2 жыл бұрын
3 жыл бұрын
3 жыл бұрын
3 жыл бұрын
3 жыл бұрын
3 жыл бұрын
3 жыл бұрын
Пікірлер
@RileyNolan-uw6ds 29 күн бұрын
Awesome video
@leeoswald9799 2 ай бұрын
Terrible accent makes video unwatchable!
@Taurusali786 2 ай бұрын
Awesome, thank you so much for making this video. Please make more videos.
@tendaimusonza9547 2 ай бұрын
Thank you, I will
@TINTIN0107 3 ай бұрын
This is great!!! If you get some free time, can you please teach how to create BGP over IPSEC in VSX with R81.10 ?
@picshh 3 ай бұрын
Perfect ! Thanks for a great video Tendai . Thumbs up !!
@tendaimusonza9547 3 ай бұрын
Thank you , that motivates me to keep sharing
@thohuynh9132 4 ай бұрын
You have great potential in teaching, Tendai . It would be great if you made a video about VPN setup between Checkpoint on aws and check point on-prem .
@tendaimusonza9547 4 ай бұрын
Thank you for the motivating words ,much appreciated
@charlesearle2055 4 ай бұрын
@@tendaimusonza9547 He's right :) You do a great job!
@thohuynh9132 4 ай бұрын
So what is the reason why do we cant saw the log in the smart console . I had the similar issues , and cant resolve =))
@thohuynh9132 4 ай бұрын
Dear Tendai , One more question is if we have VM bastions in the Public subnet area, how can we let them go outside or inside the private subnet by passing through the check point firewall. Is there any way we can do that?
@RajeshVerma-mp8qk 5 ай бұрын
excellent desciption about Firewall Endpoint. Thank you Sir
@tendaimusonza9547 5 ай бұрын
Glad it was helpful!
@diaphanoux 6 ай бұрын
Excellent video. Do you have the other video for Checkpoint in a cluster?
@aravindviswanathan6884 7 ай бұрын
Really an informative one buddy. Thanks a lot
@abrhammekonnen8759 8 ай бұрын
Thanks you help me a lot
@tendaimusonza9547 8 ай бұрын
Glad to hear , thank you for the feedback.
@royalapples9707 9 ай бұрын
Still a GOAT!!
@manibabui7585 9 ай бұрын
Awsome video 👏👏 Thank you so much for vreating such video
@mand1ah 10 ай бұрын
Clear and well explained...luving this
@ciscoboy-devon1732 10 ай бұрын
Excellent Video My Leader 😇 Thanks for sharing.
@gouthampratapa4519 10 ай бұрын
how does this change for subnet that is connected to nat-gateway and followed by internet gateway ?
@TINTIN0107 Жыл бұрын
man!!! Thank you soooo much!!! your time and effort to teach us this is truly appreciated.
@benpater1353 Жыл бұрын
The resolution sucks as does your third world nigger asshole accent.
@pstruh22 Жыл бұрын
Hi, need advise, I have configured VPN as described, tunnel is UP, I see traffic towards AWS in logs as encrypted but still cant access AWS server? What cloud be the problem? Any idea?
@tendaimusonza9547 Жыл бұрын
Hello ,do you have the route back towards VGW in AWS for VPN traffic ,also did you add the static route on the actual vpn tunnel back to checkpoint , also take note if the server you are testing with is windows only test with RDP since windows firewall drops the other protocols . you can also add flow logs to confirm traffic in AWS and let me know what you see . you can also test traffic in the opposite direction and see if there any decrypts as another of verifying route back to checkpoint form AWS
@pstruh22 Жыл бұрын
@@tendaimusonza9547 Hi, we dont have access to AWS site, AWS is build by 3rd party. From checkpoint we have static route towards Azure routed via tunnel interface. I can ask if they see traffic in AWS, not sure if I can do something more on checkpoint. Just wanted to by 100% sure that traffic is leaving checkpoint FW, all I see is logs that traffic towards Azure is hitting VPN community with description Encrypted in community AWS-xxxxx. We testing only HTTPS traffic.
