Thank you for explaining it in a simple and effective way !! Also, please explain me the difference between H/W switch, S/W switch and VLAN switch in the Fortigate! Thank you!!
Watched this super tired didn't understand a thing... rested up watched again perfect sense you are a godsend! People who say Cisco cli is easier are nuts... Keep this going with these I'd request multi vlan network and dns most secure way
Great video. There’s an easier way. Just add all your VLANS/Subnets into a Zone (for example, an inside or trust zone), and disable “Block intra-zone traffic”, and they will all be able to communicate with each other without having to add any policies. Cheers
hhhh it's actually an animation software called Videoscribe, these icons are not buildin, I make them in Adobe illustrator & call them in videoscribe. Afterwards take a screenshot & paste in PowerPoint. That is what you see in the video
Thanks a lot,do I have to allow the vlan in the trunk linke or the native vlan is enough. I noticed in my Network the data vlan and voice are not mention in the trunk but sill pc can get an ip from the data vlan ,,How come don't I need to say switch port trunk allow vlan,x,y,z .
For a stateful firewall, I believe a single policy should be enough to facilitate to and fro traffic. Is it possible to do that in the FortiGate firewall as in Cisco ASA firewall?
I have all that setup with a Netgear smart managed switch. I can ping all vlans from a machine in VLan1 but I can't ping the machine on vlan 1 from the other vlans?
Hello, Dr. Do you have any video related to ADVPN on Fortigate? It would be a great help, because of the amount of customers using this service nowadays. Regards.
Well actually it depends, if you have a very small environment, then this approach is fine. If you're network is medium to large then YES, you need to separate via an L3 switch.
Can the ip address of the SVI be completely different from the main interface ip? For example, the main would be 192.168.1.99/24, then can a I use 30.30.25.1/24 for one of my SVI?
Sorry Jim your comment was in the spam of RUclips, RUclips blocks comments containing IP addresses i guess. Yes you can, the main interface will be as a native vlan with no vlan tag of course & the other SVI can be any Ip you want
Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.
Waiting for the next vid on the series on fortigate! Great vid! The past 2 vids got me everything I need!
nice work bro. keep it up
Excellent videos! New to fortigate here.
Thank you for explaining it in a simple and effective way !! Also, please explain me the difference between H/W switch, S/W switch and VLAN switch in the Fortigate!
Thank you!!
Thanks for your videos. Very helpful.
Watched this super tired didn't understand a thing... rested up watched again perfect sense you are a godsend! People who say Cisco cli is easier are nuts...
Keep this going with these I'd request multi vlan network and dns most secure way
Haha right, sleep is extremely important, need to have it to understand concepts 100% of the time.
great man! I need more of this!
More coming soon Man 🙂
Excellent work
Nice work, waiting for new videos..
Well explained. Thanks for this vid man.
Glad that helped you brother.
Great! Thanks a lot, keep it up bro!
Thanks, will do!
thanks pal great tutorial
thanks for sharing this VDO, this is really helpful Thanks❤❤
You are welcome @netconfig999. Nice channel name by the way 😀
Great series so far. When will the next upload be?
Thank You for the appreciation! Coming Soon.
Thanks! really love your video's. When will you post a video about the SD-WAN?
I really want to, but struggling a little with time, hopefully will get some time
Great video. There’s an easier way. Just add all your VLANS/Subnets into a Zone (for example, an inside or trust zone), and disable “Block intra-zone traffic”, and they will all be able to communicate with each other without having to add any policies. Cheers
Thanks for the trick! haven't done that but will give that a try as well.
Idea is good ..but all vlans in one zone is not recommended and is a security concern in real environment...
Thanks. You're awesome :)
Thanks for the super awesome comment man!
Thanks a lot. Could you tell me what kinds of tools you use to draw the diagram? Does it come with those cute icons?
hhhh it's actually an animation software called Videoscribe, these icons are not buildin, I make them in Adobe illustrator & call them in videoscribe. Afterwards take a screenshot & paste in PowerPoint. That is what you see in the video
thanks for posting it. Is eve-ng running on your PC or on an EXSi ?
Specifically for this video it's a physical ForiGate box. Normally for my videos I use Eve-ng on a Esxi server to offload resources
Thanks a lot,do I have to allow the vlan in the trunk linke or the native vlan is enough. I noticed in my Network the data vlan and voice are not mention in the trunk but sill pc can get an ip from the data vlan ,,How come don't I need to say switch port trunk allow vlan,x,y,z .
That is because a cisco switch by default allows all vlans. You limit the vlans on a trunk by the command "Switchport trunk allow vlan x, y, z".
Thank You for this video.
you're welcome brother 😀
For a stateful firewall, I believe a single policy should be enough to facilitate to and fro traffic. Is it possible to do that in the FortiGate firewall as in Cisco ASA firewall?
Bro at 11:14 you see that we pinged the server right, that happened because of stateful inspection.
good explanation, thanks
Glad it was helpful!
I have all that setup with a Netgear smart managed switch. I can ping all vlans from a machine in VLan1 but I can't ping the machine on vlan 1 from the other vlans?
Im not sure about netgear actually. Possibly a policy is blocking the traffic from other vlans to your target vlan 1
Single trunk link is enough to get All vlans from switch pls.tell.reason for three links to switch
Hi Sandeep. It is a single physical Interface. There are 3 logical interfaces with vlan tags,same as you would do via a trunk.
Can I ping a printer in another VLAN, without disabling the firewall in the source laptop? assuming there is interVLAN policy between the 2 VLANs
You should be able to ping it
Hello, Dr.
Do you have any video related to ADVPN on Fortigate?
It would be a great help, because of the amount of customers using this service nowadays.
Regards.
Let me note that down & I will surely make a video on it
Will there be a loss of processing speed? Is it better to use a dedicated L3 Switch in this scenario?
Well actually it depends, if you have a very small environment, then this approach is fine. If you're network is medium to large then YES, you need to separate via an L3 switch.
@@doctor.networks got it, thanks!
Thx❤❤
Can the ip address of the SVI be completely different from the main interface ip? For example, the main would be 192.168.1.99/24, then can a I use 30.30.25.1/24 for one of my SVI?
Sorry Jim your comment was in the spam of RUclips, RUclips blocks comments containing IP addresses i guess. Yes you can, the main interface will be as a native vlan with no vlan tag of course & the other SVI can be any Ip you want
@@doctor.networks Thank you.
Is there a Lecture #6 ? Or the videos end here?
Unfortunately My career took a huge turn here, couldn't continue. But now I'm thinking of resuming the series soon
Why need this much of policies for intervlan, i think just create a zone and add the vlan's to that zone, that's bettee to simplifying 😊
Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.