Been waiting for someone who could explain fortigate better than all that I did scourging from youtube and google and this is the best tutorial. Thank you so much!
I have done ccna and ccnp using your course on cbt then landed a job supporting fortinet devices, I am really lucky that you are also teaching fortinet courses, Thank you Keith!
I highly recommend any of Keith's videos and courses. He is a rare breed of trainer because he actually has a plan, builds a real usable scenario lab, configures it (hits the save button!), and then tests and verifies it. Hugely important for those trying to learn and practice anything. Unfortunately in my experience most IT training videos (and even the expensive official trainings provided by vendors) don't do this. Most trainers (and even some others at CBT Nuggets - Meraki trainings - ahem) think it's good enough to walk through GUIs, point and talk about what does what, maybe punch in some bogus settings for on-the-spot hypothetical scenarios, and then not even save them! Or if they do, it's a trivial, silly example, and when you try it, you find out their descriptions were incomplete and insufficient. That being said, now I have to figure out how the Fortigate 60F suddenly became virtual one in eve-ng at the end :)
This Fortinet videos helped me out a lot the other day. I was feeling mentally clouded, and this video helped straighten my brain out haha. Thanks Keith.
Hi Keith, thank you very much for this awesome video! In the description of your network topology at 1:36, you decide to use a fortalink but why does it require two ports on the firewall and also two ports on the switch? Couldn't you have used simply an ethernet/sfp cable to connect between the firewall and the switch? The same goes for the connections between Switch 1 and Switch 2.
Good to see you Keith! Thanks for sharing this Fortinet video. You did a fantastic job. Configuration of outgoing traffic through the Fortigate SD-WAN firewall is cool. Configuration of incoming traffic from the Internet through the Fortigate SD-WAN will be interesting to see.
Nice work, dont forget to promote Zones, and Fortigates are NGFW, so UTMs otherwise expensive routers. Zone your interfaces, don't add multiple interfaces to rules & separate your rules to make log reading easier, dont use all out!
Keith, is there any possibility to see you creating video tutorials for Huawei equipment? I encounter this manufacturer in an increasing number of customers.
Hi Keith, Could you please make a video showcasing the roadmap for someone who want to become an expert in cybersecurity by self learning using learning arsenal's like cbtnuggets, instead of enrolling in a university. Perhaps a roadmap of certificate's one should focus on step by step to become xyz in a cybersecurity niche. I am currently doing the comptia A+ with you in cbtnuggets and I just love the way you teach, however, I am not sure which certificate to focus on after this since there's so many varieties and I am complete novice in this field (trying to change my career from nursing to cybersecurity). Kind regards, Jay
Hi Keith, very impressive video keep up the good work. i just wanted to ask about the EVE-NG is this the professional edition, it is the first time i see quality config, i realy learn new things each time i see your videos. thanks once more
Thanks Keith for mentioning that Fortinet Access Ports names it "Native Vlan" and Cisco uses it for untagged traffic between trunks. WTF with different vendor names and uses :D
Hi @fortinet guru, thanks for the brilliant explication, i have a question in my job we connect through forticlient app which point to a fqdn name instead to ip address,so how does is it configured that on the fortigate firewall? Thanks in advance.
Keith, thank you for this amazing video. Question, I purchased a FortiGate 60F, FortiSwitch 108F POE and AP. Can I setup your lab without a Fortinet license or it's required?
I like this guy and his brothers anthony S and kevin W., I have been out IT for about 3 years, I am back to continue my dreams to get a CCNP, please God, may You guide me
How would you setup 2 switch to connect to the FW, so that if one switch failed the other switch will allow the users to still have internet access ???
Use 2 physical Ethernet interfaces for the FortiLink interface. Connect 1 Ethernet to a switch on the top of the rack, connect the other Ethernet to the bottom switch, and that is how you can get fault tolerance.
