NAT- NETWORK ADDRESS TRANSLATION IN || FORTIGATE FIREWALL| STATIC NAT | DESTINATION NAT|| DST PAT||

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay so in the last session we discussed about the net introduction and today we are going to configure that net okay how to configure the network address trans what is the use of net that we already knows how many types of net that already knows so here this side is our local area network site and we have a two server okay that is completely uh just a minute I'll explain you what is actually we are doing to do going to [Music] do just a minute [Music] okay so this is our completely uh this side this is our completely this side is a VIN [Music] okay and the the side is completely a l Network just a minute am I audible properly we can hear you properly yes yes AUD yeah great okay so this is completely a lane uh when when okay this is our internet internet we connected from one of the ISP this is ISP link and it is directly the link is terminated with the firewall this complete part is a wi now this complete part is a lane this is also a lane okay this is also our own network so here uh the normal users are s sitting inside the you know the office okay and here we are having some servers server room okay there is uh one server room one we can say server room two we can say so this is called in generally we're calling a DMZ this kind of scenario demilitarized zone why demit Zone because this server is accessible for the local user access local users as well as the public user via internet okay that is a called demilitarized zone why demit Zone because there isn't always there will be one you know fear that any outside user can enter to our Network and they they there could be a chance that if the configuration is wrong then they can manipulate the our Network and they can enter to our inside to okay so we just wanted to allow access to the outside user which we want to uh you know introduce or which we want to public okay publicly you know some anything like website or anything server service which we want to allow that they can only access okay so today we are going to do estatic net uh uh static net for inside user this user for the to access the internet at the same time with the by using the static net only will allow outside user to access the inside okay so start the configuration okay so this R1 R2 R3 R4 is already exist and R1 the configuration part is already there there as usually we are doing right so this is the configuration part okay [Music] so so R1 enable configuration terminal that whatever the IP we are having okay that complete IP and the RP I'm going to configure here okay complete RP we going to configure here in R1 so just go and do the past so whatever the IP 1 172 10 20 10 20 everything is configured here right so IP interface brief if you check swipe interface brief Swip interface so IP interface brief so what are the IP 1.1 which is our the uh that 0 by0 interface 10 1.1 so one 1.1 is our this one right the Lan side other Lan side other segment okay and 10.1 10.2 10.3 10.4 and 10.5 is their upper side got it similar we have we also configured uh so I route RP so RP has been configured okay so IP route but it is it will not show now because uh there is nothing other like a packet exchange happen in that through the routing so just assume there is rout RP has been already configured router IP version two noo summary Network whatever the network is having that should be advertised with the rip okay now we're going to enable that Tate and the SSH configur to our our that uh device Okay so so keep doing like this I will share this configuration with you post the session okay by using this we'll enable the taet by using this we'll enable the SSH by using this we'll enable the HTTP service [Music] okay configuration terminal host name okay host name already changed R1 right so no need to change now paste done done the same thing we are going to enable in R2 also enable configuration terminal host name R2 [Music] okay same thing we are also going to do enable configuration terminal host name R3 at least we can enable this is a similar for all the all the device right HTTP taet s we just enabling in all the device okay R4 enable configuration terminal host name R4 okay done fine so tet https SSH HTTP all are enabled into all the devices now do the routing into R2 routing in the sense the interface need to assign the IP into the interface okay so host name not require no IP domain lookup this is the IP IP route we are doing some default routing towards our uh in. one okay we are doing default route towards firewall here okay means I telling to my router if you don't know the destination you can blindly send to the 10.1 okay here interface domain lookup the Ty domain lookup that is you know why we using interface 0 by 0 what is 0 by 0 IP uh not 0 by 0 that should be a 0 by 1 right 10. 