This is great. The only improvement I see is to setup the actual outgoing Destination in the Firewall policy rather then just selecting "ALL". This is a best practice so that the SDwan service is only dedicated to that one remote network. If you have two or 3 then maybe selecting ALL makes more sense. Right?
I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.
When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.
Thanks Bro- I always love your labs -straight forward-so clear. Keep educating us my brother
Thank you so much, that means a lot to me. I will do my best and continue creating more videos.
This is great. The only improvement I see is to setup the actual outgoing Destination in the Firewall policy rather then just selecting "ALL". This is a best practice so that the SDwan service is only dedicated to that one remote network. If you have two or 3 then maybe selecting ALL makes more sense. Right?
I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.
My eve-ng lab FortiGate vm firewall limit with 3 interface. It says trail vm license support 3 interface. How to use more interface.
Oh cool. What program did you use to draw the Topology?
GNS3 is the application used to draw the topology
thanks bro
I have a questions. Is there a difference between enabling NAT on the Policy? What does it do?
When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.