how were you able to delete the port 3? it seems to be complicated in Fortigates.
@techy-world37166 күн бұрын
The Fortigate firewall was deployed on a VM, and it is easy to remove the interfaces on the VM.
@jonathanwinnick19096 күн бұрын
@@techy-world3716 i saw, sorry i didnt watch far enough, your video is very good and well explained, thank for for the quality content!
@jonathanwinnick19096 күн бұрын
@@techy-world3716 one more quick question, when i tried to move the ip scheme i had on the physical port 2 "10.0.0.1/24" to the VLAN (VLAN 10) the VM is saying "conflicts with "port2" Subnet" do you know why it would say that when i try to move the ip address to the vlan when the physical port , port 2 doesn't have an ip anymore (0.0.0.0/0) ?
@techy-world37166 күн бұрын
@@jonathanwinnick1909 Change the IP on port 2 to something else like 192.168.10.1/24, then move the 10.0.0.1/24 to the VLAN.
@jonathanwinnick19096 күн бұрын
@@techy-world3716 so basically the physical port needs to have an IP no matter what?
@victorjames624214 күн бұрын
Thank you for sharing. what is the possibility of using both links at the same time. or combining both links to increase the bandwidth size
@techy-world371614 күн бұрын
@victorjames6242 You can balance the traffic across both link, you can select both outgoing interface as your interface preferences. The short answer is YES you can use both link simultaneously
@myself-tp2my14 күн бұрын
best practice is to change the FGT management port also, not just the SSLVPN. Also hotels, motels and other such sites will probably block SSLVPN on a port other than 443.
@techy-world37166 күн бұрын
You are absolutely correct about hotels and motels blocking port 443. I recommend people use their own personal Hotspot if possible. Public WiFi is not the best.
@myself-tp2my6 күн бұрын
@@techy-world3716 I have seen here that cell hotspots also block non typical ports so 443 is also the best there
@narfnn211115 күн бұрын
tks a loot !!!!
@vicentegonzales36922 күн бұрын
HI what is the default gateway of the Winserver 2016 ? plase it is 192.168.177.3? or 192.168.177.1/24 and what happen if i put the server behind the Fortiwe which will be the default gateway?
@AlwaysbeingLu27 күн бұрын
thanks for this man.
@AlcidesFerreira2024Ай бұрын
No need to setup smtp server and port first in settings?
@techy-world3716Ай бұрын
Yes, there is no need to setup smtp server and port.
@AlcidesFerreira2024Ай бұрын
@@techy-world3716 Thanks
@AlcidesFerreira2024Ай бұрын
@@techy-world3716 But if I have my smtp server in cloud or local, how to specify?
@adrianmisischia1953Ай бұрын
tkns
@maurofadda289Ай бұрын
the LAN 2 network is basically the management,right?Great video
@techy-world3716Ай бұрын
LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.
@abdullahkuspnar5312Ай бұрын
First of all, thank you for a very useful video. But how can you access GUI interfaces from your own Windows Machine by saying 192.168.177.3 or 192.168.177.1? There must be a setting here. In addition, how is it that you can ping 192.168.177.54 ip address from your own machine again? I think there is a configuration here that we have not seen in the previous video before?
@techy-world3716Ай бұрын
Please watch the Part I of this Video kzfaq.info/get/bejne/l7R4fLSV3L7Gkac.htmlsi=0OUvlJpzNP0zxui3
@disconnected582 ай бұрын
Hello, help, the token code does not arrive in my Gmail inbox, my question is if something additional has to be done in Gmail so that it receives the Fortigate token messages
@techy-world3716Ай бұрын
Check your SPAM inbox, FortiToken can be sent into your GMAIL inbox without issue.
@zinenhleDhludhlu-bf7ez2 ай бұрын
Very informative , I've just solve my ticket with this knowledge , thank you
@livestronger19812 ай бұрын
Oh cool. What program did you use to draw the Topology?
@techy-world37162 ай бұрын
GNS3 is the application used to draw the topology
@livestronger19812 ай бұрын
I have a questions. Is there a difference between enabling NAT on the Policy? What does it do?
@techy-world37162 ай бұрын
When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.
@livestronger19812 ай бұрын
This is great. The only improvement I see is to setup the actual outgoing Destination in the Firewall policy rather then just selecting "ALL". This is a best practice so that the SDwan service is only dedicated to that one remote network. If you have two or 3 then maybe selecting ALL makes more sense. Right?
@techy-world37162 ай бұрын
I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.
