No video
FortiGate: Basic Configuration - FortiOS 6.4.0
Рет қаралды 49,561
Күн бұрынEDIT: On The DNS policy I incorrectly did NOT select DNS as the service. In order for that policy to work as intended in the video you will need to select DNS as the service.
I get asked a lot about basic FortiGate Configuration procedures. A lot of it has to do with the environment that the device is going into. My other basic configuration video was on an older firmware. This video covers a basic FortiGate Configuration on FortiOS 6.4.0
A lot is the same but some has changed. This video also dives deeper and discusses some of the the things we run into like the architectural concepts and the organizations best practice.
Buy Hardware: bit.ly/2QZVeqh
Get Consulting: bit.ly/36FinSU
My Other Projects:
Office Of The CISO: bit.ly/3HGMH1o
Packet Llama: bit.ly/3SEX3H4
###### SOCIAL LINKS ######
Twitter: bit.ly/2WXiRAv
Facebook: bit.ly/3eigz4D
Instagram: bit.ly/3cZneAz
######################
@FortinetGuru 4 жыл бұрын
On The DNS policy I incorrectly did NOT select DNS as the service. In order for that policy to work as intended in the video you will need to select DNS as the service.
@dermitdemwolftanzt4033 3 жыл бұрын
Hello Fortinet Guru, this insite and out side Zone not working on my Fortigate 90D. I can´t add Interfaces to inside or Outside. only Wan2 is shown FortiOS 6.0.11
@TmurphyIT 3 жыл бұрын
So would we make 2 policies? One for just DNS and one catch all?
@somalsharma3175 10 ай бұрын
what the difference with the 61e vs 60d ?
@FortinetGuru 10 ай бұрын
61e is substantially faster.
@FortinetGuru 9 ай бұрын
The E is substantially stronger and more modern. Both are old comparatively though as the F models have been out for a while and the G models are hitting the market as well. @@somalsharma3175
@jefflambert7513 3 жыл бұрын
I know understand the CATCH-ALL, it temporary until security policies are realized. I knew one of your videos was going to answer this ... Thanks !!! Really enjoy these, you do an excellent job explains ... appreciate you and the time invested.
@jefflambert7513 3 жыл бұрын
I now understand...fat fingers
@alebored1710 4 жыл бұрын
Great video! my request would be a dmz vídeo protecting a web server and addressing the need for that server to speak to an internal server how to securely do this thank you!
@flomax_actual 3 жыл бұрын
I just picked up a couple 60E to replace some old Cisco ASA 5505. I enjoyed this video on basic setup and look forward to viewing some more of the additional content you have created. -Kyle
@garrettjackson8417 4 жыл бұрын
Great video. I see the value in the catch all. Gives me some ideas on what I can do to change some of the networks I manage. Please show more of how you set up the networks. It is very valuable. Thank you.
@PergiZoltan Жыл бұрын
What an absolute legend! Thanks for the video, helps a lot with basic SOHO config.
@jerryactrik1901 3 жыл бұрын
such a great video. Took some notes and will be implementing tomorrow!
@johngustin5717 4 жыл бұрын
Just found your channel today - loved this intro to best practices video.
@russellfellows7632 3 жыл бұрын
Very helpful, and great suggestions. Not your first rodeo obviously.
@aba-nascu 4 жыл бұрын
Thank you for all your work!
@youngcchung8176 4 жыл бұрын
Can you explain about voip server as freepbx with vlan? Thank you
@padraics 4 жыл бұрын
Wish I had a spare that actually supported 6.4 to try it on. Anyways, killing with the videos lately!
@ace5264 4 жыл бұрын
Can you cover vpn webmode w a demo particularly about how to access internal resources when it's enabled. For example if I want to rdp to PC on a specific vlan
@arunm6279 4 жыл бұрын
I want to learn about IPS features in fortinet, please give an video for us
@ace5264 4 жыл бұрын
Can you explain use case for explicit and transparent proxy and maybe discuss configuration options. Not much explanation in documentation
@ManuelPerez-gp4se 4 жыл бұрын
Hi, thank you for the video. It is very helpful. I just tried setting up my FortiGate 601E and plugged everything in the way my old firewall was and setup the same IP accordingly. I didn't see a section where you put the Static Routes in. Thank you!