Thank you for the question Muqthiar Ahmed. Yes, I have covered almost every single topic in the blueprint through both videos and quizzes, so I stopped as they would have become redundant.
im in the works right now on getting me a hwfirewall and im choosing f40 its only me on my network, ill be streaming my own plex server, nas, and cameras, I may have a few family members on it id say a max of 20 people with a few smart devices, tv, ipads, smart home appliances as well. Do you guys thing thats enough or should I should be looking at 40f ,80f or the 100f?
Thank you for the question @Photoshopuzr. As far a throughput goes, the lower models will be fine, based on your expected number of users and their traffic.
You didn’t show us how you form a LAG between SW1 and SW2. Does Fortilink forms LAG automatically between switches and Fortigates? Also what about SW1 side of LAG that is connected to upstream Fortigate?
Thank you for the question @danimoosakhan. Yes, the LAG is automatically formed between the switches. If you want to use LAG between the FGT and a single switch, disable the FortiLink split interface option. With that option on, it will only use 1 of the 2 interfaces to avoid a loop.
Hi Keith, pls what type of Linux virtual machine were you using in ESXI in your fortinet firewall training? I don't mean tiny core but the one with the name "keith@virtual-machine"
so do you have a port channel going to each switch or is it a port channel going to one switch that is stacked with another switch? I am kind of confused
Thank you for the question Omar M.. For the connections between the FortiGate and the first switch, if FortiLink split interface is disabled, will automatically make a LAG. For the connections between a switch and another switch (both FortiSwitch), they will also automatically make a LAG. Hope that helps, and best wishes.
Thank you for the question @leejonscramstad3216. Because the FortiGate is logically connected to all those VLANs (as the manager of the switch stack) it has routes to the subnets associated with the VLANs.
i am unable to see the wan interface green led when connecting the cable. since configuring sd wan it goes green with the computer but does not come green when connecting to the isp. was not going green even with the computers before configuring sd wan. what is wrong with it? do i need a license?
Hello, i am little bit confused about links between FG, SW1 and SW2....you put it to VLAN10, but this interfaces should be trunk or not? Maybe I am wrong, but for me is it little strange. Thank a lot for reply.
@@jurajvantuch9636 It absolutely is. The 802.1Q trunking is negotiated and setup automatically between the FortiGate as the controller and the FortiSwitch stack.
*The admin account has been deleted or renamed. I cannot reset the password because I do not know the name of the current account. how do i solve it.* ..i
I switched from HPE to Fortinet just for ease of management through one interface. HPE switches are very good though. We ran HP ProCurve switches (then HP Aruba) for 13 years without problems. I do love HPE switches because the cost and stability. Also, I was very comfortable with their command line interface. I'm crossing my fingers that these FortiSwitches will be as good. I do admit, they are a breeze to manage through the FortiGate. That's how Fortinet gets you. The FortiGate is the gateway drug (no pun intended) to the rest of their eco-system.
![Jack Harlow - Hello Miss Johnson [Official Music Video]](http://i.ytimg.com/vi/Q86_nlRoIGw/mqdefault.jpg)
Without a doubt one of the best Teachers that has ever done it, period. I am so thankful
I second!
@@jonathanbanda3981 I third
Oh yeah I agree. Keith hands down is the best teacher with his humor as well. Still love going over his Ipv6 videos.
I love how clean the Fortinet GUI looks, so easy to follow & it just flows properly !
Been waiting for someone who could explain fortigate better than all that I did scourging from youtube and google and this is the best tutorial. Thank you so much!
I can definitely see where Fortinet's use of the term "Native VLAN" can trip people up.
This was a very helpful overview, Keith. Thank you!
This is the BEST Fortinet tutorial I have seen!
Thank you @gsub5886!
it's been really a long time since last time, good to hear you a gain
I have done ccna and ccnp using your course on cbt then landed a job supporting fortinet devices, I am really lucky that you are also teaching fortinet courses, Thank you Keith!
