- 39
- 740 456
ToThePoint Fortinet
Приєднався 22 січ 2022
Common FortiSwitch Topologies: Ring and MCLAG
In this video we will cover two common FortiSwitch topologies when managed by FortiGate firewall.
0:00 Topology #1 - Ring Topology
1:55 Topology #2 - MCLAG
4:54 Considerations
6:13 Topology #1 Configuration + testing
11:39 Topology #2 Configuration + testing
0:00 Topology #1 - Ring Topology
1:55 Topology #2 - MCLAG
4:54 Considerations
6:13 Topology #1 Configuration + testing
11:39 Topology #2 Configuration + testing
Переглядів: 11 900
Відео
Fortinet Video Surveillance - FortiCamera, FortiRecorder
Переглядів 2,3 тис.Рік тому
In this video we cover: - 3 different network configurations for FortiCameras: 1) FortiCameras on same network as FortiRecorder(wired) 2) FortiCameras on different network than FortiRecorder(wired) 3) FortiCameras connected to WiFi - FortiRecorder NVR setup - How to view video feeds in FortiCentral 0:00 Overview 0:15 Initial VM Configuration/Licensing 1:28 Third Party Cameras (ONVIF) 1:40 Add r...
2FA with FortiToken 400(FIDO) and FortiAuthenticator SAML IdP
Переглядів 4,8 тис.Рік тому
We will cover 2FA with FortiToken 400 using FortiAuthenticator as a SAML IdP and FortiGate firewalls as SP's. 0:00 Overview 0:37 FortiToken 400 (FIDO) 2:47 FortiAuthenticator SAML Configuration 5:15 Self Service Portal FIDO Key 9:48 Results: FortiToken 400 with SAML authentication 10:28 Another test scenario with FortiClient SSL VPN
FortiGate Firewall Initial Config(QuickStart)
Переглядів 8 тис.Рік тому
Fortinet - FortiGate quickstart guide which covers basic configuration Firmware version 7.0.9 used for this video 0:00 Accessing FortiGate 0:45 Network Configuration 2:56 Firewall Policy 4:02 Registration
FortiAuthenticator as a SAML IdP
Переглядів 7 тис.Рік тому
This video covers an introduction to SAML and how to configure a FortiAuthenticator as an IdP and FortiGate as SP's SP entity ID field for FortiGate admin GUI: x.x.x.x/metadata/ SP Login URL for FortiGate admin GUI x.x.x.x/saml/?acs SP Logout URL for FortiGate admin GUI x.x.x.x/saml/?sls 0:00 - SAML Overview 2:52 - FortiGates as SP, and SAML Flow 5:16 - Topology 5:53 - FortiAuthenticator iDP Co...
Auto VLAN and QoS for VOIP Phones (FortiSwitch managed by FortiGate)
Переглядів 9 тис.Рік тому
In this video we cover VLAN assignment and QoS using LLDP-MED enabled phones and FortiSwitch github link: github.com/ttpfortinet/Configurations/blob/0fd47326fc7d957f5fd58438ff7a3803081248a2/FortiSwitch auto VLAN and QoS for VOIP Phones.txt Firmware used in this video: - FortiGate 7.0.6 - FortiSwitch 7.0.5 - FortiFone 3.0 build 234 0:00 Overview 2:38 Interface DHCP Option 66 Configuration 3:23 F...
FortiGate/FortiSwitch 802.1x port authentication (and MAB) with Windows RADIUS
Переглядів 13 тис.Рік тому
We cover two 802.1x scenarios with Windows Server NPS: 1) 802.1x authentication with user/password authentication 2) 802.1x Mac Authentication Bypass (MAB) 0:00 Overview 1:27 FortiGate RADIUS Client Configuration Testing 2:07 FortiSwitch to RADIUS Server firewall policy 3:28 RADIUS Policy Configuration Testing 4:33 802.1X Policy Configuration 6:03 Switchport Diagnostics 6:47 Win7 client/supplic...
