![FortiBytes](/img/default-banner.jpg)
- Видео 55
- Просмотров 78 747
FortiBytes
Великобритания
Добавлен 23 май 2023
Welcome to FortiBytes, your ultimate destination for bite-sized video content focused exclusively on Fortinet products. Led by a highly certified engineer with over 14 years of hands-on experience, we are committed to providing you with invaluable insights, comprehensive video guides, engaging discussions, and exclusive walk-around events.
At FortiBytes, we understand the complexities of Fortinet's product lineup, and our mission is to simplify it for you. Our highly skilled engineer will break down the most intricate concepts into easy-to-understand snippets, ensuring that you grasp the full potential of Fortinet's cutting-edge technology.
Whether you're a seasoned professional seeking advanced techniques or a beginner looking for introductory guidance, FortiBytes is here to cater to your needs. Our weekly uploads cover a wide range of topics, including configuration tutorials, troubleshooting strategies, best practices, and in-depth discussions on the latest Fortinet updates.
Hands-On Guide: Building a FortiGate IPSEC VPN in a Virtual Lab
Dive into the fascinating world of network security with our comprehensive walkthrough on setting up a Site-to-Site (S2S) IPSEC VPN. This tutorial caters to networking enthusiasts and professionals aiming to connect two critical locations seamlessly using the FortiGate-to-FortiGate configuration wizard.
🔍 In This Video:
1. Robust VPN Configuration: Learn how to configure an IPSEC VPN with ease, using the FortiGate-to-FortiGate wizard.
2. VMWare Workstation Lab Environment: Explore our setup involving two FortiGate Firewalls in a VMWare Workstation Lab, providing a practical and controlled setting for learning.
3. Windows 11 Lite Hosts: Utilizing two Windows 11 Lite Hosts to visually demonstra...
🔍 In This Video:
1. Robust VPN Configuration: Learn how to configure an IPSEC VPN with ease, using the FortiGate-to-FortiGate wizard.
2. VMWare Workstation Lab Environment: Explore our setup involving two FortiGate Firewalls in a VMWare Workstation Lab, providing a practical and controlled setting for learning.
3. Windows 11 Lite Hosts: Utilizing two Windows 11 Lite Hosts to visually demonstra...
Просмотров: 381
Видео
Mastering Deployment Of Fortinet Products Using VMware Workstation
Просмотров 4536 месяцев назад
Embark on a comprehensive journey to master the deployment of Fortinet products within a VMware Workstation environment. This guide is designed for individuals looking to enhance their network security and virtualization skills. We start with the basics of deploying a FortiGate Firewall in VMware Workstation before moving on to setting up the virtualized network environment for success. Through...
Using FortiManager Series: Lets add another site (Poland) but fully automate its onboarding PT8
Просмотров 2967 месяцев назад
In this video, we close off the series by adding in another Spoke (Poland) but this time we onboard it to our defined standards using a Device Blueprint. We finish up by proving that Poland can ping all other sites and I show a little trick around understanding when traffic is using a ADVPN shortcut using its Time to live (TTL) value. // Timestamps // 00:00 - Video Introduction 00:35 - Help me ...
Using FortiManager Series: Mastering Configuration Backup/Restore, Variables & Scripts PT7
Просмотров 7627 месяцев назад
In this video, we will be looking at how to use FortiManager Cloud, Meta-Variables, and Scripts in PT7. If you want to get ahead with FortiManager, this video is for you! We will be discussing how to use FortiManager Cloud, Meta-Variables, and Scripts to manage your FortiManager environment more effectively. We'll also be covering some common uses for these tools, so be sure to watch and learn!...
Using FortiManager Series: Escape the Manual Hassle: IPSEC VPN Mesh Automation PT6
Просмотров 5937 месяцев назад
In this video, we continue from Part 5 in getting to the good stuff in using FortiManager and various Templates to create a Hub and Spoke Hub and Spoke Architecture between (UK, France, Germany and Sweden) using Fortinet Auto Discovery VPN (ADVPN) this video is a relatively long one. Still, it covers everything you need to know including VPN Creation, BGP Creation, and Firewall Policy Creation ...
