Fortigate HA configuration
Рет қаралды 24,346
3 жыл бұрынIn this video we will learn how to add a backup FortiGate to form a high availability (HA) cluster to improve network reliability.
Here is another video related to Networking
Fortigate Firewall Integrate with CISCO Switch • Fortigate Firewall Int...
Fortigate Firewall Traffic shaping configuration • Fortigate Firewall Tra...
Fortigate Firewall VLAN configuration • Fortigate Firewall VLA...
How to configure VPN site to site on Cisco Router • How to configure VPN s...
ASA firewall wan failover • ASA firewall wan failover
How to add Fortigate and Mikrotik firewall for GNS3 • How to add Fortigate a...
How to add cisco switch layer3 and cisco ASA for GNS3 • How to add cisco switc...
How to configure ASA firewall step by step • How to configure ASA f...
Fortigate SD WAN link monitor • fortigate SD WAN link ...
Fortigate firewall SD-WAN setup • Fortigate Firewall SD WAN
Fortigate firewall basic configuration • Fortigate Firewall bas...
How to configure port security on CISCO Switch • How to configure port ...
What is Management VLAN on CISCO Switch • What is Management VLA...
How to configure inter VLAN routing VTP and DHCP Server on Cisco Switch Layer3 • How to configure inter...
How to configure inter VLAN routing and DHCP server on cisco router • How to configure inter...
How to configure WAN failover on cisco router • How to configure WAN f...
How to configure Access List SSH Remote in Cisco Router • How to configure Acces...
Here you can download directly from my file for GNS3 resources needed.
Windows OS image drive.google.com/file/d/10pxv...
CISCO Images : drive.google.com/drive/folder...
GNS3 for Windows : drive.google.com/drive/folder...
Firewall_Router : drive.google.com/drive/folder...
VMware WorkStation 12 : drive.google.com/file/d/1HZ0h...
FortiGate mid-range next-generation firewalls (NGFWs) provide high performance, multi-layered advanced security, and better visibility to protect against cyber-attacks while reducing complexity.
FortiGate firewalls are purpose-built with security processers to enable the industry’s best threat protection and performance for SSL-encrypted traffic.
VLAN: Virtual Local Area Network reduce the broadcast domain and separate the LAN into different subnet.
VLANs can be used to partition a local network into several distinctive segments, for instance:
-Production
-Server Farm
-Voice over IP
-Network management
-Storage area network (SAN)
-Guest Internet access
-Demilitarized zone (DMZ)
A subinterface is a virtual interface created by dividing one physical interface into multiple logical interfaces.
A sub-interface in a Cisco Router uses the parent physical interface for sending and receiving data.
We use Subinterfaces for inter VLAN traffic routing by using a Router-on-a-Stick configuration
DHCP Server: provide IP address to the client for each VLAN.
A DHCP Server is a network server that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices.
It relies on the standard protocol known as Dynamic Host Configuration Protocol or DHCP to respond to broadcast queries by clients.
If you like my video please like, comment, subscribe #TanKirivann and turn on notification for more videos.
@novacrafty77 2 жыл бұрын
Good lesson video I enjoyed and I learn a lot of form the lab
@tankirivann 2 жыл бұрын
thank you bro for your support, see with the next videos.
@hunaisnelliparambban9755 2 жыл бұрын
Super..really helpful..
@tankirivann 2 жыл бұрын
Hi bro thank you for your support🙏
@FunnyVideos-we6qm 3 жыл бұрын
Thank Brother for your Sharing
@tankirivann 3 жыл бұрын
hi bro, you are welcome!
@ismt101 Жыл бұрын
Thanks brother
@tankirivann Жыл бұрын
hi bro, thank you.🙏🙏🙏😊
@pichaiw1481 3 жыл бұрын
A-P : Master firewall will process communication sessions but Standby firewall will working on standby mode only. A-A : Master firewall will process communication sessions and Standby firewall will help to process security profile.
@tankirivann 3 жыл бұрын
Thank you bro for sharing these topic, it is very detail explanation. I really learn from you with the topic.
@vijay85cisco 2 жыл бұрын
hi bro perfect work
@tankirivann 2 жыл бұрын
thank you bro for your support
@brosleapvuth 3 жыл бұрын
🥰
@Toy468 9 ай бұрын
Everything works properly, but I have stuck with going through the internet!
