Scribd
Upload
42 views

20-Redundant+Interfaces - Fortigate

20-Redundant+Interfaces - Fortigate

Uploaded by

Garudmani Pavan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views

20-Redundant+Interfaces - Fortigate

20-Redundant+Interfaces - Fortigate

Uploaded by

Garudmani Pavan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

https://docs.fortinet.com/document/fortigate/7.4.

1/administration-guide/567758/aggregation-and-redundancy

FW Port-3&4 are redundant interfaces connected to LAN


Redundant Interfaces Lab: (remote-sw) and PC1,PC2 are connected to SW. Traffic
from this PCs passes via SW via one redundant interfaces
and to Internet via WAN

Switch Configuration
Switch(config)#hostname Remote-SW
Remote-SW(config)#interface range ethernet 0/0,e0/3
Remote-SW(config-if-range)#switchport trunk encapsulation dot1q
Remote-SW(config-if-range)#switchport mode trunk

Firewall initial Configuration


FortiGate-VM64-KVM # config system global
FortiGate-VM64-KVM (global) # set hostname FW4
FortiGate-VM64-KVM (global) # end
-By default it is static, changing mode from dhcp to static.
FW4 # config system interface -If you dont allow ssh,http with "set" command , you cannot access thiss FW.
FW4 (interface) # edit port5 -There is no commit in Forigate, once you come out of config mode, config gets applied
FW4 (port5) # set mode static
FW4 (port5) # set ip 192.168.100.240/24
FW4 (port5) # set allowaccess https http ping ssh telnet
FW4 (port5) # end
In previous labs, we got dhcp IP to FW from MGT PC, here we are giving static IP

Now we can access the FW:192.168.100.240 from our laptop browser as it is


FW connected MGT cloud PC in lab diagram

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Login to FortiGate Firewall type http://192.168.100.240 in any browser.

To configure an interface, go to Network > Interfaces Click Create New > Interface.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Now go to WAN 2 & change from DHCP to static & save this received IP statically, Did same for WAN-1, it got some IP from dhcp & saved static later

Type the name, Alias, select Interface type Redundant interface, Assign the Gateway IP address.

Finally, Redundant interface has been configured combine Port3 and Port4.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Go to Network > DNS Set DNS Servers to Specify, Configure the primary and secondary DNS
servers as needed. Configure additional DNS settings as needed Click Apply.

Create a new default route, go to Network > Static Routes.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

WAN device, has gateway IP of 192.168.3.254 and this is next hop for creating
static route from FW for sending lan traffic to internet
Create a firewall policy, go to Policy & Objects > Firewall Policy, and click Create New. Type the
name of the Policy, choose incoming Interface Redundant-IF, outgoing Interface ISP-1 click OK.

Port-2 also connected to WAN-2, why


that is not selected as as outgoing
interface??

Open this Linux PC, right click> Network manager>

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Assign IP address to Remote-PC1 10.0.6.1 with subnet mask 255.255.255.0.

Test and Verification:


Let’s try continue ping from Remote-PC1 to google DNS 8.8.8.8

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Shutdown FW interface
FW4 # config system interface
FW4 (interface) # edit port3
FW4 (port3) # set status down
FW4 (port3) # end

After shutdown the interface there is one drop the interface switchover.

Shutdown FW interface
FW4 # config system interface
FW4 (interface) # edit port3
FW4 (port3) # set status up
FW4 (port3) # end

After bring up the interface there is one drop the interface switchover.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

Similarly capture port4


and keep continuous
ping from PC1 and PC2
Down and UP port3 and port4 of Fortigate Firewall to see the traffic switchover to other port.

Priority-Override is enable when port3 is back it will be used again.

This is like Preempt


concept in cisco HSRP,
here it is by default
enabled

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

You might also like