Using FortiManager Series: Overview of Sidebar, Object Configuration & Revision History PT5
Просмотров 4787 месяцев назад
In this video, we continue from Part 4 but slow the pace down as I understand that 4 videos published in 48 hours might be a little much by looking at the left-hand sidebar and its sub-headings and how these objects are attached to the Policy Package. The video also covers the ultimate get-out-of-jail card in Object Revision History. // Timestamps // 00:00 - Video Introduction 00:45 - Firewall ...
Using FortiManager Series: Adding MORE FortiGates & Policy Packages Advanced PT4
Просмотров 4787 месяцев назад
In this video, we continue on from Part 3 by adding more FortiGates using different FortiManager onboarding methods and demonstrating how policy packages would be utilized in a production environment. * The release of these videos is super fast-paced with 1/2 a day for the next week so look out for the next in the series! I might already be released! // Timestamps // 00:00 - Watch the previous ...
Using FortiManager Series: Working with Policy Packages! PT3
Просмотров 9177 месяцев назад
This video continues on from the second video. We take a little deeper look into Policy Packages how they are used in our current deployment, how to add and remove them and what happens when you cause a database conflict between FortiGate and FortiManager. PT2: ruclips.net/video/F9uhDpK4PqM/видео.html // Timestamps // 00:00 - Video Introduction & What the other videos covered 00:53 - Logging ba...
Using FortiManager Series: Adding the First FortiGate! PT2
Просмотров 7327 месяцев назад
This video continues the first video and covers prepping the environment further and adding the first FortiGate to FortiManager Cloud. The video covers everything from registering the FortiGate to its inside the same FortiCloud account as the FortiManager to adding the device into FortiManager. We also cover Policy Packages and ensure the ADOM is properly set up. PT1: ruclips.net/video/cT_wG2GT...
Using FortiManager Series: Deploying With FortiCloud PT1
Просмотров 1,2 тыс.7 месяцев назад
In this video series, I'm going to demonstrate how to get the best out of FortiManager. This first video will cover how to deploy using FortiCloud (Fortinet's Managed Hosting Option) and also what I class as the pre-staging in selecting the FortiManager version that is compatible with your FortiGates. // Timestamps // 00:00 - Video Introduction 00:20 - Registering FortiManger Cloud 01:35 - Logg...
Fortinet: Free Training Lab Enviroments (Hands On Lab's)
Просмотров 1,4 тыс.8 месяцев назад
Get ready for an immersive journey into the world of Fortinet as I guide you through the Fortinet Hands-On Lab (HOL). Designed exclusively for NSE4 (FCP) and NSE7 (FCSS) certified engineers, this lab is a treasure trove of training opportunities covering a wide array of Fortinet products. From best practice deployments to mastering the intricacies of Fortinet's offerings, we're delving into it ...
FortiGate: Why Series? Secure Your Device PT2 (Local-IN Configuration)
Просмотров 3278 месяцев назад
Dive into the nitty-gritty of network security with Part Two of our video series! We're ditching the trusted hosts and stepping up our game by securing administrative access to the management plane with a Local-In policy-CLI style. No fluff, just a straightforward walkthrough that impacts HTTPS, SSH, PING, API, VPN Traffic, and more. I'll guide you through the process using two Windows jumpboxe...
FortiGate: Why Series? Secure Your Device (Trusted Host Configuration)
Просмотров 3308 месяцев назад
Ready to bolster your FortiGate Firewall security? Join me in this step-by-step tutorial where I demystify the intricacies of configuring Trusted Hosts. After years in the consultancy game, I'm here to spill the beans on the common pitfalls that may unknowingly expose your device's admin panel to the wide web. Learn the ropes as I guide you through the correct setup for Trusted Hosts, ensuring ...
FortiGate: Why Series? Discovering Different VPN's (SSL, IPSEC & ZNTA)
Просмотров 5338 месяцев назад
Dive into the nuances and applications of popular VPN deployments. Starting with Fortinet's SSL VPN, we explore both Web Mode and Client Mode, paving the way to the potential new world in ZTNA. Before moving to ISPEC VPN. SSL VPN Modes and Operations ZTNA for Enhanced Remote Connectivity IPSEC VPN for Site-to-Site Security Understanding ISPEC VPN, featuring ADVPN Empower your VPN knowledge with...
FortiGate: Why Series? Virtual Domains (VDOMs)
Просмотров 5358 месяцев назад
In this video, I explain what a Virtual Domain is and more importantly, provide some practical use cases on how they are used in the real world sharing my own experience on how they have been used in the 15 years. The purpose of the WHY? series is to answer common questions and explain why you need to use a certain technology. It's not designed to be highly technical. Other videos will follow t...