@tankirivann 9 ай бұрын
Hi bro, maybe you are looking for this one How to configure GNS3 access to Internet kzbin.info/www/bejne/jqfLcmZ6g92Elas
@gyanendrakafle9235 2 жыл бұрын
Hi, I just want to ask one question: What happens if the heartbeat connection goes down? Slave FGT will act as Master as it loses the synchronization whether the Master FGT is already up and working. Wont there be conflict in the Network? Please clear my doubt. Also, i could not understand A-P and A-A mode by reading cookbook in the site. Could you please explain in detail .
@tankirivann 2 жыл бұрын
thank you bro for very good question. if the heartbeat down, your network will be down too. we suggest to have 2 link of heartbeat and it is direct link. for HA-A-P the FG slave do nothing beside checking the master alive. for HA-A-A the FG slave help to process some policy profile so both master and slave work together for a better performance. please correct me if i am wrong or miss understanding. thank you
@gyanendrakafle9235 2 жыл бұрын
@@tankirivann Thank you Brother. It cleared my doubt.
@tankirivann 2 жыл бұрын
@@gyanendrakafle9235 thank you bro
@niitian1990 Жыл бұрын
Suppose the core switch is connected to L2 MPLS VPN to access servers at the HQ. what would would be the process?
@tankirivann Жыл бұрын
Hi bro sorry for late reply, actually I never meet this kind of topology before. very interested topic and question, I will test it. thank you for your comment🙏🙏🙏
@chamrethpang7040 3 жыл бұрын
Hi bro, how can we add fortigate device to set up lab as your video above on GNS3.
@tankirivann 3 жыл бұрын
Thank you for watching my video. I already upload the video about adding fortigate you can see my previous video here kzbin.info/www/bejne/bpq2qnanhLVpgpY
@diosgaia 3 жыл бұрын
Hi, I have a question, When I configure HA A-P between firewall I always lost the management for the FW master, I only have access to the Slave Firewall, but I need to access to both Firewalls independently can you help me?
@tankirivann 3 жыл бұрын
hi bro, thank you for your question. if u want to access FW directly u need to set up management IP for the interface that u want to access. actually at the end of my video i also demo about these issue. pls watch till the end thanks😊
@hilmi873 2 жыл бұрын
Hi, can i know what is configured in the isp switch/router? what ip is configured in e0 and e1?
@tankirivann 2 жыл бұрын
Hi bro, thank you for your question. isp switch it is a normal ethernet switch, nothing configure there. the IP we get from cloud in this LAB. thank you and I see u with the next video
@vijay85cisco 2 жыл бұрын
For this lab how much RAM and CPU you have allocated under gnsclient-> edit preferences -->GNS3VMserver ?... Because my lab is getting hang... iam having 16gb ram /i7 processors. i added 3iou switches / two fortigate / 6vpcs and one nat cloud for internet access. Kindly do help me out how much RAM and VPCU should need to allocate.. when i have 16BG RAM on my laptop.
@tankirivann 2 жыл бұрын
thank you bro for your sharing. for GNS3 VM the defualt RAM is 2G but I allocated it 8G for my lab. I hope u the answer and I see u with the next topic
@borey1221 3 жыл бұрын
Hi brother, i have one question, when configure HA A-A and A-P?
@tankirivann 3 жыл бұрын
Thank you for your question. HA a-p cluster provides hot standby failover protection. HA a-a provides load balancing and failover protection. HA a-a load balancing distributes proxy-based security profile processing to all cluster units. here is the document about HA configuration on FortiGate HA A-A or HA A-P docs.fortinet.com/document/fortigate/6.0.0/handbook/313980/active-passive-and-active-active-ha
@roberttagle1351 Жыл бұрын
Hello just to check will Fortigate 60D and Fortiwifi 60D will work on HA with same firmware version?
@tankirivann Жыл бұрын
Hi bro thank you very much for your question. for my understanding, you need to have same model, firmware version OS, license as well. Pls correct me if am wrong.
@roberttagle1351 Жыл бұрын
@@tankirivann thank you
@tankirivann Жыл бұрын
you are very welcome bro
@novacrafty77 2 жыл бұрын
Could you tell me brother why I can't connect fortiagte when I configure static IP on fortigate already?
@tankirivann 2 жыл бұрын
hi bro, sorry for late respond. can u ping FG IP? if u want to access FG by web u need to allow http and if u want to ping IP u need to allow ping as well. pls let me know if u still have any other issue
@novacrafty77 2 жыл бұрын
@@tankirivann Thank for your response, now I can connect already when I tried to install windows VMWare on GNS3.
