Видео

You are welcome 🙂

Dude what is this all about 😂

Thank you! Cheers!

Great to hear that 🙂😊 Glad that it helped you

I'm glad it was helpful to you!

You are welcome, I'm glad it was helpful, & I'm planning to make more beginner-friendly videos in the future 😊

Hi bro, I believe firstly you need to check if all the hosts can atleast ping their respective default gateways that you have configured on fortigate. For Example a host in VLAN 5 should be able to ping the VLAN 5 interface you have configured on your fortigate. Once done As you are new, i recommend creating a permit all policies for all interfaces & check if communication is working between vlans & then slowly tighten the firewall policies by specifying networks instead of ANY/ALL.

@@doctor.networks THank you DN, I hope you can make a video scenario like mine, my AP is just a home grade Asus RX router or TPLink Decos.

😊

Waslam, Thank you & I'm glad it was helpful to you 😊

You are welcome, Glad it was helpful!

Glad it was helpful 👍

Glad to hear it!

Noted, will try to make a video on it soon.

@@doctor.networks Thankyou

Glad it was helpful!

Welcome 😊

Thanks bro, Good to know you liked it

Yes exactly, you would need two set of contracts. The same way I configured for one, you configure for the other side as well. Thanks for the comment 👍

Normally you will not have to go thru all this again & again, you have a quick way to create profiles in ACI as well. Moreover the problem mainly comes between the VPC & NON VPC ports(Normal Access/Trunk). If you dedicate everything as NON VPC & your server team is OK with it then a master profile can work. But I know that somewhere you're going to need VPC's then it will be a little hasle removing those interfaces from profiles & creating a VPC profile for them.

@@doctor.networks Thank you for the reply! The networking team in our company and I are still pretty "old-school". We're using legacy NX-OS without anything fancy like VXLAN, so all of this looks extremely unintuitive to me. Right now, when the server team tells us they need 4 channeled ports, we SSH on the the VPC pairs in the rack, copy our VPC template over the ports, allow the VLANs they need and that's pretty much it. And when the server gets removed later on, we simply default the port. Having to do a switch profile for every leaf and then a new interface profile for every used port seems like a *lot* of extra work rather than simplifying it. After having done all the profiles and policies and whatnot, you then also still need to go in the EPGs menu and link all the needed EPGs to the ports. (Which can be a whole lot, like we have server that access 20-30 VLANs, so instead of "sw trunk allowed vlan 100-130", it's going through 30 individual EPGs menus now...?) And when the server gets decommissioned, you have to find and delete profiles (among the hundreds or thousands others) and remove the static bindings in the EPGs. You have every switch and port accessible from the same system, which is super cool, but if having to go through a dozens of menus takes more time than SSH-ing to the switches and configuring the ports manually, something about the whole ACI things seems odd to me. -- We've ordered a lab for next month and I'll be trying your videos to build it myself and experiment a little before having a session with our cisco rep over what the best approach for our usecase and current hiearachy is.

Thanks mate. Appreciate your comment, X forwarding only pulls out the client source IP (which could be a Internet Public IP) & puts that in the HTTP header, that packet will be sent to the backend servers. There is nothing as such that will be exposed to the client actually so i think it's pretty safe.

You are welcome brother 👍

Bro it's been a long time since I have looked into Duo 😀 but you would certainly need to have a SMS API setting in the duo cloud. check if it's supported

Hi Sandeep. It is a single physical Interface. There are 3 logical interfaces with vlan tags,same as you would do via a trunk.

Thank you so much 😀

Welcome bro. Ye 100% will work with HA firewalls as well.

@@doctor.networks thanks bro

I'm glad it helped

Waslam, No brother didn't had the time but in future InshAllah will do.

Thanks man glad it helped. I'll have to see how I can do a lab which involves DB & WEB

hhhhh what do you mean by "rn"?

I still read comments here brother 😀 You are very welcome. When I was making this video I didn't knew it would help so much people. I'm happy that it helped you.

Glad you liked it Brother

I'll put it there 😀

Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.

Welcome, Yes sure will do 🙂

You are welcome brother

I think recently they changed it to username eve & password eve aswell

@@doctor.networks after reinstalling 5-6 times its working now.

Yes bro working on 2 new videos on ACI

You are welcome @netconfig999. Nice channel name by the way 😀

Thank you! Cheers!

Recently I haven't been using the Pro addition, but yes if you can buy it i would definitely recommend. It has other owsam features too

Bro I don't think there is much use of it nowadays actually. You need to learn it for deployment or just for knowledge?

@@doctor.networks yes bro, At least in Latin America we still deploy 4G, Volte. Thanks for your answer 💪🏾