn't extracted and then I'm going to call this my you can call it anywhere any any name you can give it and then you want to call it you could as well put the version if you want it's not really important so it's it depends on what you want so I'm going to click next I'm going to select my data store that's currently what I currently have I'm going to select that I'm going to accept the license agreement by clicking that I agree and then I'm going to click next now here you want to select the the network interfaces in in this case here you notice how it gave me about 10 Network options in my case here I actually basically need maybe two so I'm going to use the the internet's link and I'm actually going to use uh let's see yeah let me use this one and I can actually add one more if I want but it's not really important so I'm just gonna add this I'm actually gonna clean that up later so I can leave the red this the way they are it doesn't really matter so I'm gonna click next and then um here I'm gonna deploy this by clicking on finish so this is basically the summary page and I'm going to click on finish and then you can see that this is basically deploying your file it will tell you the status so you can see I have two already successful the third one is currently important of the app and then once everything okay now there are four steps it says it's even ready so this is my firewall here this is my so I can click on it and then here you can see it's running now one thing that is very very important is that uh the first time this runs is basically actually gonna reboot again and then we're gonna um be required to um login and um I'm going to show you all the things that are necessary to do with the with the 40-gate firewall so at this time currently is basically partitioning and formatting the drives and once it's done with that it's gonna reboots now you can see system is going down which is basically its website number rebooting so please stand by wire reboots so now you can see it's rebooting system is starting now I have a serial number I have every VM that you create will give you a serial number so this is my serial number and you can see I have the login page now when you log in your default username is basically admin and there's no password it's going to force you to change the password this is very very important it's going to force you to change the password so I'm going to change the password Here so when next I log in and no longer will be logging in with a blank password so if I exit this now I type in my username admin now if I press enter it's going to tell me I need to put in the right password so I need to type in the right password which is the password I just typed in so now as you can see I am already in and we're going to um configure this device mostly using the the GUI which is the web interface I'm going to show you what to do next I'm going to show you how to get the IP addresses that um your device is by default if you're using um for the gates Hardware device it's probably going to come up with one item that wants to say the one.99 as a default IP I'm going to show you how to get the IP address using the CLI command we're going to open the web browser together and then we're going to go through the uh the configuration and how to set up your 40 Gates uh in your home environment on on the exercise host so I'll log in again oh sorry I thought it's already locked out I'm still in so what I'm going to do now at this point is I'm going to run this command config system interface the reason why I'm running this command is because by default um the 40 gig actually comes with an IP address also um because um when I was setting this up I actually have um different network adapters I have the internet adapter I have this my my virtual adapters for my vlans and everything so I basically have about four working adapters here so some of these are one of these actually would have actually assigned IP address today so I can actually check that by clicking edit and using the question mark and as you can see here on Port 1 you can see it's a DHCP and I currently have an IP address 172.17.100 or 200 as in 210 so that's actually the address I'm actually going to use so actually open um the um the web interface don't forget when you put a date and then you use your question mark that will give you this one so this tells me um Port one is actually already configured so I can actually run on that command here let me exit this out that's our attributes and now I can actually run this command nice um show system interface um Port one since I know that's actually the port if I don't want to use spot one that will be very specific we don't want to use support one I gradually just say show system interface now this will tell you all the ports as you can see here Port 1 if you look very well you see the port one have sets more DHCP set allow ping https SSH HTTP F gfm so the https is actually the the um what's it called is actually allowed which is actually going to allow us to open this page using HTTP yes column one seven to the 1 7 to 102 I believe it's too thin so I could actually check that again remember to check you just say config system interface and then edits and then with the question mark that tells you okay that's the address 17217 to 100 or 210 so so 100 to 210 enter now because of course we do not have any um value certificates it's certainly going to tell us give us this connection has