@tankirivann 2 жыл бұрын
@@novacrafty77 thank you bro for your feedback, i hope u can practice for LAB and if u have any other question pls let me know. i see u with the next video
@nimesis124 2 жыл бұрын
Can you please make a video on site to site fortigate vpn
@tankirivann 2 жыл бұрын
hi bro, thank you for your request. I will update ASAP
@chaybouabaziz2006 3 жыл бұрын
Please! I need a help because I can not see my vlan on the switch core
@tankirivann 3 жыл бұрын
thank you for watching my vdo, to see the vlan u need command: show vlan brief
@chaybouabaziz2006 3 жыл бұрын
I configure two VLANs on the Fortigate VM64-KVM, but I can't see the VLANs on my Cisco EtherSwitch Router C3670
@tankirivann 3 жыл бұрын
@@chaybouabaziz2006 hi bro, u need to create vlan on your core switch as well. pls check my vdo i already do fortigate with cisco switch. pls let me know if u need any other help.
@brosleapvuth 3 жыл бұрын
Hello When u upload new video brother? 😁
@tankirivann 3 жыл бұрын
A bit BC with my work bro, pls wait more topic interesting will upload soon. thank you for your support.
@aksel9392 3 жыл бұрын
hello,in the 20:00 minute you didnt create vlans on the iou2 switch;thats why the clients did not get ip addresses
@tankirivann 3 жыл бұрын
Thank you my friend for paying attention on my video, vlan will create automatically when it doesn't have. cheers
@aksel9392 3 жыл бұрын
@@tankirivann thanks to you dear TAN,your videos are so informatives
@tankirivann 3 жыл бұрын
@@aksel9392 thank bro for your support, you can share your experience too so we can learn from each other. cheers
@aksel9392 3 жыл бұрын
@@tankirivann i am a junior network ingeneer,so the part i dont master is between the core switch and the internet router which you ve explained in your videos.i thank you so much for your effort and if you ve any question about lan networking it will be with pleasure to share it with me.
@tankirivann 3 жыл бұрын
@@aksel9392 ok bro, appreciate with your sharing.
@somsakkeody7062 2 жыл бұрын
please help to update more videos
@tankirivann 2 жыл бұрын
Thank you for your support. I try my best to create new video ASAP, sorry a bit delay
@thebestsong3513 3 жыл бұрын
សួស្ដីបង, សូមជួយពន្យល់ការប្រើប្រាស់vlan trunk and access, thanks.
@tankirivann 3 жыл бұрын
សួស្តីបង វីដេអូខ្ញុំមុនៗមាននិយាយរួចហើយបងអាចចូលទៅមើលបាន
@thebestsong3513 3 жыл бұрын
អគុណបង😍
@thebestsong3513 3 жыл бұрын
Please help share link
@tankirivann 3 жыл бұрын
@@thebestsong3513 បើមានចំងល់អីអាចសួរបន្ថែមបាន kzbin.info/www/bejne/jKusnqx9qsqmd9E kzbin.info/www/bejne/Z6uyiJmgZs-epLc kzbin.info/www/bejne/e2ndpoiYq8Z2mNE
@thebestsong3513 3 жыл бұрын
@@tankirivann thanks so much!
@user-wb7ic1gz1l Жыл бұрын
Can you teach again ? speak khmer.
@tankirivann Жыл бұрын
Thank you very much bro for your request. I will make another video version in Khmer regarding to this topic.
@nhutvo1159 2 жыл бұрын
How to configure 2 Fortigate 100D's in High Availability setup with 2 ISP, 2 stacked Cisco c3750 switches. (core switch) and 2 access switches 2960S.
@tankirivann 2 жыл бұрын
thank you very much for watching my video, I hope this topic help you with your network requirement. refer to my lab here you just add another ISP same network connection link with the switch. if you have any issue pls let me know so we can find out the issue together.
@nhutngoc3947 2 жыл бұрын
@@tankirivann thanks, you configure HA with 2 switch core, 2 fortigate and 2 isp
@tankirivann 2 жыл бұрын
@@nhutngoc3947 thank you for your request, adding to my list and will update the VDO ASAP
@ismt101 Жыл бұрын
Create Vlan for each isp in the isp/wan switch. Assign 3 ports to each vlan. One port for isp termination and other 2 are for primary & secondary firewall
jittu jaiswal
Рет қаралды 22 М.
Braincatchers
Рет қаралды 14 МЛН
KBTrainings
Рет қаралды 5 М.
Enderestories
Рет қаралды 11 МЛН
ЗЛАТА ТОНКЕЛЬ
Рет қаралды 1,8 МЛН