Firewall Policies and NAT (Policy vs Central NAT, SNAT, DNAT... ) on FortiGate | GNS3 Lab
HTML-код
- Опубликовано: 2 сен 2023
- In this live video, we are going to configure Firewall Policies and NAT (Policy vs Central NAT, SNAT, DNAT...) on FortiGate
===================
CCNA 200-301 COURSE
===================
Study for the CCNA and go from zero to engineer with this course:
kbtrainings.com/ccna
============================
STAY IN TOUCH / BUSINESS
============================
Email: contact@kbtrainings.com
Instagram: / kbtrainings
Facebook: / kbtrainings-6855822152...
Twitter: / kbtrainings
============
KBTRAININGS
============
Website: www.kbtrainings.com
KBTrainings is an online training platform created to share my knowledge in the IT. In a world where technologies are radically changing the way we live and future economies, KBTrainings has set itself the goal of popularizing IT concepts and allowing many to start or boost their careers in IT.
The contents range from basic notions and introductions to advanced concepts for engineers. We will cover the following areas: applications, networking and security, web design & development, programming and automation.
In computer networks and security we will focus on Cisco, which is a benchmark in the industry, helping you to get Cisco CCNA and CCNP certificates. These certificates are highly respected in the industry and are a very practical way to prove your knowledge and start or advance your career.
Best description difference I’ve seen between CNAT and Source NAT 👏🏼
Watching from UK 🇬🇧
amazing. great knowledge and labs !!
very cool setup and great tutorial!
Thanks for this training Guy! I was able to get everything working thanks to you! This was very informative! But maybe next time stay more on topic and don't focus so much on distractions. Other than that it was perfect bro.
Hey KB, nice course man, I've been following your vidoes on RUclips. I wanted to ask man, How can I set up a virtual lab environment with GNS3? I appreicate your feedback.
If i may ask. These two clouds are helping you to get access to your home network right? But all configurationsb will be done using the other ports connected to that router at the bottom right ? Also can all your devices communicate with your home network , like can the pc under a Lan ping your physical computer? And your Fortigate Firewalls got Ip adresses automatically i guess ?
Great Content. NSE 4 ?
At 45:25 when you ping/open google web server as DNAT used(NAT enabled on wan-lan policy on Google side office) so what will be shown on wireshark as source and dest and if we disable NAT on google side office then what will be shown on wireshark as source and dest
The Web response leaving the Google Firewall would have 30.0.0.2 as source and 20.0.0.2 as destination.
If SNAT was not enabled on the Google FGT, the traffic would've had 192.168.0.5 as source and it wouldn't have made it to the office Web client.
I hope that makes sense.
I am from Cuba and working in Germany.
Nice!
How is it going over there?
I have learned a lot from your Fortigate videos and have taken my career to another level. Thank you very much
@@KBTrainings
I have a really hard time to understand those ports/interfaces in fortinet, i know what a NIC, Subnet and VNet are but i have nu clue about these other things.. do you have advice where i can look more at this?
do we still need default routing between firewall to R1 if NAT is enable ?
Hi KB I noticed you only enabled HTTP and HTTPS as the services for security and you verified this from the client. My question is would you be able to ping the Web server from the client considering ICMP was not enabled as a service?
Hi I,
No, you won't be able to ping the server.
Can you confirm what types of routing enabled on Fortigate and Cisco router?
Nothing special. Just connected links in the Cisco and default gateway on the FGTs.
Also how do we use this web , like how do we import it in the lab
It's in the Guest GNS3 appliances
Bonjour Guy. Pourquoi on me demande de mettre le login dans Fortigate pourtant je ne l'ai pas encore configurer ? Il y a-t-il un mot de passe par défaut svp ?
username: admin
Pas de mot de passe.
when you created VIP so why not you did port forwarding the required ports
Because I am forwarding all the traffic.
In product, I'll have to select http and https only.
@@KBTrainings what you mean by product, secondly If I do port forwarding in VIP then create firewall rule so then it's fine or not or what consequences there
lol. I meant to say in production, on an enterprise network.
Doing port forwarding in VIP and adding it to the firewall policy is the good way to do it.
I am forwarding everything because it's just a lab environment and there is no risk.
@@KBTrainings thanks for your clarification and time actually I did once, port forwarding in VIP for remote connection then create rule. I think if we do the way you did then it's more secure as then we will control from rule everything but still there is more than one way to achieve something
Exactly, a result can be achieved in many ways.
You're welcome.