not been secured and everything you could actually import certificate so that's not um um topic entirely so I'm going to click on Advanced here and then I'm gonna click proceed to that address on Save I'm going to log in with the username which is admin and the password I created earlier on the um CLI when I was uh opening my device for the first time I'm going to click login so this is then gonna ask me to register my device now I'm going to use the evaluation license at this point remember I created an email address uh sorry I created an account using my email address and I have a password as well and if you just remember when we logged in the first time we noticed that what's it called the um there was no registered assets or there was no registered product so we're going to register this by putting in the username there and then type in the password we created on the 40 Cloud we're not the government user so this is basically for training purposes so I'm going to click on ok but before I click OK I need to see this this is very important one thing you need to note is that it's not going to work with more than one CPU and it's not going to work on more than 2 gig of memory so because this is a trial version you can't really you can't increase this one other thing is that there is a maximum of three interfaces if you remember in my x i um obviously I have one two three four so basically one of this is not gonna work so it's gonna work with one two three so uh one of this is not gonna work because it's only going to work with the maximum of three interfaces and actually also I'm not gonna have any 40K support and it's also going to support low encryption operation only so this is basically the free mode Evolution license this is who as in this is free but there's some limitations as well to it so um the maximum of interface maximum three interfaces uh firewall and routes each so maximum of three interface maximum three uh firewall policies and uh on routes so that's the limitation of using an evaluation products however that should not deter you from using for the gates in your own environment so I'm going to click on OK which will register my device and then that will log in uh once this is fully registered currently as you can see it's rebooting I can't really see here you will see this the system is going down now so it's basically shutting down and then they say please stand by while we're reboot and then it's rebooting so you notice all I just did was just to log in and it's really what's in here and as it's rebooting here you can see the same thing is actually happening on the CLI so you could actually be watching on a CLI or you could be watching it on the GUI whichever interface most people configure everything they want to configure on the CLI but um so it would prefer the um the GUI for the configuration because it's a lot easier to configure on the GU high as compared to are using the CLI whichever one it's relatively easy there's certain things you still would need to use the CLI folder you can basically do on the GUI so now as you can see it's ready so it's very very fast despite the fact that it has a limitation of that two gig RAM and it does a one one CPU so we're still not limited to what we can do so here at this point I'm going to log in back and the next thing we're going to do is to set this up so you set it up with an host name you could do a family version upgrade but because with already the recent version we don't need to do that that's why you can see that it's checked and we don't need to change the password and so you see that also also is checked so we need to do is to specify the hostname and do a dashboard I can't begin I can also skip this one let's go through this process we're going to set up the name I can call this uh Dash ohm lab 0 6. and then click OK that's gonna be the name and now I do like to use a comprehensive dashboard you could use the optimal one you could use a comprehensive one whichever one works for you that's fine I like to use a compressor because I have all the features already enabled you can actually watch some of the videos that shows you some of the changes that were made to the division 7.2 and remember we're using 7.2.4 so that's 7.2.3 the 7.2.4 so at this point here this is big this all the switches here are all enabled by default because we use a comprehensive dashboard so I don't have to be adding all these features um on the uh from system I don't have to be done in this only already on by default so I really don't have to worry much about it next thing you're gonna do when you log into your footage is you need to configure your interfaces you remember it was because we were able to obtain an IP address on the port 1 which is this particular one here that is why we're able to um access this using the GUI house we would have configured everything we want to do on the ca live before we got we can actually do that on the GUI because um the interface is already configured with the sap so I can actually obtain an IP address and then go from there if not I have to do something like this um login here um then say config system interface edits Port one sorry ports one then you set mode if you're doing a static IP you say set more static and then you begin to set all as in then you do sets allow access being all those kind of things and then you do set um IP and so on like that whatever command that's it's required so I'm not going to go through