Tag LAB

Free FortiGate Install and Configuration | Create Fortigate LAB for Training

by SinaOnline Network Training, Virtualization Training

1. Downloading Free FortiGate VM

Fortinet offers a free version of FortiGate VM for various hypervisors including VMware, Hyper-V, KVM, and more. Follow these steps to download it:

  1. Visit the Fortinet Support Portal:
    • Go to Fortinet Support.
    • Log in or create a new account if you don’t have one.
  2. Download the FortiGate VM:
    • Navigate to the “Download” section.
    • Select “VM Images” and choose the appropriate hypervisor (e.g., VMware ESXi, Microsoft Hyper-V, etc.).
    • Download the FortiGate VM package.

2. Deploying FortiGate VM on Your Hypervisor

The deployment process may vary slightly depending on your hypervisor. Below are steps for VMware ESXi:

  1. Deploy OVF Template:
    • Open your VMware vSphere Client.
    • Right-click on your desired host or cluster and select “Deploy OVF Template.”
    • Follow the wizard, selecting the downloaded FortiGate VM OVF file.
    • Configure the VM settings (name, datastore, network mapping, etc.).
    • Finish the deployment process.
  2. Power On the VM:
    • Once the deployment is complete, power on the FortiGate VM.

3. Initial Configuration

  1. Access the FortiGate Console:
    • Use the vSphere Client to open the console of the FortiGate VM.
    • The initial login credentials are usually admin for the username and a blank password.
  2. Set the Password:
    • You will be prompted to set a new password for the admin user.
  3. Configure the Management Interface:
    • Assign an IP address to the management interface.
    • Example commands:

config system interface
edit port1
set ip 192.168.1.99/24
set allowaccess http https ping ssh
next
end

  1. Access the Web Interface:
    • Open a web browser and navigate to https://<management-ip>.
    • Log in with the admin credentials.

4. Basic Setup via Web Interface

  1. System Settings:
    • Navigate to System > Settings.
    • Set the hostname, time zone, and DNS servers.
  2. Network Configuration:
    • Configure additional interfaces if needed under Network > Interfaces.
    • Create VLANs, set up DHCP, etc.
  3. Security Policies:
    • Define security policies to control traffic flow under Policy & Objects > IPv4 Policy.
    • Set source and destination interfaces, addresses, and services.
  4. Enable Features:
    • Enable and configure additional features like IPS, Antivirus, Web Filtering, etc., under Security Profiles.

5. Connecting to the Internet

  1. WAN Interface Configuration:
    • Configure the WAN interface with the appropriate settings (static IP, DHCP, PPPoE, etc.).
  2. Routing:
    • Set up a default route under Network > Static Routes pointing to the WAN gateway.
  3. NAT Configuration:
    • Configure NAT settings under Policy & Objects > NAT.

6. Licensing

  • The free version of FortiGate VM comes with limited features. For full functionality, you may need to purchase a license and activate it under System > FortiGuard.

Free Open Source Router and Firewall | How to Install VyOS and Configure OSPF: Step-by-Step Guide

by SinaOnline Network Training, Virtualization Training

VyOS Installation and Configuration Guide

Introduction

VyOS is an open-source network operating system based on Debian GNU/Linux that provides software-based network routing, firewall, and VPN functionality. This guide covers the installation and configuration of VyOS, including setting up OSPF.

Installation of VyOS

1. Download VyOS ISO:

   – Go to the VyOS download page and download the ISO image of the latest stable version.

2. Create a Bootable USB Drive:

   – For Windows: Use Rufus to create a bootable USB drive.

   – For Linux/macOS: Use the `dd` command.

3. Boot from the USB Drive:

   – Insert the USB drive into your server or PC and boot from it. You may need to change the boot order in the BIOS/UEFI settings.

4. Install VyOS:

   – Once booted, you will be presented with the VyOS live environment. Log in with the default credentials:

     Username: vyos
     Password: vyos

   – To start the installation, enter:

     install image

   – Follow the prompts to select the installation disk, partitioning scheme, and other options. You will also set a password for the `vyos` user and create a GRUB bootloader.

