My Standard Network Architecture For Deployments
HTML-код
- Опубликовано: 4 окт 2024
- In this video I go through and explain the basic (very simple) network architecture that I utilize for a great deal of my consulting. It is a simple standardization approach that makes life clean and easy with great economies of scale (it can go over 2500 branches).
Buy Hardware: bit.ly/2QZVeqh
Get Consulting: bit.ly/36FinSU
My Other Projects:
Office Of The CISO: bit.ly/3HGMH1o
Packet Llama: bit.ly/3SEX3H4
###### SOCIAL LINKS ######
Twitter: bit.ly/2WXiRAv
Facebook: bit.ly/3eigz4D
Instagram: bit.ly/3cZneAz
######################
be great to have a video that goes much deeper into VLAN's & subnets for multiple offices like this one touched on
Looking forward to the ADVPN (/W BGP) videos! Great content as always
Great to have you back! Hopefully some ZTNA videos would be awesome.
Great to have you back... The most important thing is that you have a lot of work and no other issues...
Can't wait for the next videos, I have learn a lot of them.
Regards.
Ha every time i see your videos, your beard is just that much bigger. Glad your back/still around.
I don't even have any fortinet gear, but I wish this guy made more videos.
My man! Hope you are well!
Keep safe and healthy, master....
good to see you back. I was working with a guy named Will Neighbors recently and we got to talking about your channel lol. hope you're doing well!
I am still salty that he left....... :-P Hope you guys are well! Next time you talk to him you need to tell him he owes me some tequila. LOL
@@FortinetGuru 🤣 we've been working on a splunk migration to the cloud. He's good people. I'll be sure to remind him about the tequila 😅
I miss you, regards from Madrid, your content is spicy and great
The upside to using a RFC1918 subnet for a business is that you've got lots of flexibility in terms of how you allocate IP's. And in this case you've got 16 million+ IP's available in the 10.x.x.x network. The downside is when your business merges with another and you've now got to either merge both schemes together, or re-address one of the networks to allow it to successfully cohabitate with the other.
Or just check where their networks need to work with each other and create a couple of NAT rules.
Thats fucking awesome and just blew my mind. Thanks
(2:50) Very smart !
The only problem with this speciifc layout for vlans/subnets, is that you would not be able to easily summarize routes from location to location. So static routes for an entire site would be a pain, or qos targeting from different vendors etc.
IMO, I think its best to use 10.X.Y.Z (X for site, Y for vlan, Z for host). This allows route / network summarization much easier.
I agree on the summary routes. I do this setup for most larger deployments because it supports such a large number of branches.
If there is no way an organization is going over 256 locations I would let it ride with the second octet being the identifier for the location. Otherwise, the way I mentioned plus dynamic routing makes sense for most of my setups.
@@FortinetGuru interesting. Have you worked with a lot of enterprises with more than 250 locations?
I went a few years without having a single one. I have roughly 6 that do now (or will soon).
@@FortinetGuru wow, nice. Think the most sites I've had to deal with is 40. Amazing how things can grow so quickly.
@@seantellsit1431 retail sector is one for sure. POS locations stuff like that are common places to have thousands of locations or multiple hundreds.
Glad you are back. I agree with a post here about your beard. How far down is enough? Good videos!
😎 going for ZZ Top…..j/k. It’s about to get boxed out and trimmed before the Splunk conference.
keep it up bro
Yuh talk sense today, mentor the younger folks.
Thanks
I know this is for fortinet but have you done anything with Sophos fIrewalls? I would love to see a few setups if you were looking to mix up. Great Videos. Thanks
I am about to start a general channel covering more.
Is the DATA-VLAN the same as the MGMT network? What subnet do you use for the DMZ?
Def cannot agree on the subnetting design for sure. But can't say in all my years of engineering/architecting I have ever been able to greenfield a subnet design, kinda just given shit and have to deal with it.
Oh yeah. I’ve only had one client let me greenfield something and run with it. Usually it’s a shit sandwich and I gotta eat it / make do.
Hi Bro. I need to remove Fortinet device from FortiCloud. How to do?
I'm looking to replace my UniFi gear with Fortinet, Does Fortinet require a license for the Access Points and for the switches and maybe for the Firewall? This will be for home NOT Business
Requires license if you want firmware / security features / support on the APs / switches.
Fortigates require license if you want unified threat management/support/firmware.
@@FortinetGuru do you recommend it, since this is for my home network. I run PFsense as my firewall.
I would on the firewall for sure so you can use web filtering etc. unless you don’t care about that.
We are using /16 and same vlan ids
It works well for sure.
How to whitelist an outside company IP address to access my server only port 3306
Set external company IP as source. Your device via VIP as destination with the service to be tcp or udp 3306
@@FortinetGuru Thanks for the reply Guru, i'll configure and check...
Hi FortiGuru Jack Black, take care. :)
😂
@@FortinetGuru All the best, bro. Nice beard btw. :)
So ... wait, when you go to the 256th site, your VLAN no longer matches your subnet? NOOOOOOOOOOO. VLAN 10 having the subnet off by 1 (or more) would make me insane.
😂😂the OCD gets me a little as well
@@FortinetGuru I guess I'm just not cut out to manage a network with > 255 locations. I can't think of a better layout, but not matching one of the octets to the VLAN would destroy my chill.
Good opportunity to pour yourself a drink haha. It bugged me at first too.
you just described a simple ip plan... not really a full "network architecture"
IT worker with stress reaction -> very likely untreated ADHD and/or autism. Take care of yourself brother.
hi guru, younger folks here >> thanks for this info 👍
may I know what FortiOS version for FortiGate u usually used in most of your clients, the most stable, less bug 🙏😎
I am still mostly running 6.4.9. I am moving everyone to 7.0.6 when it comes out as long as there are no glaring issues.