![Verifine Academy](/img/default-banner.jpg)
- Видео 19
- Просмотров 125 035
Verifine Academy
Гана
Добавлен 10 июн 2021
On this channel, we will be teaching you various IT topics. Video tutorials touch on Networking, Security, Automation, Programming, etc.
This channel is for system engineers, network and security engineers, and students.
If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
CONTENT DISCLAIMER
The information provided on this channel is for general informational purposes only. All information is provided in good faith, however we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of this information.
This channel is for system engineers, network and security engineers, and students.
If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
CONTENT DISCLAIMER
The information provided on this channel is for general informational purposes only. All information is provided in good faith, however we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of this information.
Advanced Fortigate Ha Configuration
In this tutorial, we will see how to configure two FortiGate firewalls in HA to connect directly to two separate routers.
Contents of this video
00:00 Introduction
00:24 Topology Overview
00:53 Topology - Physical Connection
01:32 HA Configuration
01:45 Port-Channel Configuration
02:00 Traffic Flow Overview
02:23 Routing Overview
02:41 LACP Configuration Detail
03:39 HA Monitored Interfaces
04:01 Conclusion
! FGT-A
config system ha
set group-name "GROUP-01"
set mode a-p
set hbdev "ha1" 0 "ha2" 0
set session-pickup enable
set override disable
set priority 255
set monitor "port1" "port2"
end
! FGT-B
config system ha
set group-name "GROUP-01"
set mode a-p
set hbdev "ha1" 0 "ha2" 0
set session-pickup enable...
Contents of this video
00:00 Introduction
00:24 Topology Overview
00:53 Topology - Physical Connection
01:32 HA Configuration
01:45 Port-Channel Configuration
02:00 Traffic Flow Overview
02:23 Routing Overview
02:41 LACP Configuration Detail
03:39 HA Monitored Interfaces
04:01 Conclusion
! FGT-A
config system ha
set group-name "GROUP-01"
set mode a-p
set hbdev "ha1" 0 "ha2" 0
set session-pickup enable
set override disable
set priority 255
set monitor "port1" "port2"
end
! FGT-B
config system ha
set group-name "GROUP-01"
set mode a-p
set hbdev "ha1" 0 "ha2" 0
set session-pickup enable...
Просмотров: 182
Видео
FortiGate IPsec ADVPN with SDWAN and Dual ISPs
Просмотров 24 тыс.Год назад
This tutorial teaches how to configure Auto-Discovery IPsec VPN with SDWAN where each location has two ISP connections. Contents of this video 00:00 Introduction On the Hub 00:57 Configure SDWAN Zone 02:10 Customize VPN Tunnels 03:16 Configure Firewall Policies 04:17 Configure VPN Tunnel IP Address 05:02 Configure iBGP On Spoke 1 06:31 Configure SDWAN Zone 07:45 Customize VPN Tunnels 08:30 Conf...
Cisco - Configure Layer 2 EtherChannel With VLAN Trunking
Просмотров 3 тыс.Год назад
In this tutorial, we will show how to configure layer 2 EtherChannel with VLAN trunking on a Cisco switch. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
Cisco Switch or Router Console Password
Просмотров 1 тыс.Год назад
In this tutorial, we will learn how to configure a console password on a Cisco switch or router in Packet Tracer. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
Cisco VLAN Trunking and Access Ports
Просмотров 187Год назад
In this tutorial, we will learn how to configure VLAN trunk ports, assign VLANs to access ports, and configure a native VLAN on a trunk port. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate Remote Access IPsec VPN
Просмотров 17 тыс.Год назад
In this tutorial, we will demonstrate how to configure Remote Access IPsec VPN on FortiGate, and also learn how to configure FortiClient VPN to establish remote connection. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate Configuration Management Database (CMDB) API
Просмотров 633Год назад
In this tutorial, you will learn about FortiGate Configuration Management Database (CMDB) API. The CMDB API is used to retrieve and modify CLI configurations. We will use it to retrieve firewall addresses on FortiGate. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
Save Putty Output To File
Просмотров 3,7 тыс.Год назад
In this tutorial you will see how to write the session output in a Putty terminal to a file while working. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate REST API Authentication
Просмотров 3,5 тыс.Год назад
This video tutorial teaches how to authenticate against FortiGate API using token-based authentication. We will be using Postman to make the API calls to FortiGate. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate Site-to-Site IPsec VPN with NAT Device
Просмотров 14 тыс.Год назад
Learn how to configure site-to-site IPsec VPN between two FortiGate firewalls, where one FortiGate is behind a NAT device. Contents of this Video 00:00 Introduction On FortiGate A 00:49 Configure IPsec VPN Tunnel 02:08 Configure Static Route 02:46 Configure Firewall Policies On FortiGate B 04:10 Configure IPsec VPN Tunnel 05:32 Configure Firewall Policies 07:05 Testing and Verification If you h...