@aronrast 3 жыл бұрын
Thank you man good video !
@mak_ulet 4 жыл бұрын
Very nice tutorial =)
@saifemran4528 4 жыл бұрын
Thank you!!
@supraender 2 жыл бұрын
Thanks for this video, it really helped me set up my 60F at home. Do you have a video of how to review the forward traffic log to create whitelist rules to work towards replacing the catch-all rule with a deny-all rule?
@FortinetGuru 2 жыл бұрын
I will add this to my list. Having a good video explaining how to assess and review logs would be nice.
@RaviChinasamy 4 жыл бұрын
Awesome video. Noticed the little mistake with the dns but doesn't it happen to us all 😅 by the way, just let me knkwnwhen you free to discuss a but about my company's SDWAN project.
@rockomatics4605 3 жыл бұрын
Great Video! Could you please create a video for "Fortigate-homeoffice-use" and especially connect Playstation/Xbox safely to the internet? Thany you!
@JoeyGarcia 3 жыл бұрын
This was cool video. I would really like to see you expand it a bit more. I did notice that you didn't set DNS as the protocol for the DNS policy. Since it has 2 WAN ports, and you configure SD-WAN?
@thomashorstmann8524 4 жыл бұрын
I still missed the IPS config here. It makes sense to use IPS profile default_all_pass in the same way.
@FortinetGuru 4 жыл бұрын
I usually keep IPS to inbound policies for VIPs
@networld9217 4 жыл бұрын
thanks for this new video it's awesome, would it be possible to make a video on how monitors apps and build a app-based policy?
@FortinetGuru 4 жыл бұрын
Absolutely.
@attilavidacs24 2 жыл бұрын
I'm trying to evaluation license and neither my implicit deny or other policies work. They just flash red when I create one, what am I doing wrong?
@PSRENJITH 2 жыл бұрын
Can i use a tp link router as access point with fortigate
@davidarauz1524 2 жыл бұрын
Hi Mike, Quick question do you have the NSE 4 Certification?
@muikac 3 жыл бұрын
Hello, can you block web sites for group of users using web filtering on LAN 1 port and in the same time enable same web sites using web filtwring on port LAN2? Thanks in advance
@philixwartef4803 3 жыл бұрын
Thank you for your videos, they are great. Learnt alot from them. Can you please create video for RADIUS on Wireless SSID - allow users to login using domain user account to Wireless.
@JorgeOvalles1980 3 жыл бұрын
static routes are not necessary?
@chrisfarrugia5397 4 жыл бұрын
Thanks !
@akinlabisemiu605 2 жыл бұрын
Thanks for this video guru, the issue am having is that am using 70D then we are just giving new device 61f with version 6.4.9, Our formal architecture is that we are using transparent mode . We configured statics route IP that will connect to the router gateway, also changed the management IP to our local IP. Then configure policies and securities. That is all. So how can I achieve same on this new box, because this does not have operations system mode, and the default is NAT , how can that be changed. I will appreciate if I can have basic configuration as we have on 70D to be configured on 61F. Thanks aksemtwale
@johnstreff4517 3 жыл бұрын
Hey Mike, thank you for all your great videos! Question: So when gradually implementing deny by default using the catch all policy and then getting more granular, you mentioned that we would start with policies allowing HTTPS, DNS, etc., and then look at what traffic is hitting the catch all policy to further restrict. What do we do about traffic that is not listed under Services, for example HTTPS_BROWSER? Do we create application control profiles that are fully deny by default? Which policy would these apply to? Just looking for some tips here. Thank you sir! I appreciate it!
@ovi6192 2 жыл бұрын
(15:50) shouldn't there be service DNS in place of ALL ?!?!
@RichardDePas 3 жыл бұрын
Are DNS filters only for policies that allow DNS traffic through them? I understood them to do their own lookups for additional filtering on HTTP/S traffic.
@yogeshwarpatil7281 3 жыл бұрын
Very help video and please new username and password video upload
@ace5264 4 жыл бұрын
Can you explain when would use waf and IDS security profile and what configuration options do?
