1-Configure fortigate to Internet
2-Configure lan to internet in fortigate
3-Configure VLAN with Cisco switch
Configure HQ Fortigate Firewall
§ Configure
to Internet
§ Configure
VLAN
§ Configure
OSPF
§ Configure
Policy & Object
Configure Site_A Fortigate Firewall
§ Configure
to Internet
§ Configure
VLAN
§ Configure
OSPF
§ Configure
Policy & Object
Configure Site_B Fortigate Firewall
§ Configure
to Internet
§ Configure
VLAN
§ Configure
OSPF
§ Configure
Policy & Object
Configure HQ Fortigate Firewall
Configure to Internet
Set name:
config
system global
set hostname HQ
Set IP
config system interface
edit port1
set mode static
set ip 192.168.37.10/24
set allowaccess ping https http ssh
telnet
set role wan
set alias WAN
end
Configure VLAN
We
set port2 for manage VLAN
Network ðInterface ðport2 ðEdit
ðOk
Network ðInterface
ðCreate New ðInterface ð
ðOk
Network ðInterface ðCreate New ðInterface ð
Ok
Create ZONE for vlan easy configure Routing
Network ðInterface ðCreate New ðZone ð
Configure OSPF
We
have 3LAN
LAN
ISP: 192.168.37.0/24
LAN
Local: 192.168.10.0/24
LAN
Local: 192.168.20.0/24
Network
Do the same all network and then done
Ok
Apply
Configure Policy & Object
Policy
& Objects ðFirewall
Policy ðCreate
New
Allow Vlan 10-20 to internet
Ok
Allow Site A and B
access to HQ
Ok
Configure Ciscos Switch
Change
Host name
Switch>enable
Switch#
Switch(config)#hostname Switch_HQ
Create
interface trunk Port
Switch>enable
Switch#configure terminal
Switch(config)#interface ethernet 0/0
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#no shutdown
Switch#Show interface trunk
Switch#Show interface status
Create
interface access vlan-10
Switch#configure terminal
Switch(config)#interface ethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#no shutdown
Switch#Show vlan brief
Create
interface access vlan-20
Switch#configure terminal
Switch(config)#interface ethernet 0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch#Show vlan brief
Configure Site_A Fortigate Firewall
§ Configure
to Internet
§ Configure
VLAN
§ Configure
OSPF
§ Configure
Policy & Object
Configure to Internet
Set name:
config
system global
set hostname Site_A
end
Set IP
config system interface
edit port1
set mode static
set ip 192.168.37.11/24
set allowaccess ping https http ssh
telnet
set role wan
set alias WAN
end
Configure VLAN
We
used port2 as management ports for all Vlan
Network ðInterface ðport2 ðEdit
We create vlan_30 on Management port2
Network ðInterface ðCreate New ðInterface
Ok
We do the same vlan_30, You just change ip address to
vlan_40 is ok
Create Zone for vlan
easy to routing
Network ðInterface ðCreate New ðZone ð
Ok
Configure OSPF
Network ðOSPF
ðRouter ID (IP’s ISP) ðCreate New (Area)
Networks
Interface
Apply
Configure Policy & Object
Configure Vlan30-40 to internet
Policy & Objects ðFirewall Policy ðCreate New ð
Ok
Configure Policy & Object
Configure Allow SiteA and SiteB
access HQ
Policy & Objects ðFirewall Policy ðCreate New ð
Configure Ciscos Switch
Change
Host name
Switch>enable
Switch#
Switch(config)#hostname Switch_Site_A
Create
interface trunk Port
Switch>enable
Switch#configure terminal
Switch(config)#interface ethernet 0/0
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#no shutdown
Switch#Show interface trunk
Switch#Show interface status
Create
interface access vlan-30
Switch#configure terminal
Switch(config)#interface ethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config-if)#no shutdown
Switch#Show vlan brief
Create
interface access vlan-40
Switch#configure terminal
Switch(config)#interface ethernet 0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 40
Switch(config-if)#no shutdown
Switch#Show vlan brief
Configure Site_B Fortigate Firewall
§ Configure
to Internet
§ Configure
VLAN
§ Configure
OSPF
§ Configure
Policy & Object
Site_B do the same Site_A