100 uh that 0 by 1 uh here we'll use 0 by 1 and here we do a no IP root here we can do this okay then so IP interface brief so now if you check uh 0 by0 is having still it is showing as a 10.1 100 so we need to delete delete this first config terminal interface first etherate interface fast etherate interface fast etherate 0 by 0 no IP address no IP address for 192 16810 100 255.255.255.0 so I delete this again I came to here again I did here I need to remove this no okay then in so IP interface brief so now this time we assigned the IP address here okay but the still the interface is down config terminal interface faster thanate 0 by 1 and no shut [Music] down wait for meage okay now it is up so IP interface brief so now this is up okay then in R3 also we need to do the same thing uh here getting getting everything yes sir all is going good now okay okay you getting what we doing actually you getting or not we assigned the IP address still here in the R2 right then I did IP route default route towards if you don't know the source and destination you can blindly send to that your next hope like 10.1 H to the firewall okay got it yes so now you can do the R3 paste it here okay so what is what we did IP address 10 1.1.1 for this one and second one 102 for the downside okay lens the public user then we did nothing here okay see then fourth what we do what we need to do in the fourth uh because already we enable the what we already enable HTTP https service already enabled right now we'll do this in R4 here also in R4 also we are doing the default route towards fire wall okay 20.1 in R4 also then default route and IP address assigned correct done so R1 R2 R3 and R4 is done the basic configuration https https is configured now we need to configure in the firewall so admin admin so system interface question mark so there is no other IP except this um DCP so config system interface edit port number two S Mode static set allow access ping tnet SSH https and HTTP okay okay say IP 192 168 1.2/4 next edit port number three set mode allow access set mode set mode static s allow access ping https HTTP tet SS set IP 192 16810 do 1/24 then here we me okay that is 16812 correct so now next another interface edit port number four set mode estatic set allow access ping https HTTP taet s then now say IP 192 101 1.1.11 100/24 okay then next edit port number five set mode static set allow access ping https HTTP ta n SSH done okay NE uh set IP 1921 16820 1/24 okay and so system interface question mark So 36 the rest 1.2 here 1.2 uh here 10.1 okay here 1 1.1 100.1 means 100 okay and second in the fourth 20.1 so all the configuration is done now we'll do uh 136 IP admin admin done not now later okay now you can check interface first very first you need to make it as a dscp or like a manual here okay okay now rest is done 192 168 1.2 10.1 1.00 20.1 done now we'll do RP configuration why rip configuration because there is an RP right 1.1 correct 10.1 20.1 so RP 192 168 dot uh what is that 192 168 do 1.1 1.024 correct second Network second Network which is connected here 10 and 20 is connected right 10. 0/24 20.0 /24 okay then now we need to enable go to the advance and we are just enabling static default route into other routes okay so just enable this a static in under uh like we are doing the redistribution of static routes under RP just like we did in last time under OPF to eigrp right the same way then now now what next now check the routing table okay in the firewall itself get router invo routing table details so this is 101 is directly connected this is a internet 172 10 10 4 and 10 5 it is come from it it learn from our IP right which is this one 172 10 2 10 3 10 4 105 all came from rip right this all 1 10 20 and 101 all are connected directly right this is connected directly right this 101 is our this side 101 is also learned by RP okay and 159 is also connected this is the DP of Port one then fine in the similar way we need to check in the routers also whether this is learn or not so so IP route RP so in from rip how many network is learned 10 and 20 this 10 and 20 has been learned right 100 is a not 100 we can't advertise in the thisp because it is just a interface P or the public network okay so we can't do that go to the R2 so IP route RP so IP route so there is no rip configured here right any RP configured here no right only rip is configured into R1 got it so so I route there is no routing route Lear from the r because RP is not enabled here okay we did not configur RP routing information protocol we just did Static default route towards firewall okay 10 do 1 so this is 10.1 correct in R3 also if you check so IP roote here we did nothing there is even though there is no default route this a star means default route okay so check the R4 R4 also will get a uh default route so I so IP route okay default route here also towards firewall fine now if you check the connectivity there will be no connectivity right ping 192 168 do 10.1 no connectivity because by default policy is implicit implicit deny if you check what the policy firewall policy default policy is implicitly deny and action is deny right implicit policy from any Source from any destination set any time any service action is deny okay so no one can reach to each other right now you can create new create and if you want to establish a communication that is fine but but for that uh what is our first first requirement how many type of network is there estatic net is there okay so we'll do the static net for inside user to access the internet right correct yes sir okay so now just a minute so static ns are means we'll make one private IP to with one public IP okay so just assume your manager has sent one message or an email that you just allow to internet access to this particular IP 192 168 1.1 allow this Internet access with the by using a 101.1 do1 dot 101 means 1 2 3 4 okay so 101. 