@ace5264 4 жыл бұрын
@Adam Back when would you use one vs the other?
@FlorianZevedei 4 жыл бұрын
On the policy site: Why does the DNS policy only covers DNS requests, when you didnt choose is explicit as a service (like http or https)? Is the reason that DNS inspection at the security profiles ? And does that mean, that these security profiles are linked to a list of port numbers? Thanks! Keep up the good work. Was waiting for a Zone video :-)
@FortinetGuru 4 жыл бұрын
Cause I’m dumb and while making the video didn’t click the proper service. Good catch
@FortinetGuru 4 жыл бұрын
What is bad....I watched the video three times after editing and before posting and still didn't catch that!
@FlorianZevedei 4 жыл бұрын
@@FortinetGuru It is totaly fine, It is good to know, that I myself understand whats happening there and there is not a security hole inside that FortiGate.
@FlorianZevedei 4 жыл бұрын
@@FortinetGuru Maybe, as you surely will do in your daily work, make a "final check" during recording. Take seconds, saves hours.
@anilbeharry 4 жыл бұрын
Hello. Thank you for the informative productions you make. My questions pertains to zones and "block intra zone traffic". Will it be a policy creation if i do want certain inside LANs to be able to access each other? Example, the servers and printers network is accessible by all inside LANs. the accounts LAN and the HR LAN cannot access each other (no inter zone traffic for these 2)?
@t3rb0rg 2 жыл бұрын
Great video. I'm curious (I got to your video after already doing some configuration) and when I try to configure zones, it only allows me to add either of the two VLANs I've already created on the Internal LAN (set as hardware switch on all 6 ports of my 81F). I cannot use any other interfaces to create Zones. Running 6.4.8, can you tell me why this might be the case?
@christiandelosreyes9078 3 жыл бұрын
Hi Guru, I am new to SOC and studying fortigate. Can you verify if the basic outbound traffic rule/policy you created already enabled Stateful Packet Inspection and will allow the incoming traffic? or you need to enable SPI manually and how? Thank you for all the videos btw, it is really helpful
@briank1131 3 жыл бұрын
@fortinet guru do you have any videos for CLI TS and configure. Where i work we dont have GUI access for our customers that use Fortis
@drostoker 4 жыл бұрын
New subscriber. I love you channel. I am trying to configure my first FortiGate (61E) following the excellent advise in your video. It is also on version 6.4.0. When I go into Security Policies I don't seem to be given an option to Clone policies or add a new one. What am I missing?
@georgemendoza7177 3 жыл бұрын
Hello, Fortinet Guru. I just discovered you yesterday, and thanks for all your awesome content. I have the Fortinet 60E/61E WIFI Firewall switch, but how can I, or is there any way I can add my Unify AP's to the Fortinet- - FortiOS 6.2.8 software creating a VLAN. Your feedback is greatly appreciated!
@FortinetGuru 3 жыл бұрын
The Fortinet can’t manage the unifies. If you create a vlan just for wifi and use bridge SSIDs then you can have the unifies tag to that.
@georgemendoza7177 3 жыл бұрын
Thanks for the quick reply brother! I will do that. Stay safe! 👊🏾🍻
@jpm1211 4 жыл бұрын
Doesn't allowing QUIC defeat deep SSL inspection?
@FortinetGuru 4 жыл бұрын
I don’t believe Fortinet supports it just yet due to it still being in development at some level. Blocking it would be best security practice for production environments.
@rajcho1909 3 жыл бұрын
Thank you very much for the informative session, can you please cover a video a new deployment from the base to internet connectivity, I am trying to deploy a FW with ISP (LTE modem ) and FW ports to act as a switch ports as well, when i restore the template i have built , FW is able to reach to google and DNS works as expected , But when i plug in the laptop to the FW which acts as a switch ports, it does get an IP but doesnt get internet connectivity. If you can make a video tutorial on it would be helpfull Thank you in advance
@6lackhat 3 жыл бұрын
thx4 the video, Que.1. why is 192.168.1.1 currently pingable from the internet like a public ip ?
@FortinetGuru 3 жыл бұрын
LAB setup. I utilize all kinds of space to represent inside and outside traffic.