FortiGate Site to Site IPsec Aggregate Tunnel
Просмотров 3,5 тыс.Год назад
In this tutorial, we will be demonstrating and explaining how to configure on FortiGate, a site-to-site IPsec VPN aggregate tunnel between to locations. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate SDWAN with IPsec VPN
Просмотров 17 тыс.Год назад
This tutorial teaches how to configure SD-WAN between two locations with IPsec VPN tunnels as SD-WAN zone members on FortiGate. Contents of this Video 00:00 Introduction 01:14 SD-WAN Zone and Members 02:29 Configure VPN Tunnels 03:21 Configure Static Routes 03:50 Configure Firewall Policies 05:02 Create SD-WAN Performance SLA 05:53 Configure Ping SLA Source 06:46 Configure SD-WAN Rules 08:00 SD...
FortiGate IPsec Auto Discovery VPN
Просмотров 3,5 тыс.Год назад
In this tutorial, you will learn how to setup IPsec Auto Discovery VPN on FortiGate. The overlay routing protocol used is BGP. Contents of this Video 00:00 Introduction 01:12 Configure VPN on Hub 02:22 Configure firewall policies 03:27 Configure VPN tunnel interface IP 03:50 Configure iBGP (overlay protocol) 05:10 Configure VPN on Spoke 1 06:11 Configure firewall policies 07:15 Configure VPN tu...
FortiGate Site-to-Site IPsec VPN with Overlapping Subnets
Просмотров 9 тыс.Год назад
In this video tutorial, we will show you how to configure on FortiGate, site-to-site IPsec VPN between two locations with overlapping network or subnets. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
FortiGate Site to Site IPsec VPN with Loopback Interface
Просмотров 3,8 тыс.Год назад
This video demonstrates how to configure Site-to-Site IPsec VPN with Loopback Interface. The setup involves two FortiGate firewalls as the VPN gateways. If you have any questions or need further assistance, please feel free to leave a comment below. Don’t forget to subscribe to our channel for more helpful tutorials.
Administrative User and Administrator Profiles
Просмотров 4062 года назад
Administrative User and Administrator Profiles
An Explanation on IPsec VPN Configuration
Просмотров 8922 года назад
An Explanation on IPsec VPN Configuration
Setting Up a FortiGate VM on VMware Workstation
Просмотров 14 тыс.2 года назад
Setting Up a FortiGate VM on VMware Workstation
Thanks Please make video on another advanced subject where HA goes through L2 switch that does not permit 8890 ethertype
Hi, I want to know how can I use putty to get scoreboard feed of Mylaps Orbits 5. Shoud I use which protocol SSH ? or Other ? and which option should I save? Thanks.
Spoke to spoke cross tunnel communication is not happening
why next-hop self is not configured ?
Last Q, is there a need to enable "Auto Keep Alive" on both FGs?
Also, how is it you can perform the ping test when you haven't even created the full tunnel between FG A and B?? In the beginning of the video and at the 5:01 mark?
I like how you can just punch in the internal and distinction IP subnet in the VPN Tunnel without having to create those as address objects like on a SonicWALL
I will assume you programmed the remote network and local network subnet group prior to all this? And that you had to do this on both sides of the office? Also, what model is this Forigate? Do the entry models handle this much processing services?
This option to create vpn from sdwan zone doesn't appear in my fortigate what version do you use it ?
what if both firewall is behind nat
At least one device must not be behind a firewall
Thanks for the efforts to build this video. Helped me heaps!
I have mesh topology. I'm migrating from Paloalto to FortiGate. I need to create two tunnels to AWS/remote sites for redundancy along with BGP. How to give priority to one specific tunnel on BGP ? Can somebody help me I struck since I'm new to FortiGate.
Configure an SDWAN zone and add the two outgoing interfaces as members. Now configure an SDWAN rule using the manual strategy, then prefer on member interface over the other.
This is a superb video. Please share the config backup if possible.
unable to login to set password.Showing authentication failure.please give a solution
Thank you for this. Why not use SSL VPN for remote users?
SSL VPN is notorious for having security vulnerabilities, and may eventually be phased out by Fortinet. It sounds like some of the basic models won't have it beginning with firmware 7.6.
Nice Video! Where can i download the Fortigate Collection? BR
Is there a way to add already existing tunnels to SDWAN zones?
Muchas gracias por la información fue muy útil y funcional. Excelente video.
Thanks for letting us know that.
amazing...
hi, thanks for this nice video, are you able to share relevant cfg in cli format though?