I highly recommend any of Keith's videos and courses. He is a rare breed of trainer because he actually has a plan, builds a real usable scenario lab, configures it (hits the save button!), and then tests and verifies it. Hugely important for those trying to learn and practice anything. Unfortunately in my experience most IT training videos (and even the expensive official trainings provided by vendors) don't do this.
Most trainers (and even some others at CBT Nuggets - Meraki trainings - ahem) think it's good enough to walk through GUIs, point and talk about what does what, maybe punch in some bogus settings for on-the-spot hypothetical scenarios, and then not even save them! Or if they do, it's a trivial, silly example, and when you try it, you find out their descriptions were incomplete and insufficient.
That being said, now I have to figure out how the Fortigate 60F suddenly became virtual one in eve-ng at the end :)
looks younger than before thank you for showing up!!
Where was Keith Barker when I first started managing Fortigates?
Thank you for this!
Oh wow, having the Cisco training by watching your training videos, I"m very impressed with what Fortigate can do thanks Keith from Australia.
If I ever stuck on any topic Keith is my teacher and I am so thankful that we have you Boss
Thank you AZ Networks!
Just wanted you thank you mr. Barker. I have learned so much from your videos and I have finally broken into the IT sector. thanks
Glad to help
This Fortinet videos helped me out a lot the other day. I was feeling mentally clouded, and this video helped straighten my brain out haha. Thanks Keith.
Thank you @levio1314!
Thank you, Keith. This is very informative and helpful. God bless you and increase you on every side (Amen)
My favourite school teacher 😍
Hey Keith, This is a great video since I use Fortinet with the MSP I’m with at most of clients.
he is a good teacher as i see as a begineer
Wow. I can't express enough how helpful this video was.
Happy to do it, thanks for the feedback Stefano Agrotis.
Thanks, Keith, awesome video! love your Fortinet videos, please share more!
Very impressive, you explained everything very quickly and concise. 10/10
Thank you @GodwillhandleIT!
Hi Keith, thank you very much for this awesome video! In the description of your network topology at 1:36, you decide to use a fortalink but why does it require two ports on the firewall and also two ports on the switch? Couldn't you have used simply an ethernet/sfp cable to connect between the firewall and the switch? The same goes for the connections between Switch 1 and Switch 2.
Yes, 1 physical connection would work. 2 means more bandwidth and some fault tolerance. All the best!
Always amazing content Keith!!! You the GOAT of IT 🐐🐐🐐
Oh man I wish you could make this same video for Sophos or Mikrotik!
Very informative. I wish had something like this when I first started managing fortigates.
Thanks for sharing your knowledge Keith.
Greetings
Thanks ^__^ The king of OG
Thanks so much for this info Keith.
This video was so very helpful, as well as all of them. I am working on a project that’s related, and this may be the answers I needed.
Happy to do it, thanks for the feedback Chris Osborn.
This is very helpful. Still struggling with setting up sd-wan on my ipsec tunnels for reduandancy
Thank you, more videos on Fortigate fw please
This was awesome! Thank you, Keith!!!
Please Keith I need you to do more of this Fortigate tutorials please 🙏❤️.
Nice one Keith. Very informative. Cheers.
You are the BEST.
Absolutely brilliant. Thanks Keith !!
Thank you @slimaneb2070!
You are a god-send, sir! Thank you so much for this tutorial :)
Happy to do it, thanks for the feedback @RBRTube.
Keith, thank you for the very informative video! I have been learning Cisco from you before your CBT times ;)
Good to see you Keith! Thanks for sharing this Fortinet video. You did a fantastic job. Configuration of outgoing traffic through the Fortigate SD-WAN firewall is cool. Configuration of incoming traffic from the Internet through the Fortigate SD-WAN will be interesting to see.
This guy is a legend!
Thank you Mabrouk!
This video is hugely helpful! Thank you
Nice work, dont forget to promote Zones, and Fortigates are NGFW, so UTMs otherwise expensive routers. Zone your interfaces, don't add multiple interfaces to rules & separate your rules to make log reading easier, dont use all out!
