11 How to configure Ha 1wan with cisco switch

bypouit.me -

 



1-Configure fortigate to Internet

2-Configure lan to internet in fortigate

3-Configure VLAN with Cisco switch

4-Configure ISP on MikroTik

Login  to MikroTik Ether1 connect to Cloud and Ether2 make as ISP to provide IP to Fortigate

Chane Name MikroTik to ISP go to System select Identity is show new dialog box please fill name ISP click Ok

Set interface ether2 as ether2-isp

To set enter Interface select ether2 double click on it and set name on it ether-isp


Set ip address to ether2-isp to provide to Fortigate

To set enter IP chose Addresses click Sing Plus +

Address: Set ip address you want set

Interface: select ether2-isp 

and click Ok

2-Add NAT to IP address for ISP

               Enter IP chose Firewall select NAT select sign + to add NAT int tap General Chain: select srcnat and Action tap select masquerade click OK


       1-Set port10 as Management Ports, To set ip address we  using terminal 

Set IP

config system interface

            edit port10

                        set mode static

                        set ip 192.168.37.10/24

                        set allowaccess ping https http ssh telnet

      2-Log to Fotigate FT-MS via Web browser 


Set port1 to internet or ISP, To set enter Network select Interfaces select port1 click dialog box Edit

Add gateway to Fortigate access to Internet

Enter Network chose Static Routes and click Create New dialog box 


Now we test ping to internet, Fortgate can access to internet is ok, we use command execute ping google.com

      3-Create Vlan 10 and 20

We use port2 as Manage vlan, To set enter Network chose  Interfaces select port2 click dialog box Edit


Ø  Create Vlan 10, Enter Network select Interfaces click Create New select Interface


Click Ok


Ø  Create Vlan 20, Enter Network select Interfaces click Create New select Interface


      4- Create Zone to Manage Vlan10,20

To set enter Network chose Interface click Create New select Zone 


Result


     5-Allow vlan 10 and 20 to internet

To set vlan10 and 20 internet, first we enter Policy & Objects select Firewall Policy click Create New



      6- Configure HA on Fortgate Master (FT-MS)

We use port3 and port4 as HA monitoring, To configure enter System select HA Mode select Active-Active


      7-Set ip address on Fortigate Slave (FT-SL)

Set port10 as Management Ports, To set ip address we  using terminal 

config system interface

            edit port10

                        set mode static

                        set ip 192.168.37.11/24

                        set allowaccess ping https http ssh telnet

 Log to Fotigate FT-MS via Web browser 


      8- Configure HA on fortigate Slave (FT-SL)

On fortgate Slave we just only configure HA everything it synchronize for HA master (FT-MS)

To configure enter System select HA Mode select Active-Active


After please wait until finished synchronize from HA Master to HA Slave


HA slave it lost connection because it synchronize data from HA Master and IP address management HA slave auto switch to IP Address management HA Master, it mean that IP management HA Master and HA Slave the same.

Now Foritgate was synchronize done


     9-Configure Cisco Core_Switch

Ø  Configure portg0/0 as Trunk port

  Core_Switch>enable

        Core_Switch#configure terminal

        Core_Switch(config)#interface g0/0

        Core_Switch(config-if)#switchport trunk encapsulation dot1q

        Core_Switch(config-if)#switchport mode trunk

        Core_Switch(config-if)#no shutdown

        Core_Switch#show ip interface brief

        Core_Switch#show interfaces trunk

Ø  Configure portg0/1 as Trunk port

  Core_Switch>enable

        Core_Switch#configure terminal

        Core_Switch(config)#interface g0/1

        Core_Switch(config-if)#switchport trunk encapsulation dot1q

        Core_Switch(config-if)#switchport mode trunk

        Core_Switch(config-if)#no shutdown

        Core_Switch#show ip interface brief

        Core_Switch#show interfaces trunk

Ø  Create VlAN-10 and 20

        Core_Switch#show vlan

        Core_Switch#configure terminal

        Core_Switch(config)#vlan 10

        Core_Switch(config-vlan)#name VLAN-10

        Core_Switch(config-vlan)#vlan 20

        Core_Switch(config-vlan)#name VLAN-20

        Core_Switch(config-vlan)#end


Ø  Switch Port g1/0 to VLAN10

  Core_Switch(config)#interface gi1/0

        Core_Switch(config-if)#switchport mode access

        Core_Switch(config-if)#switchport access vlan 10

        Core_Switch(config-if)#exit

Ø  Switch Port g1/1 to VLAN20

  Core_Switch(config)#interface gi1/0

        Core_Switch(config-if)#switchport mode access

        Core_Switch(config-if)#switchport access vlan 10

        Core_Switch(config-if)#exit

  Core_Switch#wr


     10-Configure client

Client vlan-10


Client vlan-20


      11-Shutdown HA


Client it still working

 


        Video guidelines










Tags

Post a Comment

Previous Post Next Post

Contact Form