1.1.11 so this you just m this private IP with this public IP so whenever this user will hit to the Google or somewhere so it will use this IP as a source and it will go to the Internet okay clear and directional unidirectional or B directional uni directional means one way the traffic will come from here and it will go by like this okay by directional means both way okay so the request is uni directional okay so request requ as per the manager it is he asked to make a uni directional but not a by directional okay okay means one way communication so start the communication start the configuration create a policy before that we'll do a you know athetic default route also for the internet okay let me do that the aesthetic route Network because when we don't know the destination we just always create a uh you know one 1.11.1 okay when we don't know the destination it will go to the Internet okay fine now get a policy go here create new traffic will R1 static R1 to outside okay static route for R1 to reach the outside traffic will come from R2 and it will go bya R4 R2 to R4 right R2 to R4 fine yes yes so Source will who who will be the source all or particular this given by the manager 1.1 only right here 192 do or I can say R1 here I given the name subnet subnet okay 192.168.1.1 fine any any SL 32 because one one IP only okay done who will come he will come R1 will come okay and destination will be anywhere it can go whenever you want always any service that he can access okay accept flow Bas and net is net must be enabled because we are doing The netting use Dynamic IP pool so why we need a dynamic pool because our manager asked to create create that right use some public IP right use one public IP for this R1 right C we missed that okay the policy is cancel but still if you see in the address you'll get R1 okay so again no need to create whenever you creating address it will come under this address option parel policy create new R1 static net okay R1 static net uni Direction okay R1 it packet will come from Two and go four 2 and four Source will be all destination will be all Source will be not all Source will be just r r 1 okay R1 this one and always Services all and use Dynamic so here you need to create the pool you need to define the public IP by which IP it will go to the outside so here public estatic or we can say manager is asked to 101111 01 right so we can use an overload or static because static is means one to one one private one public okay which IP this IP by this IP only done this is just a name okay which IP from this is a range it is asking for the range so if you give a single IP it will not accept okay it will not accept so you need to use a complete this IP is starting and this IP is only a ending okay that we are defining in and the type will be one to one then so in sometime uh your interviewer will ask may ask what is the one 12 one nting okay so you need to say static net okay done so now done select this one okay so now with this policy what actually we Define so the traffic will come from R2 who will come from R2 this 1. one okay 1.1 will come from the R2 and it will go via R4 okay any any day anywhere it can go anytime it can go it can access anything okay any service by using this IP okay that we Define then now policy has been created now you can check beinging one okay internet in Internet do we have 1.1.1 anything for the uh configuration terminal interface loop back 100 IP address 1.11.1 just assume this is internet 255.255 255.255 okay then R1 ping 1.11.1 is it okay it is it is getting right right now yes yes okay it is able to access now but you can check in the internet it is coming to internet debug IP icmp who is coming as a source R1 check who is coming source is a 1.1 destination 100 who is sending the request request send via by uh destination is 101100 so source is a 1.1 it is a reply packet okay and the request packet request packet is there only reply packet right there is no request right Eco reply Eco reply I able to see anywhere 192 168 no right in Internet no one can see your private IP from where you're coming it will always show your a public IP which is our 10 1.1.1 okay clear yes yes yeah now let me do because of the static routing it is going to a internet okay because of static routing so let me delete this static route now you can hit the same thing okay to stop this you all now you can hit 1.1 is it able to reach the internet no right is it coming no like you can check in the packet tracer go to the interface can do the packet capture packet will come from the R2 and it will go to uh anywhere and by using anything okay so now hit start again hit because packet capture was not restart okay it is one packet two packet receive right just a minute only one packet as of now received please mute yourself two packet received only two pcket received right how many pcket send total four pcket again hit is still going on right now you can stop and you can hit check download this open file can check RP version to respond 1968 1.1 send tation is it is sending like a multic cost IP right but it is a wrong one you it should uh send the icmp request to that 1.1 but it is not accepting right so so now you can enable this again the static routes okay so 101.1 1.10 1 one uh 10 1 or one what is this the next hope IP one only one then now you can [Music] hit now