Fortinet Training & NSE Certification Updates - Deep Dive
Просмотров 2,3 тыс.8 месяцев назад
Fortinet Training & NSE Certification Updates - Deep Dive
Fortinet Tutorial: Public Cloud Four Site ADVPN Mesh (Using the Fabric Overlay Orchestrator)
Просмотров 5519 месяцев назад
Fortinet Tutorial: Public Cloud Four Site ADVPN Mesh (Using the Fabric Overlay Orchestrator)
SDWAN/ADVPN Series: Virtual FortiGate Deployment (AWS)
Просмотров 1019 месяцев назад
SDWAN/ADVPN Series: Virtual FortiGate Deployment (AWS)
SDWAN/ADVPN Series: Virtual FortiGate Deployment (Microsoft Azure)
Просмотров 3089 месяцев назад
SDWAN/ADVPN Series: Virtual FortiGate Deployment (Microsoft Azure)
SDWAN/ADVPN Series: Virtual FortiGate Deployment (Google Cloud)
Просмотров 22810 месяцев назад
SDWAN/ADVPN Series: Virtual FortiGate Deployment (Google Cloud)
FortiGate: Security Fabric Configuraton & Policy Sync
Просмотров 3,7 тыс.10 месяцев назад
FortiGate: Security Fabric Configuraton & Policy Sync
FortiGate Firewall: Basic SDWAN Traffic Steering
Просмотров 56310 месяцев назад
FortiGate Firewall: Basic SDWAN Traffic Steering
FortiGate Firewall: Connectivity Provider's device bypass (DHCP Option 61 & PPPOE)
Просмотров 50411 месяцев назад
FortiGate Firewall: Connectivity Provider's device bypass (DHCP Option 61 & PPPOE)
FortiGate Firewall: Why use Fortinet Single Sign On (FSSO)? What are the benefits!
Просмотров 2,6 тыс.11 месяцев назад
FortiGate Firewall: Why use Fortinet Single Sign On (FSSO)? What are the benefits!
FortiClient/EMS/FAC - Native Azure AD / Microsoft Entra ID and Fortinet Single Sign-On (FSSO) PT3
Просмотров 2,5 тыс.11 месяцев назад
FortiClient/EMS/FAC - Native Azure AD / Microsoft Entra ID and Fortinet Single Sign-On (FSSO) PT3
FortiGate Firewall: Factory Reset (Button & CLI Based)
Просмотров 6 тыс.11 месяцев назад
FortiGate Firewall: Factory Reset (Button & CLI Based)
FortiClient/EMS - Azure AD / Microsoft Entra ID Intergration PT2
Просмотров 1,4 тыс.11 месяцев назад
FortiClient/EMS - Azure AD / Microsoft Entra ID Intergration PT2
FortiClient/EMS - Azure AD / Microsoft Entra ID Intergration PT1
Просмотров 3,3 тыс.11 месяцев назад
FortiClient/EMS - Azure AD / Microsoft Entra ID Intergration PT1
FortiGate Firewall: Life of a packet troubleshooting
Просмотров 7 тыс.11 месяцев назад
FortiGate Firewall: Life of a packet troubleshooting
FortiGate Firewall: Automation Stitch
Просмотров 1,1 тыс.11 месяцев назад
FortiGate Firewall: Automation Stitch
Subscribed - great video
Awesome, thank you!
Hey buddy! May I ask, using SSO with deep packet inspection configured, can I still exclude certain category of websites like finance without any problem?
Great video and explanation of this topic. I'm just getting started with Fortigate and looking forward to more of your videos. Thank You
You’re very welcome. Loads of videos on the channel already I had to take a break but more videos will be arriving shortly!
Good video. I just bought my fortigate and thought it was protecting me but it wasn't.
Make sure you look into some of the other videos on the channel, specially deep packet inspection as most of the traffic going through your device is encrypted so you need some additional steps to be able see into that traffic.
@@FortiBytes thanks, I had enabled everything but had to back it down due to certificate warnings
Excellent! Thank you for these videos.
You’re very welcome more soon!
Golden! Thank you 😊
You’re welcome, more videos soon.