@yvesneptune2 ай бұрын
Can I configure IP addresses on both the physical interface and VLAN interface as router on a stick. And reach the physical interface on a switch that has a port in Access mode???
@techy-world37162 ай бұрын
The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible
@nshutifreddy92792 ай бұрын
Thanks man! it was helpful
@1990punit2 ай бұрын
Amazing video, thank you for the explanation. Would you please create a video on how to setup True Transparent Proxy mode?
@techy-world37162 ай бұрын
Great suggestion!
@andrenelson81882 ай бұрын
Great video. Thanks man
@techy-world37162 ай бұрын
Glad you liked it!
@nocsoc2 ай бұрын
Hi can i add multiple public ip to fortigate interface in GCP. So that i can bind them with different Internal IP in VIP.
@techy-world37162 ай бұрын
Yes the fortigate can use multiple public IP
@fahrul4392 ай бұрын
sometime i'm having problem cannot connect to the vpn after received token code "Credential or SSLVPN configuration is wrong.(-7200)" any advise?
@techy-world37162 ай бұрын
Try input the token faster. If you get the token via email it may sometime be delayed. Try to see if you get it faster on mobile phone or on desktop app.
@Wholnir2 ай бұрын
How did you configurate ISP 1 and 2? Because I have 2 clouds connected to the same bridge adapter and in order to give internet access to both Firewalls I need to configure both with the same static route.
@techy-world37162 ай бұрын
This article will help on how to configure ISP1 and ISP2 docs.gns3.com/docs/using-gns3/advanced/connect-gns3-internet/
@Wholnir2 ай бұрын
@@techy-world3716 I manage to have internet with one cloud using NAT and the other with a bridge adapter, so both have different IP's and static routes. The problem right now It's that the phase 1 is down and the troubleshooting of fortigate are not very helpfull.
@vishnuk95232 ай бұрын
My eve-ng lab FortiGate vm firewall limit with 3 interface. It says trail vm license support 3 interface. How to use more interface.
@mitchellsmith46012 ай бұрын
I didn’t know you could set SMS for two-factor. Not great, but better than nothing.
@mrcraigaddison3 ай бұрын
Hi, is it possible to use a different alternative SSL certificate for each realm?
@techy-world37162 ай бұрын
It maybe possible, I haven't had reason to use that myself. This article might help. docs.fortinet.com/document/fortigate/7.4.3/administration-guide/724772/ssl-vpn-multi-realm
@MiladMantashi3 ай бұрын
thanks bro
@antoniocintora11574 ай бұрын
Nice tutorials! Foreach public facing service do I need to have a public IP? Or it can be redirected in any way directly from de FortiGate?
@techy-world37164 ай бұрын
No, you don't need a single public for each services, you could have multiple services on a single public IP
@antoniocintora11574 ай бұрын
@@techy-world3716 When I try to create a second policy i always get the error "The same service port cannot be used for one Virtual IP twice." and I'm stuck with it :(
@mayankbisht33854 ай бұрын
i didn't know that we can add email address under the user from the CLI. That's new to me. Thanks
@mayankbisht33854 ай бұрын
Thanks for your video, this was very helpful.
@techy-world37162 ай бұрын
Glad it was helpful!
@aushunter.825 ай бұрын
Hi @Tech-World, Thanks for this video. It was really helpful.
@Danielcoouto5 ай бұрын
Do you intend to take a course or publish a download link for this entire laboratory? that would be very useful
@techy-world37165 ай бұрын
I will consider that
@Brunojlm6 ай бұрын
Awesome! Thank you for the video!
@techy-world37166 ай бұрын
Am happy it was helpful
@manoranjanmahanta15636 ай бұрын
After doing this i am not able to access the firewall from lan zone. So how to get access it.
@techy-world37166 ай бұрын
The access will be applied to the LAN interface e.g port 1 if you are using physical port or the VLAN interface e.g Data VLAN. You can also apply it to multiple interface but not on the zone.
@manoranjanmahanta15636 ай бұрын
Yes, I have created a data vlan 10 under port 1 and i am trying to access it from vlan 10 interface also https is enabled on that interface.
@techy-world37166 ай бұрын
Have you lost all access to the device or can you get in via console or ssh?
@techy-world37166 ай бұрын
The device you are accessing it from must be in VLAN 10 subnet as well. That is very important
@techy-world37166 ай бұрын
If you are still having issue, I can look at in over a remote session if you want.
@azeem200906 ай бұрын
is there any need to have policy between one vlan in firewall?