you can again again start this again hit the traffic to the this one so now you can check 13 packet received now you can download okay stop and download now if you check who is going your 192 168 1.1 where it is going destination 1.1 right it is a request and reply is coming from 19268 1.1 to home 1.1.1 right 1 61.1 and again replace request and reply request and reply right means 1.1 is replying able to see anywhere in in between the firewall you can see the 1.1 but in the internet you can't see okay okay clear but internet you can't see if you want to edit you can check a port number four whether it is coming or not what is coming what is not okay so again you can hit and again you canart this is just I'm same time I am trying to explain you the troubleshooting part also okay yes then so the five packet received 21 packet receive stop download download now who is requesting who is requesting 101 is requesting right is there anything 192 168 1.1 no right because the private IP is completely hide with the public IP right yes and who where it is going 1.1.1 and who is responding 10 1.1.1 this is responding to whom to whom it is responding no 1.1 is responding right beop up this is request from 101 to whom 1.1 this is reply from 1.1 to whom 101 okay like that but you can't see your private IP anywhere okay in inside your firewall you can see but in the internet you can't see even the internet user can't see okay so okay this is able to access the 1.1 but at the same time is it able to access that anyone from the Internet is able to access let me check from R3 to access the 19268 1.1 ping 192 16811 is it able to access no because we don't have policy for okay for R4 to R2 means there is no reverse policy right only one way based on our our management the um the order is like you need to create static route in know by uh unidirectional not a b directional right so we configure un directional so now this time to allow the static net for inside to outside is done okay now we'll create a static net for outside to inside so we'll create here whenever someone will hit to this 10 1.1.1 100 it will reach to 192 168 1.1 okay one more thing before that I will ping internet ping 1 1.1.1 from is a source source who is source 172.101 do1 is it able to reach the internet this user 172 no right yes because we allowed just 1.1 to access the internet correct and remember in a very rare case we are allowing this static we using this static net but when uh okay when you are having a multiple application server which you are hosted into your network and you wanted to you know allow a specific user or so that time you can you can Define that you can use this static okay fine now we'll allow you this this inside outside user to access the inside okay so for that again we need to create a policy in this policy the outside user will hit to 100 and it will redirect to 1.1 okay create new static N Out to in okay traffic will come from the port number four and it will go to the port number two and who will come anyone can come we can't Define right destination where it will go create new you need to Define this right you need to Define this subnet where it will go 192.168.1.1 right static out in okay by 32 I can just say 32 okay anyone can come and where it will go this this particular destination you can reach from R4 okay service all the service can access use Dynamic IP pool so here also we need to create okay by hitting this create overload so this time this time also one to one only right estatic net out to in one Z 1 do 1 do 1 do 100 done so range it is asking so contrl C hyph and control V so what we are defining whenever someone is hitting to 10 1.1.1 100 this one the interface IP it will redirect to 1.1 okay estatic net out now okay then so now if if you check now you can this is a internet you can hit to uh ping 192 168 dot uh not 192 you can hit 10111 100 is it is it reaching right it is but check in R1 debug IP icmp who is coming who is coming anything from R3 just a minute if you're not able to do tell it to 10111 100 so by hitting this we are able to get the 40 gate right but it should redirect to 10 1.1.1 100 should be redirect to 1.1 right so it is again K uh just a minute here anything we missed static out to in all can come always anytime static n so it will external will be a 1. one right create a virtual by people create new virtual IP check the address first under the address is there anything under the policy the address is there and check athetic out to in right so it will what we Define here okay 192 168 1.1 right fine and is there anything other other address Parable authentication static bvpn this this is the by default one okay is there any virtual people no there is no virtual people create virtual people and give a name uh estatic out to in okay interface anywhere it will come external IP 101111 right when someone will hit this and where it will go 192 16811 right okay so whenever anyone is coming to here and whenever anyone is hitting athetic C so here in the policy what we missed we need to define the destination okay under the destination what we are using we choosing what out to in right we choosing this uh in the destination 1.1 but how it will come it will not come right because Des we need to define static out to in here 101 means whenever anyone is hitting 10 1.1.11 100 it will redirect to 192 168 1.1 okay now this is the correct policy okay now we can ask to hit now this time you'll get a a firewall not firewall now this time you'll get to exess of your R1 okay now you can check just a minute wait for some time in R3 wait some [Music] time I given one credential here right what is the credential uh firewall Cafe and the password is one secret 123 secret is a 123 right so just a minute if you hit firewall K and the password is 1 123 so we where we are now in R3 which I we we hited 10 1.1 100 what we received R1 right correct now again we are in R3 only now ping to10 1.1.1 100 hit ping R1 now R1 is receiving packet from 101. 