Thanks dude
Happy to help
Hello, I would like to ask three questions 1. Is there an architecture diagram of this video, including all IP addresses? 2. Is there any pre-configuration that needs to be completed at the beginning of this video, such as IPSEC VPN SDWAN, and then set up after the VPN is established? 3. Regarding FAZ IP, I don’t know much about it here. Are the FAZ IPs of HUB and SPOKE the same? If so, do all the points need to be connected to the same FAZ in the front end?
Hi thanks for reaching out answers below 1. I’m afraid there isn’t an architecture diagram, I’ll look at doing this for future videos. 2. This is part of a video series please watch the videos prior to this one. 3. All FortiGate devices should point to the same FAZ unit. This will then be distributed via the security fabric.
What event did you use at 2:55 to detect WAN1 sdwan is down or up? SDWAN status warning? or?
Hey, I belive its covered at 01:50
@@FortiBytes So I dont seem to be getting any log/alert of "Routing information changed" when my sdwan route gets turned off.. Do I need to enable detailed logging somewhere?
Thank you for the video. I do have a question: Why in the case of internal traffic leaving to internet we need to apply even the IPS Signatures and Filters ? Is it just enough to enable Block Malicious URLs and Outgoing Connections to Botnet Sites ? so you can save memory and cpu ?
Hey, great question and its something that comes up quite frequency. IF you have the resources to do so then its best practice to apply IPS to outbound policys also. Sometimes malware gets inside your envrioment meaning that the traffic orginates from the inside lets use a TCP based reverse shell for example communicating back to a know C&K server.
Hey, I know Dave!
Really nice guy and a colleague now.
Forgive me, I am pretty new to Fortinet equipment and still learning. What benefit would there be to use this if I were to use FortiManager in an enterprise? Would this work the same as a ADOM in FortiManager which shares a policy and object database with devices in the same ADOM? Great video and fantastic explanation! Thank you!
Hi Will, good question! Let’s say that your company was called companyx but you had no requirement to manage or segment the deployment then your basically just using a single adom. Where the magic happens if your a larger company or a mssp and you need to manage several companies let’s say companyx, companyy and companyx then you could create separate adoms from them all. Everything inside a adom is segmented however you still have the ability to deploy global policy’s that can be shared across adoms (very common with Fortinet mssps)
Thanks for this!
My pleasure!
Very helpful video, nice and clear, thanks.
Glad it was helpful! Your Welcome!
Commendable attitude on sharing your knowledge my brother, but i got a question that is bothering me and acctually made me stuck with the firewall study. I got an Fortigate 7.4 running in VMWare, and there is a LAN segment where i put the VMs i'm using as a lab, and even with he Fortinet_CA_SSL.cer installed on both OS and browser, i still got the same error, and it does not allow me to "Accept the risk and continue". I've litterally have done only this, created a permissive policy and added the SSL inspection, as soon as i turn off the inspection, it turns back to work propperly. THE ERROR "Firefox detected a potential security threat and did not continue to www.google.com because this website requires a secure connection." Thank you for your content, hope you see my comment, peace for you my man.
Great video!
Thank you!
Good video! In my case when i enable the proxy arp, there's no need to configure a policy because allows all traffic automaticaly. I don't want to allow all the traffic, but when i create the policy it still allows all, any suggestions?
Hi what switch and FortiOS version are you using I’ll test it! I think it might have changed between versions. Also not all switches support it.
Hi! I'm using FortiOs 7.4.3 and a Fortiswitch 448D@@FortiBytes
Like the video but increase the font size on the cli
Ok will do thanks for the feedback!
Can I set up security fabric without FortiAnalyzer?
No you cannot a FortiAnalyzer is a requirement
unfortunately many countries like china use DPI in order to filter the internet
Can you please help me with setup ZTNA + NPS extension (AZURE) to provide the MFA when HTTPS and TCP forwarding ZTNA?
Hey, have you checked out my ztna video?
Thank you!
You're welcome!
Awesome work! Keep it going!
Your very welcome I hope the videos help this is part of a wider series.
I'm really happy this feature got carved out of the DLP feature
Very helpful examples!