@marceloarnaez578 4 жыл бұрын
I have subscribed to your channel! excellent your videos!! I have an environment with several PCs with different profiles (web filter, dns, etc). I have the general rule for internet access and each user his, but my question is: what is the position for each policy. The general policy on a specific policy or the specific policy on the general? As for the order, which is correct? View policies by sequence or interface pair view? I would appreciate your advice. Thank you! Sorry for my english
@FortinetGuru 4 жыл бұрын
The more general policies need to be lower. Otherwise, they overlap with the more specific ones and the specifics ones will never get hit.
@nileshdeulkar8622 3 жыл бұрын
How to secure network from external attack on outside interface through Fortigate 1200D Firewall please share configuration link if anyone have..
@macmkelp 3 жыл бұрын
I have 6.2.5 Firmware, it is already stable the 6.4.2 version?
@RealEstateInvesting 4 жыл бұрын
Just subscribed to your channel, good info. My question. I have 2 fortigate 60E and 1- factoryreset 6.4 and another already configured . I'm trying to create New Zones and unfortunately on both boxes I can only add wan2 , dmz . Internal and wan1 is missing . Any suggestions ? Thank You
@FortinetGuru 4 жыл бұрын
Something is referencing those interfaces (probably the default policy)
@christopherpaul5307 4 жыл бұрын
My Fortigate 60E sits in between my ISP router and LAN switch. after watching this video, i tried to set up my Fortigate but still wouldn't get internet traffic to pass through. Would the ISP router be preventing this?
@FortinetGuru 4 жыл бұрын
There are a lot of things that could cause it. Is it a modem or router? Bridge more or NAT mode? How is the FortiGate configured? Exactly like the video? So much can cause things to behave or misbehave.
@skor1873 4 жыл бұрын
This is a great start! i just received my 60F (v6.4.2) and im stuck with port forwarding. I need certain ports forward to my gaming computer (TCP 3074, 27014-27050 and UDP 3074, 3478, 4379-4380, 27000-27031, 27036) would I use virtual IPs for this? I cant seem to be able to add port range anywhere for forwarding these ports. Any guidance you can provide?
@FortinetGuru 4 жыл бұрын
Use VIPs with the port forward check box enabled. Then create a policy that has your outside interface as source, inside interface as destination and destination address is the vip
@nalinthaekanayake4213 3 жыл бұрын
Hi Mike, I am also new to FortiGate. Still I don't understand how FortiGate firewall looks for matching policies? Can you please explain how the following 2 policies work? Its still confusing me. Or if you could do another vedio on how Policy Matching or how FortiGate looks for matching policies, that would be great.(please do add few polices and explain it) ID Name Source Destination Schedule Service Action NAT Port3-->Port1 1 Full_Access Local_Subnet All Always All Accept Enable HR Group 2 Local Subnet All Always All Accept Enable
@FortinetGuru 3 жыл бұрын
It’s going to look at source and destination interfaces. Once it matches there it runs through source and destination addresses and service.
@unifiedbiznesstech2482 3 жыл бұрын
Hi @Fortinet guru I have questions: can you still use a fortigate 60d device on an active network if the firmware/antivirus/fortiguard subscription are already expired?? what is the consequence if those are expired? Are you required to renew them or not?
@FortinetGuru 3 жыл бұрын
You can. You just won’t get webfilter, dns filter, or IPs updates. App control will continue
@unifiedbiznesstech2482 3 жыл бұрын
@@FortinetGuru oke, thats no prob. thanks
@itadmin6117 4 жыл бұрын
Question: How to ensure video conference apps quality and avoid lags and cut-outs during video calls? I am using 600D. Thank you!
@victorwilliams9423 3 жыл бұрын
Do you have the IOS for the F100D? If so where can I get one? I have a old 100D and can't find an ios for it. Fortinet wants me to subcribe for warranty.
@wiziek 3 жыл бұрын
And what did you expect? That you will get updated firmware for free?
@user-jo9cv8mm5s 4 жыл бұрын
It's FortiWiFi....
@MaiklTil 4 жыл бұрын
Какое то говнище. Чем он лучше Mikrotik ?
KBTrainings
Рет қаралды 202 М.
KBTrainings
Рет қаралды 86 М.