![ToThePoint Fortinet](/img/default-banner.jpg)
- Видео 39
- Просмотров 681 819
ToThePoint Fortinet
Добавлен 22 янв 2022
Common FortiSwitch Topologies: Ring and MCLAG
In this video we will cover two common FortiSwitch topologies when managed by FortiGate firewall.
0:00 Topology #1 - Ring Topology
1:55 Topology #2 - MCLAG
4:54 Considerations
6:13 Topology #1 Configuration + testing
11:39 Topology #2 Configuration + testing
0:00 Topology #1 - Ring Topology
1:55 Topology #2 - MCLAG
4:54 Considerations
6:13 Topology #1 Configuration + testing
11:39 Topology #2 Configuration + testing
Просмотров: 10 006
Видео
Fortinet Video Surveillance - FortiCamera, FortiRecorder
Просмотров 2,1 тыс.Год назад
In this video we cover: - 3 different network configurations for FortiCameras: 1) FortiCameras on same network as FortiRecorder(wired) 2) FortiCameras on different network than FortiRecorder(wired) 3) FortiCameras connected to WiFi - FortiRecorder NVR setup - How to view video feeds in FortiCentral 0:00 Overview 0:15 Initial VM Configuration/Licensing 1:28 Third Party Cameras (ONVIF) 1:40 Add r...
2FA with FortiToken 400(FIDO) and FortiAuthenticator SAML IdP
Просмотров 4,2 тыс.Год назад
We will cover 2FA with FortiToken 400 using FortiAuthenticator as a SAML IdP and FortiGate firewalls as SP's. 0:00 Overview 0:37 FortiToken 400 (FIDO) 2:47 FortiAuthenticator SAML Configuration 5:15 Self Service Portal FIDO Key 9:48 Results: FortiToken 400 with SAML authentication 10:28 Another test scenario with FortiClient SSL VPN
FortiGate Firewall Initial Config(QuickStart)
Просмотров 7 тыс.Год назад
Fortinet - FortiGate quickstart guide which covers basic configuration Firmware version 7.0.9 used for this video 0:00 Accessing FortiGate 0:45 Network Configuration 2:56 Firewall Policy 4:02 Registration
FortiAuthenticator as a SAML IdP
Просмотров 6 тыс.Год назад
This video covers an introduction to SAML and how to configure a FortiAuthenticator as an IdP and FortiGate as SP's SP entity ID field for FortiGate admin GUI: x.x.x.x/metadata/ SP Login URL for FortiGate admin GUI x.x.x.x/saml/?acs SP Logout URL for FortiGate admin GUI x.x.x.x/saml/?sls 0:00 - SAML Overview 2:52 - FortiGates as SP, and SAML Flow 5:16 - Topology 5:53 - FortiAuthenticator iDP Co...
Auto VLAN and QoS for VOIP Phones (FortiSwitch managed by FortiGate)
Просмотров 8 тыс.Год назад
In this video we cover VLAN assignment and QoS using LLDP-MED enabled phones and FortiSwitch github link: github.com/ttpfortinet/Configurations/blob/0fd47326fc7d957f5fd58438ff7a3803081248a2/FortiSwitch auto VLAN and QoS for VOIP Phones.txt Firmware used in this video: - FortiGate 7.0.6 - FortiSwitch 7.0.5 - FortiFone 3.0 build 234 0:00 Overview 2:38 Interface DHCP Option 66 Configuration 3:23 F...
FortiGate/FortiSwitch 802.1x port authentication (and MAB) with Windows RADIUS
Просмотров 11 тыс.Год назад
We cover two 802.1x scenarios with Windows Server NPS: 1) 802.1x authentication with user/password authentication 2) 802.1x Mac Authentication Bypass (MAB) 0:00 Overview 1:27 FortiGate RADIUS Client Configuration Testing 2:07 FortiSwitch to RADIUS Server firewall policy 3:28 RADIUS Policy Configuration Testing 4:33 802.1X Policy Configuration 6:03 Switchport Diagnostics 6:47 Win7 client/supplic...
NAC Control with FortiGate + FortiSwitch
Просмотров 8 тыс.Год назад
Basic NAC (Network Access Control) with FortiGate FortiSwitch. 0:00 Example1: NAC based on MAC Address 3:35 Example2: NAC based on Operating System
Manage FortiSwitch with FortiGate, FortiOS 7.0
Просмотров 27 тыс.Год назад
We will cover how to manage a FortiSwitch via the FortiGate - currently (as of 7.0 firmware) Some commands used in the video: exec switch-controller get-conn-status exec switch-controller get-sync-status all diagnose switch-controller switch-info ? diagnose switch-controller switch-info port-stats diagnose switch-controller switch-info mac-table exec switch-controller get-physical-conn dot diag...
Fortinet Automation: High CPU + Quarantine Example
Просмотров 2,8 тыс.Год назад
How to use automation stitches and if/then (or Trigger/Action) logic to automate responses/alerts. Two example use cases are: 1) High CPU Email Alert 2) MAC quarantine based on Virus detection MAC Quarantine CLI Action config user quarantine config targets edit "mac_quarantine" config macs edit %%log.epmac%% end end end 0:00 Overview of FortiGate Automation 2:10 Example1: FortiGate High CPU 4:0...
