Tag training

Free FortiGate Install and Configuration | Create Fortigate LAB for Training

by SinaOnline Network Training, Virtualization Training

1. Downloading Free FortiGate VM

Fortinet offers a free version of FortiGate VM for various hypervisors including VMware, Hyper-V, KVM, and more. Follow these steps to download it:

  1. Visit the Fortinet Support Portal:
    • Go to Fortinet Support.
    • Log in or create a new account if you don’t have one.
  2. Download the FortiGate VM:
    • Navigate to the “Download” section.
    • Select “VM Images” and choose the appropriate hypervisor (e.g., VMware ESXi, Microsoft Hyper-V, etc.).
    • Download the FortiGate VM package.

2. Deploying FortiGate VM on Your Hypervisor

The deployment process may vary slightly depending on your hypervisor. Below are steps for VMware ESXi:

  1. Deploy OVF Template:
    • Open your VMware vSphere Client.
    • Right-click on your desired host or cluster and select “Deploy OVF Template.”
    • Follow the wizard, selecting the downloaded FortiGate VM OVF file.
    • Configure the VM settings (name, datastore, network mapping, etc.).
    • Finish the deployment process.
  2. Power On the VM:
    • Once the deployment is complete, power on the FortiGate VM.

3. Initial Configuration

  1. Access the FortiGate Console:
    • Use the vSphere Client to open the console of the FortiGate VM.
    • The initial login credentials are usually admin for the username and a blank password.
  2. Set the Password:
    • You will be prompted to set a new password for the admin user.
  3. Configure the Management Interface:
    • Assign an IP address to the management interface.
    • Example commands:

config system interface
edit port1
set ip 192.168.1.99/24
set allowaccess http https ping ssh
next
end

  1. Access the Web Interface:
    • Open a web browser and navigate to https://<management-ip>.
    • Log in with the admin credentials.

4. Basic Setup via Web Interface

  1. System Settings:
    • Navigate to System > Settings.
    • Set the hostname, time zone, and DNS servers.
  2. Network Configuration:
    • Configure additional interfaces if needed under Network > Interfaces.
    • Create VLANs, set up DHCP, etc.
  3. Security Policies:
    • Define security policies to control traffic flow under Policy & Objects > IPv4 Policy.
    • Set source and destination interfaces, addresses, and services.
  4. Enable Features:
    • Enable and configure additional features like IPS, Antivirus, Web Filtering, etc., under Security Profiles.

5. Connecting to the Internet

  1. WAN Interface Configuration:
    • Configure the WAN interface with the appropriate settings (static IP, DHCP, PPPoE, etc.).
  2. Routing:
    • Set up a default route under Network > Static Routes pointing to the WAN gateway.
  3. NAT Configuration:
    • Configure NAT settings under Policy & Objects > NAT.

6. Licensing

  • The free version of FortiGate VM comes with limited features. For full functionality, you may need to purchase a license and activate it under System > FortiGuard.

Tagged Untagged Switch Configuration

by SinaOnline Network Training

Hello everyone , in this video I will describe and configure vlan on hp switch and assign vlans to ports as access and trunk. In HP (Hewlett-Packard) networking switches, “tagged” and “untagged” are terms commonly used to describe how VLANs (Virtual LANs) are handled on switch ports. Tagged ports are used to carry traffic for multiple VLANs simultaneously. These ports are typically used to interconnect switches or to connect devices that need to communicate with multiple VLANs. Tagged ports are also known as “trunk” ports in Cisco networking terminology. Untagged ports are used to connect end-user devices, such as computers, printers, or IP phones, to the network. Each untagged port is associated with a specific VLAN. Untagged ports are also known as “access” ports in cisco networking terminology.

Tagged Ports (Trunk Ports): Tagged ports are used to interconnect switches, routers, or other networking devices and carry traffic for multiple VLANs. They are configured with additional information called VLAN tags, which helps identify which VLAN each Ethernet frame belongs to. Here are the key details:

  • Port Configuration: To configure a port as tagged (trunk), you typically need to access the switch’s command-line interface or web-based management interface.

In Cisco devices, you might use commands like:

interface GigabitEthernet0/1

switchport mode trunk

switchport trunk allowed vlan 10,20,30

switchport trunk native vlan 10

In HP/Aruba switches, you might use commands like:

vlan 10

tagged 1-48

  • VLAN Membership: You specify which VLANs can traverse the tagged port using the “switchport trunk allowed vlan” (Cisco) or “tagged” (HP/Aruba) command. In the example above, VLANs 10, 20, and 30 are allowed to traverse the trunk port.
  • Native VLAN: The native VLAN is used for untagged frames on a tagged port. In the Cisco example, VLAN 10 is the native VLAN. Any untagged traffic entering the port is treated as part of this VLAN.

Untagged Ports (Access Ports): Untagged ports are used to connect end-user devices, such as computers, phones, or printers, to the network. They are associated with a single VLAN, and traffic on these ports is not tagged with VLAN information. Here are the key details:

  • Port Configuration: To configure a port as untagged (access), you typically follow a similar process as configuring tagged ports through the switch’s management interface or CLI.

In Cisco devices, you might use commands like:

interface FastEthernet0/1

switchport mode access

switchport access vlan 10

In HP/Aruba switches, you might use commands like:

vlan 10

untagged 1-48

  • VLAN Assignment: You specify which VLAN the port is associated with using the “switchport access vlan” (Cisco) or “untagged” (HP/Aruba) command. In the examples above, the port is assigned to VLAN 10.

Use Cases:

  • Tagged Ports: Tagged ports are used for scenarios where you need to carry traffic for multiple VLANs between network devices. Common use cases include connecting switches together, connecting to routers that perform inter-VLAN routing, and connecting to virtualization hosts where multiple virtual networks exist.
  • Untagged Ports: Untagged ports are used to connect end devices to the network. For example, a computer in a specific department would connect to an untagged port in that department’s VLAN, ensuring that all its traffic is part of that VLAN.

In summary, configuring tagged and untagged ports correctly is crucial for effective VLAN management. Tagged ports allow traffic from multiple VLANs to traverse a single physical link, while untagged ports connect end devices to a specific VLAN. This segmentation helps in maintaining network security, optimizing traffic flow, and organizing network resources.