The Fortigate firewall was deployed on a VM, and it is easy to remove the interfaces on the VM.

@@techy-world3716 i saw, sorry i didnt watch far enough, your video is very good and well explained, thank for for the quality content!

@@techy-world3716 one more quick question, when i tried to move the ip scheme i had on the physical port 2 "10.0.0.1/24" to the VLAN (VLAN 10) the VM is saying "conflicts with "port2" Subnet" do you know why it would say that when i try to move the ip address to the vlan when the physical port , port 2 doesn't have an ip anymore (0.0.0.0/0) ?

@@jonathanwinnick1909 Change the IP on port 2 to something else like 192.168.10.1/24, then move the 10.0.0.1/24 to the VLAN.

@@techy-world3716 so basically the physical port needs to have an IP no matter what?

@victorjames6242 You can balance the traffic across both link, you can select both outgoing interface as your interface preferences. The short answer is YES you can use both link simultaneously

You are absolutely correct about hotels and motels blocking port 443. I recommend people use their own personal Hotspot if possible. Public WiFi is not the best.

@@techy-world3716 I have seen here that cell hotspots also block non typical ports so 443 is also the best there

Yes, there is no need to setup smtp server and port.

@@techy-world3716 Thanks

@@techy-world3716 But if I have my smtp server in cloud or local, how to specify?

LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.

Please watch the Part I of this Video kzfaq.info/get/bejne/l7R4fLSV3L7Gkac.htmlsi=0OUvlJpzNP0zxui3

Check your SPAM inbox, FortiToken can be sent into your GMAIL inbox without issue.

GNS3 is the application used to draw the topology

When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.

I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.

The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible

Great suggestion!

Glad you liked it!

Yes the fortigate can use multiple public IP

Try input the token faster. If you get the token via email it may sometime be delayed. Try to see if you get it faster on mobile phone or on desktop app.

This article will help on how to configure ISP1 and ISP2 docs.gns3.com/docs/using-gns3/advanced/connect-gns3-internet/

@@techy-world3716 I manage to have internet with one cloud using NAT and the other with a bridge adapter, so both have different IP's and static routes. The problem right now It's that the phase 1 is down and the troubleshooting of fortigate are not very helpfull.

It maybe possible, I haven't had reason to use that myself. This article might help. docs.fortinet.com/document/fortigate/7.4.3/administration-guide/724772/ssl-vpn-multi-realm

No, you don't need a single public for each services, you could have multiple services on a single public IP

@@techy-world3716 When I try to create a second policy i always get the error "The same service port cannot be used for one Virtual IP twice." and I'm stuck with it :(

Glad it was helpful!

I will consider that

Am happy it was helpful

The access will be applied to the LAN interface e.g port 1 if you are using physical port or the VLAN interface e.g Data VLAN. You can also apply it to multiple interface but not on the zone.

Yes, I have created a data vlan 10 under port 1 and i am trying to access it from vlan 10 interface also https is enabled on that interface.

Have you lost all access to the device or can you get in via console or ssh?

The device you are accessing it from must be in VLAN 10 subnet as well. That is very important

If you are still having issue, I can look at in over a remote session if you want.

No there is no need to have policy between VLAN but there are reasons to why you may want someone to have access to a specific VLAN other than where they belong. For example if you have a Camera VLAN and you belong to Data VLAN you won't be able to view the camera from your network device in Data VLAN without having a policy to allow your device or the entire Data VLAN. I hope this helps

Yes, it works perfectly. You have same functionality as what comes from a box. The VM version is very similar to the hardware.

@@techy-world3716 thankyou so much But I have missed 1 questions which I have not mentioned if I don't have VMware hardware but I have installed VMware software in our computer does it work ? Plz reply

It will work on your VMware without any problem.

​@@techy-world3716thankyou so much for helping us😊

Yes, the VM version has transparent mode. The VM version has 4 modes: Reverse Proxy Mode, Offline Protection Mode, True Transparent Proxy Mode and Transparent Inspection mode

I will work on that soon. Watch out for new videos

No!, using the server's real IP address shouldn't be an issue, but following the steps in this video is recommended.

Very soon, I will be making that video

Point taken, I will ensure that I show more testing in my next videos. But be assured that these steps are what is required on the FortiGate.

Internal network can reach each other using the layer 2 switch, it doesn't get to the firewall. Once the data frame is sent to the switch the switch will forward the data frame to the other device using the MAC address table.

Yes that should fix it, but ensure that the firmware is same on both device. The most common issue is when there is a different configuration on the firewall that is not configured on the other that will cause the out-of-sync issue not to be resolved.

@@techy-world3716 thanks. Righ now the secundary is with the 7.2.4 and the primary with the 7.2.2. Should I upgrade the primary first? Regards

As long as both of them are on same version you should be fine, it doesn't matter which is upgrade first. But I will upgrade the lower version first to match the higher version. Either way it should work once they are on same version.

Am glad you love them, I can be of help with your NSE4. Here is my email [email protected]