FortiGate: Reset Administrator Password
Просмотров 27 тыс.Год назад
How to Reset the FortiGate Administrator password if it has been lost/forgotten. Console access is required, I'm using the following two cables to obtain this access: 1) USB to Serial Adapter 2) R232 to Ethernet cable
FortiGate: 5 Tips That You (Probably!) Didn't Know
Просмотров 10 тыс.Год назад
0:04: #1 Multiple Interface Policies 0:41: #2 Policy Lookup 1:33: #3 GUI to CLI Commands 2:30: #4 References/Dependencies 3:33: #5 Searching via the CLI
EVE-NG and FortiGate Installation
Просмотров 11 тыс.Год назад
We cover BOTH eve-ng and FortiGate installation so you can create a quick lab environment for testing/troubleshooting FortiGate's 0:00 Overview 0:10 Evaluation FortiGate VM's 1:04 Download Install EVE-NG 3:40 Download Install FortiGate
Windows Login with 2FA - FortiAuthenticator
Просмотров 10 тыс.2 года назад
In this video, we go over how to configure FortiAuthenticator Windows Agent with FortiAuthenticator to enable 2FA on a Windows login prompt 0:00 FAC Agent Install/Initial Config/Testing 3:14 Simulation/Testing 5:45 Exempt users/Testing 7:42 Change Title Image 8:52 Default Domain 9:05 Login Prompt Testing 9:57 Disable Built-In Password Providers
FortiGate: Configure IPSec with FortiClient using Certificate authentication/local CA
Просмотров 8 тыс.2 года назад
Configure IPSec with FortiClient using Certificate authentication/local CA 0:00 Overview 1:08 2 Implementation Comparisons 1:28 Implementation #1 - Certificate creation 3:12 Implementation #1 - FortiGate Configuration 7:32 Implementation #1 - FortiClient Configuration/Testing 9:17 Implementation #1 - Explanation of Certificate Placement/Testing 11:31 Implementation #2 - Certificate creation 12:...
FortiAnalyzer Initial Configuration/Usage
Просмотров 10 тыс.2 года назад
FortiAnalyzer Initial Configuration/Usage
FortiGate: Factory Reset (CLI and Pinhole Method)
Просмотров 145 тыс.2 года назад
FortiGate: Factory Reset (CLI and Pinhole Method)
FortiGate Troubleshooting - Debug Flow with Examples
Просмотров 10 тыс.2 года назад
FortiGate Troubleshooting - Debug Flow with Examples
Fortinet: FSSO with TSAgent, FortiGate, FortiAuthenticator
Просмотров 3 тыс.2 года назад
Fortinet: FSSO with TSAgent, FortiGate, FortiAuthenticator
Fortinet: FSSO with DCAgent, FortiGate, FortiAuthenticator
Просмотров 11 тыс.2 года назад
Fortinet: FSSO with DCAgent, FortiGate, FortiAuthenticator
Fortinet: Upgrading and Downgrading FortiGate Firmware
Просмотров 11 тыс.2 года назад
Fortinet: Upgrading and Downgrading FortiGate Firmware
Fortinet: Configuring HA on FortiGate firewalls
Просмотров 29 тыс.2 года назад
Fortinet: Configuring HA on FortiGate firewalls
Fortinet: Packet Capture on FortiGate firewall - 8 Examples
Просмотров 7 тыс.2 года назад
Fortinet: Packet Capture on FortiGate firewall - 8 Examples
Remote Worker FortiAP (Wireless Controller)
Просмотров 4 тыс.2 года назад
Remote Worker FortiAP (Wireless Controller)
Manage FortiAP with FortiGate (Wireless Controller)
Просмотров 29 тыс.2 года назад
Manage FortiAP with FortiGate (Wireless Controller)
FortiGate: Inbound Deep Inspection/TLS Offloading
Просмотров 7 тыс.2 года назад
FortiGate: Inbound Deep Inspection/TLS Offloading
Deep Inspection on FortiGate firewall with 5 Examples
Просмотров 19 тыс.2 года назад
Deep Inspection on FortiGate firewall with 5 Examples
Fortinet: Hairpin NAT (or NAT loopback) with FortiGate
Просмотров 12 тыс.2 года назад
Fortinet: Hairpin NAT (or NAT loopback) with FortiGate
Fortinet: Port Forwarding(Virtual IP) with FortiGate firewall
Просмотров 26 тыс.2 года назад
Fortinet: Port Forwarding(Virtual IP) with FortiGate firewall
thanks for sharing.
just great. thanks for sharing.
Tried this so many times and changed options, my tunnel always shows inactive
THANK YOU THANK YOU THANK YOU. I had everything correct - except setting the VIP as the destination. I had the VLAN set as the destination. Thank you!
Straight forward and time saving :) thumbs up!!
Hi is it possible to revert downgrade the HA Cluster on the method2?
Interesting video, well done ! Thanks
Gracias me fue muy util, tu informacion
thanks for sharing
Mine does not let me type my serial number 😢
Reset button doesnt work?