100 right correct and responding to that R3 correct now it is hitting to 100 and it is reaching reaching to 1.1 correct what we are HED in R3 100 where we are reaching 1.1 right where we are reaching 1.1 clear is it clear so can we proceed for other other concept okay so now now this static route is done okay now we'll do the P we need to allow multiple private user by using a single public IP so let's suppose I am having a here I'm having 101 100 anything IP I'm having so I want to allow access Internet to all these users okay so this is called as a port paid address transaction so instead of I'm just modifying okay we can create one one one IP address only okay we'll use uh internate internate paid configuration I'm just going paid paid into out okay incoming will be port number two outgoing will be port number four Source will be all Source will will Define The Source create new create all address we can Define also like one by one like 192 168 do 1 do 0/24 okay this will come done who who is another one 172 10 2 3 4 5 172 do 10 do 172 10.1.1 1.1 /24 okay okay uh 10.1.0 not IP network only it will accept select create new address to I'm just giving the I'm reducing the IP address okay otherwise it will take time so better to I'm just using the 23 IP only zero two done so this all can able to access the internet by using the single IP address okay if you want to add any group of users you can use okay destination anywhere they can go schedule always all the services need enable by using the uh this one okay or by using the any any public IP okay any any any IP like we can Define also uh like just a [Music] minute by using what we can Define the pool also which pool create new pool pit overload this time earlier we use one 12 one this time we'll use overload okay and which IP it will use one 1.11.1 03 okay so this IP by using this IP the single IP they can access the internet okay okay done P done okay done now you can hit internet from earlier we are unable to access right from uh from this 172 now we can hit the you all ping 1.1 do 1.1 as a source 17210 do 17210 do 10.1.1 I'm asking 10.1.1 to hit the internet they are able to hit the internet right earlier they were they was not allowed right they were not allowed 2.1 3.1 is 3.1 is in our our list is is 3 1 is in our policy no right so the 3.1 cannot exess because this is the 3.1 is not in our policy our 30.1 is not in our policy okay if you hit 30.1 is there 30 uh 10.3 is there but 10.3 is not in our policy if you want to add you can add here create new add 30.1 172 do30 do 10301 10 do 172 dot 10 do 3.0 SL 24 allow okay we missed that 172 10 30 is missing right 172 uh this 3.0 3.0 we need to add we added here here apply uh is it is it reach or not [Music] cancel 1 do2 dot this time 3 do uh 3. 17210 3.0 we need to add here close now if you add this one also can raise the internet 3.1 and who is coming into the internet ping no no no debug debug IP icmp okay debug icmp so they are able to reach the internet right 101.1 100 okay now the request is coming from the this IP okay that we can change this is our DNS IP for by default from firewall okay now you can hit again hit need who is coming 101.3 is coming right and who is responding 1.1 is responding that you can also check from the packet capture just a minute uh Network packet capture you can reply we'll pcket we'll capture the packet from the R4 first then we can also packet capture the packet from the R2 so we R4 okay and is filter if you want to keep anything you can keep host host if if you don't if you know about the source IP like in our case 172 uh 172 3.1 is there right so we can Define 17210 do 3.1 is our source okay protocol if you don't if you don't know you can you know need to mention but if you know you can you can hit okay because the user is coming from here right so user is coming from here but but where it is it will come from the user will not come from the port port number four it will come from the port number one right so let me port number two let me do this first start heat [Music] again heat again from here heed started receive the packet stop download Who sended the request 172 10 3.1 who receive 1.1.1 who reply 1.1 to whom 170 10 31 here that is fine but here at the same time if you hit the port number four and remove this okay just hit now again start again Ask to hit okay this time see who is responding who is receiving done CH packet receive 14 packet receive stop download now see who is sending this is the DNS leave with this just focus inmp who is the sender Now 1 1.1.3 103 is sender right and where it is sending 1.1 is there anything 17210 3.1 no right so the reply will come to to one 03 not to a 10.3.1 right clear is it clear yes yes so whatever that static net static net of for