Hopefully we get to enjoy Web Filtering for a while longer before Encrypted SNI grows in adoption and will start to require Deep Packet Inspection to work
many organizations don't realize the FortiGate (or any other NGFW) is way less powerful with Deep Packet Inspection, good points Chris.
we're starting to look into FortiFlex too at our MSSP. We're hinging on starting off using it as a flexible pool of points to spin up lab environments in a private cloud environment and "PAYG".
Great video, thanks for sharing. New subscriber
You’re very welcome, it’s part of a series!
In my experience, customers rarely care about intra-VLAN communication. They should be caring though. Enabling this FortiGate/FortiSwitch-feature brings the neccesary extra visibility and enforcement controls like you showed us. Good video Chris!
Good find! Was it the following article you stumbled upon? belegdal.wordpress.com/2019/03/11/serial-access-to-fortiswitch-108d-via-netcat/
While being aware of the CTAP program, I haven't used it. Maybe I should have. Thanks for showing us how the process looks, very interesting!
Definitely do I had almost a 90% win rate of new customers when using ctap.
When I initially encountered FortiDeceptor as a new product, I was quick to label it a honeypot. Since it came out, it has definitely proven itself way more capable than just a honeypot.
having this kind of device posture / compliance checking for network-level access to a network resource is killer and I bet we'll see a steep rise in the adoption of technologies like these moving forward
I've had the pleasure of meeting Vincent during an Xperts event in the Benelux on FortiPAM, very smart guy and loved listening to his presentation.
UDP support for ZTNA (TFAP? UFAP?) along with pre-logon connectivity would be game changers
wondering if Fortinet is using their own "Endpoint Vulnerability" signatures for this scanning or a third party engine, and if Fortinet will ever (re)publish a network-based vulnerability scanner for self hosting.. :)
these screens are huge!
Looking forward to the existing and future content!
hey bro, thanks for these
No worries is there anything specific you’d like to see?
Honestly, we're just starting the deployment of ZTNA so I don't even know what I don't know. ya know? I am getting some permission errors when trying to connect, something with the graph API. do you know anything about that? I haven't been able to find help@@FortiBytes
What are the requiremnts so that one will be working FORTINET TAC support
Very much depends on the level of TAC but the highest level are very very talented.
How do you get access to this
You need to be a Fortinet partner if you are speak to your account manager who can get you setup on the portal. If you need equipment supplying to be able to do ctaps then most distributors will loan you the equipment. Larger partners have their own ctap stock. If you have any other questions just ask!
@@FortiBytes what is required to setup this equipment wise
You need specific FortiGate hardware I have used 80F and 100Fs mostly it comes down to the amount of traffic that is going to be sent to the devices. Make sure you run version 7.2.x of the ctap also it’s just better so that rules out a couple of devices that don’t support that image such as 100ds
One thing I've learned after years of managing FortiGates is to never use the VPN wizard. Always build custom tunnels and create your own firewall policies.
I have a tendency to agree but for users that need a little help it’s not so bad. I’m seeing a real shift in how it used to be where you simply had no choice other than to create it manually because of different vendors and their IPsec/IKE implementation to purely Fortinet probably because of the ASICS on the boxes being superior to anything else but that’s another video 😂 Thanks for commenting!
Can’t wait because fortinet support drives me crazy
There is like 60 videos on the channel already 😂
@@FortiBytes I seen that been watching some today they have been very helpful in understanding fortinet much appreciated! I’m sure I’ll reach out soon with questions
Please do! Any content you would like to see?
Hyper-V Next? 😃
Perhaps in future videos might aswel try and cover them all right!
Great video! Thank you
You are welcome!
indeed, a knowledgeable session, loved it!!
Glad you enjoyed it thank you for the feedback! So many other videos on the channel now check them out!
Big Thanks for this vid
You’re very welcome!
Awesome Video! The Policy-Package Spoke: If you have a special requirement for one spoke, lets say tcp/1234 to some server in WAN. Would you apply a different policy package to that spoke or just apply that to you default policy package?
Hey @kevindylla1528 good question. If it was just one spoke with a slightly different configuration. If you go into the Policy Package and scroll across until you see an option called "Install On" you'd then just select the specific device only. That being said I have seen deployments where another policy package would be created its very much user-specific. I personally avoid trying to have many "Policy Packages" in favour of keeping the deployment clean. FortiManager "Install On" informaton - docs.fortinet.com/document/fortimanager/7.4.1/administration-guide/478072/install-policies-only-to-specific-devices I hope the answer helps!