5. Reboot:

   – After the installation completes, reboot the system and remove the USB drive. The system will boot into the installed VyOS.

Basic Configuration of VyOS

1. Log In:

   – Log in with the user `vyos` and the password you set during installation.

2. Enter Configuration Mode:

   configure

3. Set Hostname:

   set system host-name my-router
   commit
   save

4. Configure Network Interfaces:

   – Identify the network interfaces using the `show interfaces` command.

   – Configure an interface (e.g., `eth0`) with a static IP address:

     set interfaces ethernet eth0 address ‘192.168.1.1/24’
     commit
     save

5. Configure Default Gateway:

   set protocols static route 0.0.0.0/0 next-hop 192.168.1.254
   commit
   save

6. Set DNS Servers:

   set system name-server 8.8.8.8
   set system name-server 8.8.4.4
   commit
   save

7. Enable SSH:

   set service ssh port 22
   commit
   save

Configuring OSPF

Enable OSPF

To configure OSPF (Open Shortest Path First) on VyOS:

1. Enter Configuration Mode:

   configure

2. Enable OSPF:

   set protocols ospf parameters router-id 1.1.1.1

   Replace `1.1.1.1` with a unique router ID for the OSPF instance.

Configure OSPF on Interfaces

Specify which interfaces will participate in OSPF and their respective areas:

   set protocols ospf area 0 network 192.168.1.0/24
   set protocols ospf area 0 network 192.168.2.0/24

   Replace `192.168.1.0/24` and `192.168.2.0/24` with the actual network addresses of your interfaces.

Adjust OSPF Interface Parameters (Optional)

You can adjust OSPF interface parameters like cost, hello interval, and dead interval:

   set interfaces ethernet eth0 ip ospf cost 10
   set interfaces ethernet eth0 ip ospf hello-interval 10
   set interfaces ethernet eth0 ip ospf dead-interval 40

   Replace `eth0` with your actual interface name.

Commit and Save the Configuration

   commit
   save

Example Configuration for OSPF

Here is an example configuration where two interfaces (`eth0` and `eth1`) participate in OSPF with different network segments.

Configuration for Router 1:

configure
set interfaces ethernet eth0 address ‘192.168.1.1/24’
set interfaces ethernet eth1 address ‘10.1.1.1/24’

set protocols ospf parameters router-id 1.1.1.1
set protocols ospf area 0 network 192.168.1.0/24
set protocols ospf area 0 network 10.1.1.0/24

commit
save

Configuration for Router 2:

configure
set interfaces ethernet eth0 address ‘192.168.1.2/24’
set interfaces ethernet eth1 address ‘10.1.2.1/24’

set protocols ospf parameters router-id 2.2.2.2
set protocols ospf area 0 network 192.168.1.0/24
set protocols ospf area 0 network 10.1.2.0/24

commit
save

Verifying OSPF Configuration

1. Check OSPF Neighbors:

   show ip ospf neighbor

2. Check OSPF Routes:

   show ip route ospf

3. Check OSPF Interface Status:

   show ip ospf interface

Additional OSPF Configurations

Configuring OSPF Authentication

To enhance security, you can configure OSPF authentication on the interfaces:

1. Set Authentication Type and Key:

   set interfaces ethernet eth0 ip ospf authentication message-digest
   set interfaces ethernet eth0 ip ospf message-digest-key 1 md5 ‘yourpassword’

   Replace `yourpassword` with a secure password.

2. Configure OSPF Area Authentication:

   set protocols ospf area 0 authentication message-digest

Configuring OSPF Redistribution

To redistribute routes from other protocols (e.g., BGP) into OSPF:

1. Set Redistribution:

   set protocols ospf redistribute bgp
   commit
   save

Troubleshooting OSPF

1. Check OSPF Process:

   show ip ospf

2. Check OSPF Logs:

   show log

3. Debug OSPF:

   monitor protocol ospf