into to out and the pet also be done right port address translation also be done and how we got to know a port address translation so here in the source and the destination right source and destination is there and the protocol anything like port number uh port number port number by default port number is also there okay length port number should be there anyway we'll cover in we capture in another packet so here the port number will should be there okay identification [Music] anyway Source IP destination IP protocol is there but port number is missing here but that should be there okay because in that by using the single public IP address we can allow 64,000 plus users okay anyway no problem destination Port okay leave it that we need to be know start the packet capturing by in the same day so leave it that it is not coming anyway so that part is done now the destination net we just want to allow outside user to access our inside Network okay so we want to allow this user to access our tnet or this both the server okay so what we'll do here we'll need to create some virtual IP also here again enter the policy parel policy and virtual IP is there create new create new like for the tailet tailet okay which IP they will hit 101. 1.100 101.1 do1100 10 1.1.1 100 where it will go it is already in use okay so they will use uh 104 I'm using okay this time I'm using 104 you can use anything which is not a sign also that is also fine and whenever the someone is hitting to your 104 it will redirect to your 10 do 10.1 100 so 192 16810 dot 10 Dot 100 with which with which one port forwarding we need to enable with which Port taet taet uh what is the port number of the taet 22 or 23 tet H tet is 20 uh 21 23 23 23 okay so whenever someone is hitting 104 with the port number 2 three means whenever someone is trying to do the taet to with taet to 104 it will redirect to 10. 100 and what is the 10. 100 IP this one our server IP right done 23 only one done 23 again clone this and this time whenever someone is hitting the 104 okay with the port number 24 okay 24 22 is is for the SSH right yes done again whenever someone is hitting to4 with the port number 80 80 means HTTP right HTTP yes so where it will redirect where is our HTTP server here right it will redirect to 20.00 okay yes it will readu to 20. 100 20 100 right done so what we did estate and here https here we need to change uh clone instead of Clone we'll do the SSH okay SSH here HTTP HTTP here https also we need to do we can create clone okay so 443 is a https 443 443 https yes yeah right so we need to change this as a https so we need to create the policy once again go to the policy if you check the address you'll find all these thing okay you'll find all these things whatever we created now that you'll get it here okay but in this virtual IP you can't get in the under the address okay so create new so what will that uh name tnet okay tet and SSH I'm creating single policy only request will come from the port number four request will go to port number three right the traffic will come from here and traffic where is the Tet SSS server so connected with the port number three select the port number three who will come anyone can come right anyone can come correct yes and where it where it will go ta net selected SSH ssh selected Services only a tailet and SSH okay SSH only I'm allowing okay we can Define that which can who can come for the outside user net is not required okay net is not required for the outside user done but source and the destination so in destination where it is 101104 one where it will go 10.00 right done policy created now hit from the internet now hit from the internet R3 ping not ping taet 101. 1.1.14 okay we received what is our Fireball K is our ID and password is 1 123 where we are now R2 right means this is our tet server R2 correct what we hited 104 where we reached R2 correct correct SSH Hy l 1 1.11.1 04 U I think what is the SSH command I forgot man exit okay now we already so SSH hyph right hyph s hyph select encryption login using and recognize command word login name firewall Cafe incomplete firewall I forgot this actually how to SSH anyway you got to know now that SSH and tell it s SSS say establish video image let me check if anything SSH root and the IP okay okay FAL CFE 10 1.11.1 04 now it it is asking for the password right 1 2 3 where we reached for SSH traffic also it is reaching to R2 right for tet also it is reaching to R2 for SSS also is reaching to R2 by eating which IP 101.4 right done SSS done now we'll do the tell HTTP also if you hit the HTTP traffic so for that this this is our PC let me log in 1 2 3 hit enter hit enter close what is the IP address here close one 102. 1.1.2 right start [Music] lat just a minute H I'm just holding this okay so we can also make it uh you know uh 1600 okay 1600 then apply so the screen will be a bigger okay like keep changes done okay done now right so what we did we just did nothing we just assigned the IP address now you can check it is still searching I think CMD ping 102. 