Fortigate with HP A5500 Layer3
HTML-код
- Опубликовано: 11 сен 2024
- Config L3 HP A5500 with Fortigate
---------------- Fortigate ----------------------
1. Connect pc lan cable to Fortigate
2. Create Interface for Connect L3
- Network - Interfaces - Create New Interface
- Name : CoreSW
- Type : Hardware Switch
- Role : LAN
- IP : 192.168.10.254/24
[Same Next Hop L3 Routing]
- Access : Https, Ping
3. Create route Connect L3
- Network - Static Routes - Create New
- Dest IP : 192.168.0.0/16
- Gateway : 192.168.10.253
[Same L3 IP Interfaces Internet]
- Interface select
4. Create IPv4 Policy internet access
- Policy & Objects - Firewall Policy - Create New
- Name : CoreSW_Internet
- Income : CoreSW
- Outgo : SD-Wan
- Source : All
- Dest : All
- Service : All
- NAT : Enable
----------------- L3 HP A5500 ----------------------
1. Connect with Console port
- By Default configuration
2. Create Manage Interface and Assign IP
- command config
system-view
dhcp enable
loopback-detection enable
port-security enable
dhcp-snooping
mac-address mac-learning disable
interface vlan-interface 1
ip address 192.168.200.1 255.255.255.0
quit
ip http enable
local-user admin
service-type lan-access
service-type web
authorization-attribute level 3
password simple @admin
quit
quit
save
3. Connect with Web Gui
- Connect pc lan cable to L3 port 1
- Static IP Labtop/PC : 192.168.200.2
- web browser ip : 192.168.200.1
- Login
- username : admin
- password : @admin
4. Create VLAN IDs
- 2:User2, 3:User3, 4:User4, 10:Internet, 11:Server
- Network - VLAN - Create
- Assign VLAN IDs
- Assign Description
5. Assign VLAN Port
- Network - VLAN - Modify VLAN
- Select VLAND IDs
- Untagged Port
- Bottom Apply
6. Create Virtual Interfaces
- Network - VLAN Interface - Create
- Input VLAND IDs
2:User2, 3:User3, 4:User4, 10:Internet, 11:Server
- IPv4 Address : 192.168.[2,3,4,10,11].253
- Mask Length : 255.255.255.0
- Uncheck Configure IPv6 Link Local Address
7. DHCP VLAN User only
- Network - DHCP - DHCP Server - Dynamic - Add
- IP Pool Name : 2:User2, 3:User3, 4:User4
- IP Address : 192.168.[2,3,4].0
- Mask : 255.255.255.0
- Duration : Unlimited
- Gateway Addr : 192.168.[2,3,4].253
[Same VLAN Interfaces IP]
- DNS Server : 1.1.1.1
- WINS Serve : 8.8.8.8
- Test DHCP Connect Lan cable Port4
8. IPv4 Routing internet VLAN
- Network - IPv4 Routing - Create
- Dest IP : 0.0.0.0
- Mask : 0.0.0.0
- Preference : 10
- Next Hop : 192.168.10.254
[Fortigate Interfaces IP]
9. Test Internet
-------------- Fortigate Virtual IPs ---------------
1. Config Router & Interface Public IP
- Network - Interfaces - Edit Wan1
- Alias : VIP
- Role : WAN
- IP : xx.xx.xx.xx/24
- Access : Https, Ping
2. Add VIP Interface to SD-Wan Zone
- Network - SD-WAN Zones - Create New SD-WAN Member
- Interface : VIP (Wan1)
- SD-WAN Zone : Your SD-Wan Zone
- Gateway : xx.xx.xx.xx
3. Create route Connect Router
- Network - Static Routes - Create New
- Dest IP : 0.0.0.0/0
- Gateway : xx.xx.xx.xx
- Interface select Wan1
4. Create Virtual IPs with L3
- Policy & Objects - Virtual IPs - Create New
- Name : WebServer
- External IP : xx.xx.xx.xx
- Mapped IP : 192.168.11.xx
[L3 Internal Server IP]
5. Create Web Incoming Policy
- Policy & Objects - Firewall Policy - Create New
- Name : CoreSW_WebIncoming
- Income : SD-Wan
- Outgo : CoreSW
- Source : All
- Dest : WebServer [From Virtuals IPs Name]
- Service : Http, Https
- NAT : Disable
6. Create L3 Web Routing Policy
- Policy & Objects - Firewall Policy - Create New
- Name : CoreSW_WebRouting
- Income : CoreSw
- Outgo : CoreSW
- Source : All
- Dest : WebServer [From Virtuals IPs Name]
- Service : Http, Https
- NAT : Disable
Комментарии • 1
@naifox1 9 месяцев назад