@techy-world37166 ай бұрын
No there is no need to have policy between VLAN but there are reasons to why you may want someone to have access to a specific VLAN other than where they belong. For example if you have a Camera VLAN and you belong to Data VLAN you won't be able to view the camera from your network device in Data VLAN without having a policy to allow your device or the entire Data VLAN. I hope this helps
@chandanchauhan4066 ай бұрын
Hello with this fortigate firewall deployment in VMware if we want to block any of the social sites on our home network does it will work or not plz reply
@techy-world37166 ай бұрын
Yes, it works perfectly. You have same functionality as what comes from a box. The VM version is very similar to the hardware.
@chandanchauhan4066 ай бұрын
@@techy-world3716 thankyou so much But I have missed 1 questions which I have not mentioned if I don't have VMware hardware but I have installed VMware software in our computer does it work ? Plz reply
@techy-world37166 ай бұрын
It will work on your VMware without any problem.
@chandanchauhan4066 ай бұрын
@@techy-world3716thankyou so much for helping us😊
@bayusangkaya55256 ай бұрын
Thank you for this playlist, really help me to understand FG and FWB appliances. I have one question, can I set a transparent mode Fortiweb on this FWB VM?
@techy-world37166 ай бұрын
Yes, the VM version has transparent mode. The VM version has 4 modes: Reverse Proxy Mode, Offline Protection Mode, True Transparent Proxy Mode and Transparent Inspection mode
@user-im8zm8oe6j7 ай бұрын
Great work, please prepare a complete fortiweb configuration tutorial
@techy-world37167 ай бұрын
I will work on that soon. Watch out for new videos
@user-mh1gs8gp7i8 ай бұрын
Fantastic! Thanks so much. I have a question, If I use a real ip of server Is it a problem?
@techy-world37168 ай бұрын
No!, using the server's real IP address shouldn't be an issue, but following the steps in this video is recommended.
@mostofakalam39948 ай бұрын
Very insightful. When the part 4 coming along? Can you please cover how to configure FortiWeb for multiple server hosting public-facing services?
@techy-world37168 ай бұрын
Very soon, I will be making that video
@Nicolasjelincic15209 ай бұрын
Very good video and deployment. We are waiting to see this solution with load balancer sandwich!
@Nicolasjelincic15209 ай бұрын
Good video!!!
@tamoorali90659 ай бұрын
where is the live testing you did not connect anything and test anything or live anything
@techy-world37166 ай бұрын
Point taken, I will ensure that I show more testing in my next videos. But be assured that these steps are what is required on the FortiGate.
@antoniocamacho39319 ай бұрын
Great video!
@mohamedeladl62739 ай бұрын
how the internal networks reached to each others while no routing between them??
@techy-world37169 ай бұрын
Internal network can reach each other using the layer 2 switch, it doesn't get to the firewall. Once the data frame is sent to the switch the switch will forward the data frame to the other device using the MAC address table.
@rage2k69 ай бұрын
Great video. I'm New with Fortinet and in my new job I have to manage several branch offices with Forti 40F. today I performed the firmware upgrade from 7.2.2 to 7.2.4 and lost the HA sync (out of sync). so, with the diag sys ha checksum recalculate command it should bring back up the HA? I already check the checksum and is different in both the FW. Thanks in advance. Regards
@techy-world37169 ай бұрын
Yes that should fix it, but ensure that the firmware is same on both device. The most common issue is when there is a different configuration on the firewall that is not configured on the other that will cause the out-of-sync issue not to be resolved.
@rage2k69 ай бұрын
@@techy-world3716 thanks. Righ now the secundary is with the 7.2.4 and the primary with the 7.2.2. Should I upgrade the primary first? Regards
@techy-world37169 ай бұрын
As long as both of them are on same version you should be fine, it doesn't matter which is upgrade first. But I will upgrade the lower version first to match the higher version. Either way it should work once they are on same version.
@piotrkotowski13619 ай бұрын
I'm doing the same steps at Cisco Firepower 1010 Threat Defense (FTD) using Firepower Device Manager (FDM) but I'm having the same type of errors. This is the 1st one: "Blacklisted cli error: clear dhcpd binding all". Any ideas?
@2010blankspace9 ай бұрын
I like your videos and I need a mentor to configure the FortiGate/nse4 part (if you have any other contact, I would appreciate it if you share ). I am already using GNS3 to learn.
@techy-world37169 ай бұрын
Am glad you love them, I can be of help with your NSE4. Here is my email [email protected]