1.1.1 able to reach the Gateway ping1 1.11.1 this is 1 right where it is one1 not 1 that is a one1 uh one1 done right so now from this PC we can open any browser and from this browser we can hit the 104 with the HTTP so it will redirect to our uh HTTP server okay so Nate is not just allow to access the internet it is also used for the security purpose which can hide your private IP to the public user or any other user okay and also it will allow a private public user to access your inside by hitting your virtual IP virtual IP is remember 104 is not assigned anywhere right it is it was was it assigned uh anywhere in the interface no right I did not assign correct hello hello yes yes I was not assigned anywhere right the 104 assigned any interface no it was not assigned into any interface look get router info routing uh s system s system interface hit enter it was aign anywhere no right nothing we are just we just purchase one pool of Ip from there you can use any IP 104 105 106 anything right okay it is taking more than a longer time but in future if you if you hit the 104 okay you can you can get access of your R3 okay sorry you can get off your access of your uh this R4 R4 means here if you hit the 104 101104 it with the port number 80 like HTTP service will come to the firewall firew will send to the 20.00 okay because here we given in the virtual IP like 20. 100 whenever HTTP packet will come or https packet will come by using the 104 it will redirect to 443 okay you can use for tet another IP you can use for SS you can use another IP another public IP for https you can use the 106 for https you can use the 107 that is not mandatory that you can use the single IP okay if you are having a single IP then you can use but if you are having a multiple IP you can't use that single only okay now clear yes let me do one more thing here I need to do remove okay here I'm using one another IP which IP instead of this 10.0.0 dot 1 if someone is hitting to 10.1 it will to 10.00 okay so let me do the TA net okay taet from R3 R3 okay exit ta net 10.1.1.1 or ping tell Net 10 do 1.1.1 10.1 0.0.1 right 10.0.0 do1 10 do 0.0.1 are we able to go no right SSH ssh leave with the S tell net only 10.0 0.1 we can't access right because this is the public IP this was the private IP right but at the same time if I use 10 100.1 1.15 I can go to a 10.00 okay let me try once again 100. 0.0105 okay leave it now we'll check it later otherwise again the confusion will be there okay anyway so this is the way how you're going to do and the taet it is taking longer time you guys uh can understand what actually we wanted to do here but it still it is like uh one 1 do 100 dot right 100111 04 now hit it with the HTTP okay if you hit HTTP 10011 100. 1.1.14 it will redirect to your a system okay the server here 104 it will redirect to 104 it will to 20. 100 it will take time in case of anything if it is not accepting you can also create one user okay one user you can create here user in authentication User Group you can create a group you can create a group like uh let me create a group Sunil okay Sunil is a group it will a part part of a a guest group okay sun is a member of guest Sunil will be a firewall user not the guest will the firewall user and I'm just cripping as a you can create a group of user local user User Group authentication okay User Group authentication you can use here next username Sunil password is a 1 12 3 next not now next next submit you created one user Sunil close here okay and here you can go to the policy under this policy under this 443 taet or SSH you can also allow uh athetic T tell net SSH P1 where it is uh 443 P 101.4 can reach was I created anything tet SSH was created HTTP https was created no right the policy was not created I think uh HTTP and https packet will come from R4 it will go to R5 who will come anyone can come and who will come with this the Sunil will come okay Sunil will come okay now and if you want to allow particular user you can allow but if you if you if if you don't know about the user you can keep all also okay all nting is not required because they're coming from outside then here then it is not accepting right try again okay we missed again something what where it will the destination destination we need to choose a HTTP HTTP where it will go https and Source address will be anything destination will [Music] be [Music] 104 anything wrong still the internet is here 102 102 let me do wa doed doed doed okay here here leaveit [Music] [Music] this control panel network and internet something the firewall policy I'm using anyway now we can check okay so this is the way actually uh might be some you know this is not responding okay here so this is the way how we going to configure actually clear so https HTP you can you can clear like you can configure like this packet will come from the port number four packet packet will come from the port number five Source anyone can come destination anyone can reach by hitting the 104 this this will reach with the 20. one4 1 okay so this is the way you can you need to configure [Music] this then can we stop now yeah M I think for today we should stop because if we take very longer we not going the video will be also longer and this is the way only the in the real time it is working but it is here in the my previous chapter also it was not work so I just tried whether it will work today or not okay anyway so this is the clarity all about the nitting so complete net is configured and tomorrow we'll see you with another topic

Info

Channel: FIREWALLCAFE

Views: 144

Rating: undefined out of 5

Keywords:

Id: 2txZzfeJ0Rc

Channel Id: undefined

Length: 69min 27sec (4167 seconds)

Published: Mon Feb 12 2024