@user-ie9nb5nt6b Жыл бұрын
On 7:08, you mentioned about the auto-created GatewayLoadBalancer Endpoint, however on my end, it isn't auto created and I can't seem to be able to create the Endpoint as I am unsure what Service Name to select. I have 2 VPCs, in one - it auto-created, in another one - it didn't auto-create. Not too sure why. The only thing that was auto-created is the Gateway Endpoint with service name '.....s3'.
@tendaimusonza9547 Жыл бұрын
Hello ,Thanks for reaching out to me . Please note that the AWS Network Firewall is powered by the AWS Gateway loadBalancer behind the scene and its not you who set this endpoints up but AWS process does it for you since this is a managed service. after you create the AWS Network firewall you go search under endpoints and should see a gateway loadbalancer endpoints whose ID's you can use as next hop for your routing .adding the next hop use using the ENI or endpoint ID has the same effect .You do not need to create an endpoints as you mentioned ,all you do is to provision the firewall and that will do endpoints for you.
@robsonallenchirara Жыл бұрын
Nice video
@robsonallenchirara Жыл бұрын
Thanks mdhara
@tendaimusonza9547 Жыл бұрын
its only a pleasure , you are welcome Robson
@Sri-vk7gx Жыл бұрын
Hi, This is Pure GOLD!! Can you please post an video on Checkpoint Cluster especially with the application being on different VPC/subnet. This will help in gaining an better understanding of the routing/next-hop and so on.. Thanks for the great stuff.
@yoominbi Жыл бұрын
Hello, one question - So does it mean that if I have an Existing VPC with 2 Public & 2 Private Subnets, IGW, NatGW, and have EC2s already setup on these private subnets, I'll have setup everything back from scratch due to the Firewall Subnets?
@tendaimusonza9547 Жыл бұрын
Hi Yoominbi ,thanks for reaching out ,my suggestion is that if you do not have available subnet ranges for these extra ones required you can extend your VPC with a secondary CIDR rather than destroying your setup , checkout this link aws.amazon.com/about-aws/whats-new/2017/08/amazon-virtual-private-cloud-vpc-now-allows-customers-to-expand-their-existing-vpcs/ . hope you will find this handy.
@yoominbi Жыл бұрын
@@tendaimusonza9547 Thanks for the prompt reply! So if I have available subnets that can be used (as current VPC only using 10.x.x.x subnet), I do not need to destroy my current setup? Then how do you suggest I proceed - Create a new Firewall subnet, change the RTB to point existing IGW to Firewall Subnet, etc. ? (ie. play around with RTB)
@tendaimusonza9547 Жыл бұрын
@@yoominbi exactly that should work
@hellosouvik Жыл бұрын
excellent video, many thanks for sharing with us. one thing which is bugging me is route-table entry for "GWLB-Subnet", why we have to provide two transit gateway entry for both spoke vpc? is it really required for E-W traffic.
@tendaimusonza9547 Жыл бұрын
I provided the TGW as the next hop for both Spoke CIDRS since it is the TGW which knows route back for both spokes in this centralized config ,thank you for your comment , hope i managed to answer your question
@andrenelson424 Жыл бұрын
Greetings excellent overview thank you.. I'm building a proof of concept 3 Pairs of Fortigate Firewalls in HA mode Active/Active, across 3 Availability Zones, with AWS load balance, Transit Gateway, FortiManager for centralised management and a FortiAnalyzer as part of the SIEM. (APP VPC, SEC VPC, TRANS VPC)
@naordaniel Жыл бұрын
Great video! I love your voice!
@rohitpundir348 Жыл бұрын
Can i get the documents ,how you have configured all the vpc and subnet ..etc etc
@shirishmaheshwari8611 Жыл бұрын
Just try to elaborate everything properly… Now I know why you have less subscribers. Lol
@tendaimusonza9547 Жыл бұрын
i can assist if you have a specific questions , Kindly note that i only share info here and there voluntarily and not a full time youtuber. its just to help people for free and not for a fee . feedback much appreciated
@abdomordy6935 Жыл бұрын
Did you deployed Fortigate on aws with HA active active in multi AZ environment? if yes can you help by a guide or video?
@kenwalsh224 Жыл бұрын
Thank you so much. This will help a lot.
@mathico2 Жыл бұрын
Hello Sir, How could I renew Cerificate will expire pretty soon how could I renew without having to create new CRT or key for users
@tendaimusonza9547 Жыл бұрын
Hello Bernard ,unfortunately there is no other way that i am aware of except recreating new CRT and key , hopefully you still have your CA server intact
@learning4485 Жыл бұрын
Please do more videos , very nice..