that I'm just going to use everything I want to do I'm going to do it on the GUI I I don't want to do the sale I can we can look at the CLI command in a different video but this is just the basic way to set up um your 40 gig without having to use a CLI so here the first I want to do is because this was gotten using the ACP I want to make sure that this device is assigned this IP permanently so I'm going to double click on this spot on uh bot one now you can Define the row basically that's actually my one interface I know that because this IP is actually for me from my one interface so um you could name this whatever name of your internet is you could say Xfinity Chromecast 18t so I'm just going to name this internet so I'm just going to say hi SB okay now here notice that I got this IP address using gcp this is the IP address I got it's a Class C this is this I'm not going to choose manual and the IP Still Remains remember um the next thing is this is the DNS I got I can actually change the DNS as well so in this case here I'm just going to click on this and that's actually what I have notice https you remember when I showed you that early https is on yeah uh FGM FGM access hdb SSH champagne is on as well anyone you want to turn on here that is relevant so you can turn them on so the next thing I'm gonna do here is ensure that this status is enabled if this is disabled or lose access basically to this interface so I'm going to um leave this the way all I just did basically here was just to set the IP address to manual so that that doesn't really change anymore so I'm going to click on OK the next thing I'm going to do is if you want to change the DNS you can come in to change are going to look at that again later but next I'm going to do is to set my Lan IP I'm going to use port 2 for My Lan and then I'm going to change the row to Lan then you could name this Lan if you want to you could just leave the Alias the way it is so I'm going to configure this to have a lan IP of 190.168.183 dots so let's use 254 for um my my what's it called my 40 gig device I'm going to assist last 24 if you don't want to use the slash 24 you could just say slash g500.25.25.0 whichever I want you to do uh both of them will still work so whichever one I can just say slash number four um this would actually create this IP address notice I'm using manual so this is also going to create the objects and um when you come here to policy update you will see on the addresses this address will be added there as well um if you want to be able to access this address using the web interface you will need to enable this I'm not going to enable it for now I'm going to show you that you at this point you can ping it you can't do anything so if you don't enable ping you have to enable https you can access it using web browser so I'm going to leave it the way it is at this point here now if you want to set up the UCP server you check this one and then you turn on the DCP server information and then you enable the interface and click on ok but what I would advise is that because it's a lan interface it's very very good to actually have it accessible Overland as compared to having it accessible over one so this in my port one I should have disabled about I because I I'm sitting my configuration it's better to do to enable it here first before you could disable it there so I'm going to leave this enabled and um if you want to be able to SSH into it you turn that on you should be able to Ping that interface at least and then if you want to add this to some monitoring software like prtg like Avic you need to turn on the SNMP then um there are other things that you could as well do there's 40 manager access and so on like that I'm going to leave it the way this is the next I'm going to do is enable the sap server now this is very very important so um if you want to create two different scope of DHCP uh let's say you want to create two different ranges let's see it say my IP should begin from 50 and it should stop at let's say 56. and then I want to have an IP let me close this I want to have an IP starting from let's say 75 and then now I'll stop at 100. so what I'm basically saying is that any address between 1 to 49 would not be assigned by the ACP server and any address from 57 down to 74 will also not be assigned those High pick will be given to your servers if you want to set it that way that's fine if not you could just close this and just say Okay I want to give it from maybe one to let's see two five three you can also do that because this is 254 so it's still going to work as well but let's just break it down into two so maybe we'll create three different ip7s I'm gonna say 50 to let's say 90 nothing let's say 99 and then here we have let's say 150 let's say to one by nine and then this one we have um last one I want to create um will be 250 don't forget this cannot get to 244 because so it was already assigned here so this would not go more than 253 so that will be the last available address so this is my net mask here which is the slash 24. if you want to use a different DNS from what this device is configured as you could as well specify that DNS here so let's use Google DNS uh this might not be applicable to you you can you might want to use your internal DNS or whatever your Open DNS whichever DNS that you want to use that's also uh applicable so um let's say I want to use Open DNS I could actually just um add Open DNS here um you