Thanks for the tips!
Outstanding ! The best I’ve seen so far! Are the fortiswitches configured in eve-ng ?
Really good work, appreciate that.
Happy to do it, thanks for the feedback @alijarral7218.
You're really amazing Keith! Thanks for sharing this video.
My pleasure!
Keith, is there any possibility to see you creating video tutorials for Huawei equipment? I encounter this manufacturer in an increasing number of customers.
I don't know that product, sorry.
Simply amazing video! Thank you so much!
Thank you @TheElevenBravo!
Hi Keith,
Could you please make a video showcasing the roadmap for someone who want to become an expert in cybersecurity by self learning using learning arsenal's like cbtnuggets, instead of enrolling in a university. Perhaps a roadmap of certificate's one should focus on step by step to become xyz in a cybersecurity niche.
I am currently doing the comptia A+ with you in cbtnuggets and I just love the way you teach, however, I am not sure which certificate to focus on after this since there's so many varieties and I am complete novice in this field (trying to change my career from nursing to cybersecurity).
Kind regards,
Jay
Great information and instruction, thank you!
Thank you @belikemike7646!
this was an excellent video thank you very much
Happy to do it, thanks for the feedback @longsleevearistocrat.
Outstanding content. Thank you very much. Well done.
Thank you TastyChickenLegs!
Hi Keith, very impressive video keep up the good work. i just wanted to ask about the EVE-NG is this the professional edition, it is the first time i see quality config, i realy learn new things each time i see your videos. thanks once more
Great walk through!
I like your tutorial. There is one question I want to ask, what is the usage of DHCP range in Vlan 5?
To provide an IP address to the APs. They get their IP address via DHCP.
Tons of value, thanks
Happy to do it, thanks for the feedback james s.
Thanks Keith for mentioning that Fortinet Access Ports names it "Native Vlan" and Cisco uses it for untagged traffic between trunks. WTF with different vendor names and uses :D
can the HA port on a FortiGate firewall be use as WAN ports ???
Perfect Tutorial , Thanks
Thank you @user-wj8ni4xe7f!
Hi @fortinet guru, thanks for the brilliant explication, i have a question in my job we connect through forticlient app which point to a fqdn name instead to ip address,so how does is it configured that on the fortigate firewall?
Thanks in advance.
Keith, thank you for this amazing video. Question, I purchased a FortiGate 60F, FortiSwitch 108F POE and AP. Can I setup your lab without a Fortinet license or it's required?
IT Original Gangster -Thanks Keith
Thank you Glenn Tembo!
I like this guy and his brothers anthony S and kevin W., I have been out IT for about 3 years, I am back to continue my dreams to get a CCNP, please God, may You guide me
Hello Sir,
When the rules processing is that processing based on # number not Policy ID number right?
Hey Keith u forgot to set allowaccess to https as it dont come as default when you reset the fortigate firewall
Thank you @leonmiletic6170!
You are amazing!!!
Thank you @Phreestylee!
How would you setup 2 switch to connect to the FW, so that if one switch failed the other switch will allow the users to still have internet access ???
Use 2 physical Ethernet interfaces for the FortiLink interface. Connect 1 Ethernet to a switch on the top of the rack, connect the other Ethernet to the bottom switch, and that is how you can get fault tolerance.
Hey Keith.. just wanted to check why did you stop weekend quize ?
Thank you for the question Muqthiar Ahmed. Yes, I have covered almost every single topic in the blueprint through both videos and quizzes, so I stopped as they would have become redundant.
@@KeithBarker thanks much Keith for your response ❤️ at least can we have discord session once in a while 🙂
Keith i need data center design and configuration videos. Can u help me where can i get them
you are the best..
Thank you @evangeloschris6932!
Awesome!
Is this going to be a complete series for fortinet NSE4?
Thank you for the question Joe Joe.
Not a full series, just a video or two to help people understand how to configure the gear from FortiNet.