Thanks for enjoying the video. Unfortunately we do not have the cli configuration. We will share when we redo this lab.
great job thank you!
When involved in networking you WILL learn every day.
Otp
Why you created static route for black hole interface ?
a blackhole route is required to drop traffic intended to go through the VPN tunnel silently when the tunnel is down. this prevents the FortiGate from using any existing route such as a default route to send the traffic. the traffic will be dropped anyway, but the session will be kept in the route cache for period of time (default is 1 minute). thus, even when the tunnel it up again, traffic will continue to use a different outgoing interface instead of the VPN tunnel until the session-TTL expires.
This works only for Forti OS versions before 7.2
This was quite informative Sir..Thank you!
Glad it was helpful!
is it a "must" ro setup the remote device as a dialup user?
Yes, it is a must since only one device can initiate the VPN session
Thanks :)@@verifine-academy
Thanks a lot. Can you make it more advanced, such as two hubs?
Yes, soon
Thank you so much! 🙂🙂 Can you please advanced video with like "set additional-path" ... ?
Do I need to setup the VPN tunnel ip or not?
a VPN tunnel IP is required if you want to configure a dynamic routing protocol over the tunnel
Very interesting video
Glad you liked it
what if you have to create a tunnel with a site whose subnets are overlapping with another remote site (connected also through ipsec)? there is no need for NAT locally, only foreign, right?
kindly clarify your question
I have the same question. I have a problem with multiple Cloud SP with the same overlapping subnet.
What if i have site A connected via ipsec s2s with two different sites B and C, and B and C have the same overlapping subnet that's not overlapping with site A...
@@beatrices.4601 with that setup, you would have to create individual site to site vpn from Site A. Site to Site from Site A to Site B and Site to Site from Site A to Site C, since there is no overlapping issue with Site A, each Site to Site config should be fine cause Site B has a different public IP than Site C
That was nice explanation. You made it easy. Thanks.
Glad you liked it!
How to assign additional public IP Address with /30 subnet in FortiGate Firewall. The WAN interface is set to PPPOE, and I want to use this Public IP in site-to-site VPN.
Set up Dynamic DNS on the interface. This will let you use a domain name that will follow the IP address changes. No need to have an additional public IP on the interface.
For source ip at sdwan members, need to use gateway ip of remote lan network ?
Source IP for SDWAN members should be one of the IP addresses in the encryption domain (traffic selector) of the VPN
the Tunnel on My site A Still down and the tunnel on the B site is Green. i already followed your video
Thanks for your sharing.
Thanks for watching!
what's the difference between SDwan VPN and ipsec aggregate?
I would like to know the difference too. @verifine please elaborate on this. thank you
I have the same question. Very interesting.
Aggregate IPsec tunnel is just about redundancy. However, SDWAN gives you the ability to granularly set which links should pass which traffic based on the link quality (like jitter, packet loss, and delay). Also, you can even decide how much volume of traffic should pass on a particular link.
@@verifine-academy is it OK to config SD-WAN on customer side (2 WAN Lines which each one of them has 2 IPsec tunnels to Different Edge Datacenter FortiGate FW) and Aggregate IPsec on the Datacenter side (1 WAN Line with 2 IPsec tunnels to the branch)?
This is the best tutorial ever BUT you don’t address the issue of asymmetric routing that is reverse path check failed, deny. How do you take care of that. I have done six of these implementations & in each case I had to deploy a method to prevent asymmetric routing. If you know a simpler way to do it, I would love to learn that.
You can use manual strategy in the SD WAN rules, also do not enable load balancing for this manual strategy. Optionally, you may choose the same ISP interface as the preferred one at both ends (at Hub and Spoke)
Under BGP there is a prefareble route map when the SDWAN SLA is matched, you can use that to adjust asymmetric traffic
Not working properly when Branch is a dial up user.
Also, I have one tunnel up and one down at a time and it flaps between tunnels, now one is up and the other is down and then vice-versa.
make sure the underlay network for each VPN tunnel is independent of the other; that is, one should not be depending on the other to route traffic
nice video
Your
Your
Best Tutorial Ever... !!!
hi, i have connected by vpn and able to ping by ip. what should i do if i want to ping the host name ? it is workgroup network . thanks.
sir why have you used bgp instead of other protocol like ospf? any important requirement
Awesome video, thank you so much for taking the time to put this together!!
Thank you so much
Hi bro, Did IPSec failover is working with different devices? like HQ as PA firewall and branch as Fotigate? Is is work like in this video bro.
No, this is a feature for FortiGate firewalls
Thank you sir!
this is great! hope there will also a tutorial on how to setup a dual hub since it has a point of failure when hub FW goes down
Great tutorial!
Nice to know that.