can as well add the third DNS server what's I'm just going to leave with that 2 DNS for my secondary DNS that's fine you know that's good enough for me um this list period this is very high I always like to use 1D so eight six four zero zero second is basically 24 hours so here um um everything looks good if you click on the advances other things that you can actually do when you um referring to ipsec DCP relay but we don't need to do anything about it or your system of the ntp server and so on like that I don't need to do anything there on the security mode you can create a captive portal this is what they used to when you're able to log in blah blah blah when uh it will show them a login page where they put all those kind of things but I don't need that as well um what I'm going to show is this interface is enable and then I'm going to click ok now don't forget if I put this IP address in the browser with https at these points it's not going to open but when I click OK because this https is enabled I'm going to disability just to show you I'm going to click OK and then as you can see um the interface is actually configured this is the IP address of the interface if I open browser matches this I really can open the interface as in the the account on the page but if I enable https that will allow the the page although I allowed the page to be accessible via https but also remember that it's very important that you know that you have to be in the same IP subnet so which means that your um your computer have to be in the same IP submit as this or have a route routing enabled that will be able to Route traffic over to this particular IP address for you to be able to open this so if you're safe experiencing this what that's basically telling you is that your PC or your device is currently not in the same IP address range as this so you can open because they're not in the same network but this network is currently different from my land Network now before I open that let me just finish all the configuration I want to do here I've already enabled https so I don't really have anything to worry about what I want to do next which is very very important is to come to static crowd here this is very very important you need to be able to allow this firewall access to the internet let me show you something if I come here I say pink google.com oh sorry I'm sorry exact ping google.com notice that nothing is actually showing because I have no way to actually run all my package to the Internet so what I'm going to do is I want to minimize this I'll create the static routes I'm gonna say if you're gonna go anywhere I want you to go anywhere using my diff my default giveaway which is this this is my default giveaway and I want you to go through the ISP interface my ad is basically an adjective distance if you have multiple static routes they um the lower ad is preferred over the higher ed so this number can go up and down whichever number you want script but at this point is not important so I'm just going to make sure that it's enabled click ok now I have a static route that goes anywhere 0.0.0.0 means any so if I go back to my to my uh what's it called to my CLI and then I do that notice what what is happening now I can actually ping so if I close this let me ping it again you can see you can ping if I close this and then I remove let's remove this so let me let's just disable let's disable that that's good instead of removing and doing it again we disable that and let's bring it again notice I can't pink it because without a static routes this firewall cannot get to the Internet so so it's very important that this file will get to the Internet so now I'm going to enable this back and so that gives access of this firewall to the Internet so now I can actually resolve the IP as add that name to IP address and then that's actually pinging the next important thing you need to do currently there is a one access for this device but there is no Lan access or any device in your land can still not access the internet so what I'm going to do is to create policy this is the final step in all the process so this is for currently everything has an implicit denial hole so what means what this means is that by default all traffic effect coming from anywhere in your network going anywhere is being denied going to any ports all of them have been denied so all traffic from your land if you're trying to go out through the firewall they'll be dropped nothing is going to come out from firewall to the internet because this basically they like hasn't denies everything implicit invisible so they're not in it so it's just there by by default so I'm going to create a firewall rules that allow my land to go to the internet so here I'm going to say my source is my land remember my land is my poor two as you can see the IP address is showing here that's my Lan not support three in this case I've not said anything on part three is part two that's my land the reason why I like to put Alias is that you can actually see what the name are so let's go back there quick quickly create an alias for board two so I'm gonna name this LAN and then click ok and go back to policing objects and then firewall rule create a new rule and then I'm going to say Lan two ISP now notice this already changed now because I have an alias so now I have my Lan so my income in is my land the only where is it going it's going to my one so it land to one so source is all