Hi, Did you miss out the firewall rules for vlan 5?
Thank you for the question @craiggostick. I don't recall. sorry
im in the works right now on getting me a hwfirewall and im choosing f40 its only me on my network, ill be streaming my own plex server, nas, and cameras, I may have a few family members on it id say a max of 20 people with a few smart devices, tv, ipads, smart home appliances as well. Do you guys thing thats enough or should I should be looking at 40f ,80f or the 100f?
Thank you for the question @Photoshopuzr. As far a throughput goes, the lower models will be fine, based on your expected number of users and their traffic.
thanks for the reply I appreciate it.@@KeithBarker
@31:57 - how to load balance the two wan ports or isp ??
As part of the SD-WAN zone configuration and rules, that will allow you to load balance.
You didn’t show us how you form a LAG between SW1 and SW2. Does Fortilink forms LAG automatically between switches and Fortigates?
Also what about SW1 side of LAG that is connected to upstream Fortigate?
Thank you for the question @danimoosakhan.
Yes, the LAG is automatically formed between the switches.
If you want to use LAG between the FGT and a single switch, disable the FortiLink split interface option. With that option on, it will only use 1 of the 2 interfaces to avoid a loop.
Hi Keith, pls what type of Linux virtual machine were you using in ESXI in your fortinet firewall training? I don't mean tiny core but the one with the name "keith@virtual-machine"
Mint Linux
@@KeithBarker Thank Keith (The OG of IT)
so do you have a port channel going to each switch or is it a port channel going to one switch that is stacked with another switch? I am kind of confused
Thank you for the question Omar M..
For the connections between the FortiGate and the first switch, if FortiLink split interface is disabled, will automatically make a LAG.
For the connections between a switch and another switch (both FortiSwitch), they will also automatically make a LAG.
Hope that helps, and best wishes.
Hey Keith, how do I allow inter VLAN traffic? So a printer on VLAN 10 can be seen by laptop in VLAN 20.
Thank you for the question @leejonscramstad3216.
Because the FortiGate is logically connected to all those VLANs (as the manager of the switch stack) it has routes to the subnets associated with the VLANs.
i am unable to see the wan interface green led when connecting the cable. since configuring sd wan it goes green with the computer but does not come green when connecting to the isp. was not going green even with the computers before configuring sd wan. what is wrong with it? do i need a license?
Hello, i am little bit confused about links between FG, SW1 and SW2....you put it to VLAN10, but this interfaces should be trunk or not? Maybe I am wrong, but for me is it little strange. Thank a lot for reply.
Thank you for the question Juraj Vantúch. I set up a few access ports on SW1, to support clients that will be connected to VLAN 10.
@@KeithBarker So link between switches and Fgate was trunk? :)
@@jurajvantuch9636 It absolutely is. The 802.1Q trunking is negotiated and setup automatically between the FortiGate as the controller and the FortiSwitch stack.
Where can I get your full course on FortiGate?
CBTNuggets.com
@@KeithBarker Yessir - I just enrolled and I am on slate to take my CCNP ENCOR and NSE4/5 this year - super excited and your breakdown is amazing.
What is E ven G at 32:34?
Eve-NG is an emulator environment.
hey can i get fortinet switch vm images from somewhere?
Fortinet sells them
*The admin account has been deleted or renamed. I cannot reset the password because I do not know the name of the current account. how do i solve it.* ..i
👍
Better off using HPE switches over the Fortinet switches
I switched from HPE to Fortinet just for ease of management through one interface. HPE switches are very good though. We ran HP ProCurve switches (then HP Aruba) for 13 years without problems. I do love HPE switches because the cost and stability. Also, I was very comfortable with their command line interface. I'm crossing my fingers that these FortiSwitches will be as good. I do admit, they are a breeze to manage through the FortiGate. That's how Fortinet gets you. The FortiGate is the gateway drug (no pun intended) to the rest of their eco-system.
aWSEOME
Cbt nuggets