Good stuff.
Do we have to have a windows server to do do MFA with a Fortinet VPN?
mine turns down after 4 seconds
Hello, how do you backup and restore on different Fortigate types, for example from Fortigate 60D to Fortigate 61f.
can i use different /30 subnets in port1 and port3 of active & passive firewall? and if i configure eBGP neighbor using port1 and port3, then what attribute will differentiate routes published from active & passive firewalls?
Any benefit of using IPsec vs just SSL VPN?
Many Tanks, you save my ass :)
Very useful. Thanks mate!
Very well explained. Thank you!
Great job! it worked smoothly, could you do one for the SMS gateway (hopefully Free service LOL)
thank you, this video was super helpful
Great video, all the info a person would need and none you don't. Thanks so much! :)
this has been so very helpful
Nice video, thanks.!
Hello! Can we backup from old and to new box with different model of fortigate
No, you need FortiConverter for that
thanks for sharing this VD
Great Video !!! I just want add - "diag vpn ike log-filter name *TUNNELNAME*" will help you to filter the logs of specific tunnel.
This extremely helpful speedy video of the day
HI priority of both firewalls is showing 128 default. So how these firewalls become primary and secondary???
thanks you for sharing this VD
thankss for your explication!!
After HA gets sycnrhonized, will FG2 change it's primary/external IP address or keep the separate one that it started with?
The reason i ask is realted to IPSEC Tunnels
Yes fg2 will change its external ip to be the same one as fg1. Although fg2 won't actually 'claim' the fg1 ip from a networking perspective until fg1 goes down
Should FG2 start out with zero polices/networks/vlan/other-configuration, other than a public IP address?
Yes no config needed on fg2, just need to be able to access it so even pub ip not actually needed
How about machine certificate? So you want just a certificate for machines to restrict which machines are used to connect to SSL VPN or maybe this is done with another feature / product
You should be able to use a similar process to make machine cerrt work too. Ie. I see no reason why machine cert won't work
Can I create a LAG across multiple FortiSwitch aka MC-LAG for redundancy? For example, I want to connect my server to multiple FortiSwitch with LACP LAG for redundancy. If yes, how can I achieve that on the FortiSwitch side?
Check out this video which shows how to configure MCLAG: ruclips.net/video/OpfhQxkQyog/видео.html After MCLAG is configured, then I assume your server can bond links with LACP? In which case, you go to WiFi & Switch Controller > FortiSwitch Ports > Trunk and Create New Trunk Group, select ports on both FortiSwitch MCLAG members
Hey, if I have a third-party downstream switch (such as Juniper) that I want to connect to upstream FortiSwitch. How can I tag all the VLANs on the FortiSwitch port that is connected to a third-party switch?
On the FortiSwitch port connected to Juniper port, you would conifgure "Allowed VLAN's" and specify the VLAN's that you want communicated to the Juniper side. The allowed VLAN list for each port specifies the VLAN tag values for which the port can transmit or receive frames. See more: docs.fortinet.com/document/fortiswitch/6.4.6/administration-guide/146333/vlans-and-vlan-tagging#Allowed
Наглядно и понятно даже без перевода. Спасибо.
Thank you for your great tutorial, one question.. did you make the configuration for 2nd fortigate same from master FG before configure HA? or the configuration will be automatically synchronize after HA connected.
Hi, config will auto sync after HA is established
hi can u help me? in the HA, only 1 firewall is seen even after configuration
Thank you friend.
Hi. any clues on how to reset factory defaults on a fortianalyzer 200d ? ive tried this and doesnt work.
It would be helpful if in method 1 you provided instructions on how to connect to the CLI with Putty. The instructions on Method 2 are not clear either. You mention to hit the reset pin when the status light strats blinking but you dont mention how to get the status light to blink. its just solid on my unit. Reset pin does not appear to be accomplishing anything
good points, although to make this video the length that it is, some assumptions need to made by the video creator. For Method1 I assumed the user would know how to access the FortiGate via SSH/Serial etc...--> for Method2 I figured it's assumed to be from initial power on, but I should have stated that in the video
you are awsome man! thanks for the help
i love ti, thanks
in 5:00 , why you used "set auto-isl disable" ?
Auto-isl is use to auto discovery trunks port. In this case cause for phones or pc you need access port, its best practice to disable it to avoid that other connect unauthorized switches and form a trunk.
@@zalamander80thanks
Thank you
I have a problem, I have formatted with the second option, but when I return it from the factory, and I want to log in, I put admin and no password, but it keeps giving me a login error, what could be the reason? I have formatted it a couple of times but the same thing
Sounds like it's not factory resetting. Maybe try the second option again, but also connect a console cable and see the output. If there's a problem with factory resetting via pinhole it might display an error message via console
How you connect HA ports? Directly HA to HA or you connected it via switch? What cable are you used?
Direct is most ideal(ie. I can't think of why we'd want to introduce a switch unless it's necessary such as if both firewalls are physically located further from each other) . A switch can be used too though (just gotta make sure the frames get forwarded by the switch).
Clean!