destination is all it means any Source any destination and then services using all ports whatever kind of ports it's using then I make sure that Nas is turned on very very important and as it's turned on now you have some security profiles you could turn on for antivirals by default it's using the default one but I'm not going to use this for now I'm going to disable this I'm just going to leave this as a default and ensure that this policy is enabled so once you click on this okay what happened is that it creates this firewall rule Above This implicit it has to be above if you move this below this then everything will be denied so this has to be above the Simplicity now actually because it could be moved you could move it open now so I would not want to do that you want to make sure it's just above it so this basically means any traffic coming from my land can go to my one so an extra entry from coming from anywhere going to anywhere should be allowed so these take precedence over this and that will allow all my land traffic to actually go through the internet so now if I have any device coming from this particular IP address and is trying to go to the Internet yes he will be able to go to the Internet through uh what's it called through um my firewall because my firewall was sit as something it can actually allow the traffic in so this is the final thing you do once you do this every traffic can actually then go straight to the Internet so basically remember one other thing you need to set is your interface the next thing you need to set is your firewall policy I talked about DNS alien let's quickly go over the DNS this is the default DNS is using if you have a DNS that you want to use if it should encase this response time is too high for you you could as well specify any DNS that you want to use if I see it or it's uh let's see the response time that that will give us currently that was given us 70 milliseconds let's see what we're gonna get after applying this so I'm waiting okay currently This is 40 milliseconds so basically using these over the one that was there before is much more even much more better because it has a faster response time um whichever one in your case it might not be depending on your location depending on other kind of things that are that are in place on your network so um this is where you set the DNS if you have an internal DNS that you want to use this is where you set your domain name so let's say your domain name is whatever your domain name is you just set your domain name um let me let's say that's actually my domain name then you click on the click on apply whatever your domain name is you had it there if not just leave it the way it is so uh what I'm gonna do is um yeah I'm gonna actually gonna set my PC to have an IP address in this subnets and then open uh this page and that will be the last thing for this basic tutorial on how to set up for the gate on each side okay one other thing that we want to show you is since you're using exes how do you identify which interface it it is because you have so many interfaces that were being used so what I'm going to do is click on the interface we want to identify which is actually Port 2 and then you will see the MAC address here so this is the MAC address so when you go to um your essay OS you can actually expand each of this and then I will tell you notice this is 8378 what I'm looking for is 8382 I'm basically looking at the last four um so here I'm going to expand the next one and collapse this so this is a382 so this is basically on my Wi-Fi network so basically um I have to set um what's it called set um my um my name this network range on my Wi-Fi network so I'm gonna um set this IP address on my WiFi network and then one of this IP address range and then I'm going to access this page so I'm going to show you how to do that quickly so here I'm going to open uh my network properties for my Wi-Fi and this is my wireless card practice I gradually set this and then use the advanced to set the alternative IP address but and that way you could just use alternate configuration and then use the following IP address this is my photo host I'm actually using alternative configuration normally I normally would just use the advanced option there um let's continue with this 183 dots a C5 my default gateway would be my the IP address of my firewall 183.254 is my default gateway I'm just gonna use a single oops I want to use a single DNS IP address and click on OK so basically what I have here is like I said normally I would just go to Advanced here and this is where I will set it if I'm using a manual IP but in that case here I'm using alternate configuration let's see how that works so the IP address has been set so let's refresh this page as you can see now I can actually access it using that one other thing I did need to make mention quickly was that I was having issue with the alternate alternative I uh alternative IP configuration so I did actually configure this using um static IP address I just changed put in my IP address that I have on my Wi-Fi interface that I went here and then I set by clicking hard I add the IP address which is what I have here and then I had the Gateway here so it's basically the same thing so instead of using the alternative alternate configuration we really didn't want to work so I just set them on my IP address and then had it here on the um Advanced so that allows me to be able to use those two IP