@tendaimusonza9547 Жыл бұрын
will owner the request ,thank you for the support . glad you liked the material
@leenorris2500 Жыл бұрын
Hi Tendai how about Cloudguard VPN S2S to other firewall is it same setup as AWS VPN FW and will i still able to download the configuration file on my AWS dashboard to provide to remote site?
@tendaimusonza9547 Жыл бұрын
Hi Lee ,Thanks for reaching out. Plz note that VPN config download for sharing with remote site is only an AWS feature ,as for Cloudguard to other VPN device you will need to agree and share common parameters .Let me know if I have answered your question
@ItIsFullyFaltu Жыл бұрын
I searched whole internet but couldn't find a proper video explaining the GWLB in detail and how to use it with Appliances. This video is far most the best today and thank you for the help
@learning4485 Жыл бұрын
Ho we can create 100 VPN tunnels at once (which include onprem and AWS) for DR activities?? thanks this video is explaining nicely keep doing more please.
@tendaimusonza9547 Жыл бұрын
Thank you for the kind words ,I am encouraged if the content is helpful ,as for creating multiple resources with terraform you may use functions like for_each .I saw some good material on this link and hopefully it can be of help: developer.hashicorp.com/terraform/tutorials/configuration-language/for-each
@leenorris2500 Жыл бұрын
Hi Tendai 1:01 how can i make my Checkpoint firewall to have this public ip ?
@leenorris2500 Жыл бұрын
Hi tendai i would like to appreciate your work! I subscribe to your channel!
@tendaimusonza9547 Жыл бұрын
thanks, much appreciated
@autoholic_rider Жыл бұрын
Very nice step by step walk through.. keep it up. Any idea on how the set up will look like if we have muti AZ Fortigate HA deployment.. I have issues with LB and endpoints when i have multi AZ and the application VPC are in different VPC, it creates issue.. I am checking further on the set up but with Primary works but failover doesn't.
@shravanchandrashekharaiah Жыл бұрын
Hi, Just wondering if multicast traffic work in this setup, with transit gateway inplace of VPN gateway ? Will it work ?
@satdevlpr Жыл бұрын
I am new to AWS VPC..can you make a video on what AWS services offer as network and security services and is there any free or trial lab on AWS cloud to test it
@tendaimusonza9547 Жыл бұрын
Thank you for the feedback ,that will help me in balancing content on my future videos .you may also open an aws free tier account for learning however exercise caution on usage since not everythung is free however aws documentation clearly states how you can stay within free tier
@shravanchandrashekharaiah 2 жыл бұрын
thank you very much for the video, I was able to get it working without much of an issue
@tendaimusonza9547 2 жыл бұрын
Glad to hear ,Thanks
@sreefriend7k7 2 жыл бұрын
I am beginner to ASA. I googled but no luck. I am facing this error: ciscoasa(config)# crypto ikev1 enable outside ^ ERROR: % Invalid input detected at '^' marker. ciscoasa(config)# Can you help me please? Thanks a lot!
@mohammedmustafaali1049 2 жыл бұрын
Always here for the rescue,, thanks a million boss!!!!
@carlosemanuelbonilla904 2 жыл бұрын
this same logic applied for North South traffic flow right?
@zeeshanishkay9268 2 жыл бұрын
how can we get fortiguar update in this scenario? port1 i have created geneve for data traffic so how i can communicate with fortiguard for update?? can u help?
@tendaimusonza9547 2 жыл бұрын
Hi Zeeshan ,that's a valid point ,to get updates you have to change the routing ,instead of using default route to geneve use specific routes for VPCs cidrs and then default traffic to a different port with route to internet .i used 0.0.0.0/0 just for quick demo
@fuzzzy17 2 жыл бұрын
Amazing explanation with live troubleshooting. Very clear and to the point. Thank you so much!
@tendaimusonza9547 2 жыл бұрын
it's a pleasure, thanks
@mohammedmustafaali1049 2 жыл бұрын
you always got me boss,,, thanks from my heart
@mohammedmustafaali1049 2 жыл бұрын
this is neat,,, thanks boss