addresses so I'm just going to close this so basically I can access my firewall using my Lan interface and I can as well access my firewall using my one interface so if you if I log in you will basically see that it's basically the same firewall so I'm going to log in now I'll notice the name is the same thing lab or um home lab 6. so what I'm accessing using my Lan IP I'm assessing using my one IP so now I can actually disable on my on my one interface I can actually disable um access from my one let me show you how to do that I can click here on the ISP interface and then remove HTTP and https I can still allow ping I can allow SSH if I want but let's remove all this and just allow only pink so click on OK so what that does is that this is no longer going to be accessible so if I click on interface I've noticed it's just rolling because basically I've I don't have any more access to this using um the IB so that basically lost access so I can enable that back from here by enabling all this uh this is basically what I need HTTP is what I need but yeah you know me I always like to have everything that I need or how awesome ready so let's just this is failing now automatically it just refresh because now you could see that I've actually enabled um those access so um you could do it on the CLI as well let's say um list the symbol this again foreign this for this interface notice if I refresh this I've basically lost access I can do it on the CLI so I'm going to log in now config system interface edit don't forget that is spot one now notice currently I do not have access anymore so this is my port one that's what I made the team so I'm gonna say sets allow access I want to allow it to be able to Ping I'm going to allow HTTP s HTTP SSH I'm gonna allow FGM fgfm you can analyze and MP as well so if I allow this and then hit the enter key what happens is when I come back to this page and this page refreshes what happens is that it will automatically open back yeah and show you uh type end which will basically more like commits interchanges so now I have access back again so if I go back to network interface you can see that I have been https SNMP and two more which is HTTP and FG fmg that axis so um this is a very long video I'm so sorry but um I hope this has been able to show you how you will actually set up your um you know for the gate on EX iOS set up the interfaces both on the CLI on the GUI set up the static routes set up um the policy which is needed to actually transfer traffic you can see that there is traffic here to transfer traffic from your Lan over to your one um by ensuring that this deny all is not the only one that is there so this allows you to transfer traffic outside of your network you can actually also bring traffic into your network to do that if you want to bring traffic from your from your internet into your into your land you could as well create that and say I want to create traffic from ISP Into My Lan and then you can say source is the ISP destination is your land so any type of coffee from the internet I would never advise those in a production environment but whatever whatever reason you want to do this that's basically up to you Source basically going to say okay anywhere from the internet I will not do this in the production environment trust me this is a very very bad idea and then destination I'm basically going to allow you to come into my Lan interface so this is not going to go everywhere but it doesn't go specifically into my Landing service that's actually my port 2 address here as you can see that's the address for my land and that's my little portugalan I'm going to allow uh all services to come in in this case I do not really need Nets but you are so just leave it for now and then I can turn all this on that will allow all the application to be filtered and so on like that as we'll turn on the antivirus you guys well it did this and three quarters that will be in that session as well on that class and not training so I'm going to click on OK to enable the policy so this policy basically is saying any traffic coming from the internet to the land you could actually remove this uh or people move this down uh whichever one you want to do that's basically fine so um please if you have any question please leave it in the uh in the comments section um like I said I would never do this in the production environment so um I can actually just see what that policy it's scary um you never can tell you might have a reason to do that there it could be reasonable why you want traffic coming from the internet to come to your specific um Land network or any specific villain in your network um whatever reason that is but that's basically how to set that up um please subscribe thank you so much for viewing
Info
Channel: Techy-World
Views: 6,291
Rating: undefined out of 5
Keywords: install fortigate on vmware, fortigate virtual lab, deploying the fortigate-vm, how to install fortigate on vmware, installing and configuring fortinet vm in vmware, fortigate vmware, fortigate on vmware, fortigate vm for vmware, install and configure fortigate on vmware, download fortigate for vmware, fortigate vmware workstation, fortigate-vm on vmware esxi, fortinet vmware, fortigate firewall configuration step by step, fortigate firewall policy configuration
Id: ac1L9ApwLlk
Channel Id: undefined
Length: 49min 5sec (2945 seconds)
Published: Thu Feb 16 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.