NAC Control with FortiGate + FortiSwitch
Переглядів 9 тис.Рік тому
Basic NAC (Network Access Control) with FortiGate FortiSwitch. 0:00 Example1: NAC based on MAC Address 3:35 Example2: NAC based on Operating System
Manage FortiSwitch with FortiGate, FortiOS 7.0
Переглядів 29 тис.2 роки тому
We will cover how to manage a FortiSwitch via the FortiGate - currently (as of 7.0 firmware) Some commands used in the video: exec switch-controller get-conn-status exec switch-controller get-sync-status all diagnose switch-controller switch-info ? diagnose switch-controller switch-info port-stats diagnose switch-controller switch-info mac-table exec switch-controller get-physical-conn dot diag...
Fortinet Automation: High CPU + Quarantine Example
Переглядів 2,9 тис.2 роки тому
How to use automation stitches and if/then (or Trigger/Action) logic to automate responses/alerts. Two example use cases are: 1) High CPU Email Alert 2) MAC quarantine based on Virus detection MAC Quarantine CLI Action config user quarantine config targets edit "mac_quarantine" config macs edit %%log.epmac%% end end end 0:00 Overview of FortiGate Automation 2:10 Example1: FortiGate High CPU 4:0...
FortiGate: Reset Administrator Password
Переглядів 29 тис.2 роки тому
How to Reset the FortiGate Administrator password if it has been lost/forgotten. Console access is required, I'm using the following two cables to obtain this access: 1) USB to Serial Adapter 2) R232 to Ethernet cable
FortiGate: 5 Tips That You (Probably!) Didn't Know
Переглядів 11 тис.2 роки тому
0:04: #1 Multiple Interface Policies 0:41: #2 Policy Lookup 1:33: #3 GUI to CLI Commands 2:30: #4 References/Dependencies 3:33: #5 Searching via the CLI
EVE-NG and FortiGate Installation
Переглядів 12 тис.2 роки тому
We cover BOTH eve-ng and FortiGate installation so you can create a quick lab environment for testing/troubleshooting FortiGate's 0:00 Overview 0:10 Evaluation FortiGate VM's 1:04 Download Install EVE-NG 3:40 Download Install FortiGate
Windows Login with 2FA - FortiAuthenticator
Переглядів 11 тис.2 роки тому
In this video, we go over how to configure FortiAuthenticator Windows Agent with FortiAuthenticator to enable 2FA on a Windows login prompt 0:00 FAC Agent Install/Initial Config/Testing 3:14 Simulation/Testing 5:45 Exempt users/Testing 7:42 Change Title Image 8:52 Default Domain 9:05 Login Prompt Testing 9:57 Disable Built-In Password Providers
FortiGate: Configure IPSec with FortiClient using Certificate authentication/local CA
Переглядів 9 тис.2 роки тому
Configure IPSec with FortiClient using Certificate authentication/local CA 0:00 Overview 1:08 2 Implementation Comparisons 1:28 Implementation #1 - Certificate creation 3:12 Implementation #1 - FortiGate Configuration 7:32 Implementation #1 - FortiClient Configuration/Testing 9:17 Implementation #1 - Explanation of Certificate Placement/Testing 11:31 Implementation #2 - Certificate creation 12:...
FortiAnalyzer Initial Configuration/Usage
Переглядів 11 тис.2 роки тому
FortiAnalyzer Initial Configuration/Usage
FortiGate: Factory Reset (CLI and Pinhole Method)
Переглядів 158 тис.2 роки тому
FortiGate: Factory Reset (CLI and Pinhole Method)
FortiGate Troubleshooting - Debug Flow with Examples
Переглядів 10 тис.2 роки тому
FortiGate Troubleshooting - Debug Flow with Examples
Fortinet: FSSO with TSAgent, FortiGate, FortiAuthenticator
Переглядів 3,2 тис.2 роки тому
Fortinet: FSSO with TSAgent, FortiGate, FortiAuthenticator
Fortinet: FSSO with DCAgent, FortiGate, FortiAuthenticator
Переглядів 11 тис.2 роки тому
Fortinet: FSSO with DCAgent, FortiGate, FortiAuthenticator
Fortinet: Upgrading and Downgrading FortiGate Firmware
Переглядів 12 тис.2 роки тому
Fortinet: Upgrading and Downgrading FortiGate Firmware
Fortinet: Configuring HA on FortiGate firewalls
Переглядів 31 тис.2 роки тому
Fortinet: Configuring HA on FortiGate firewalls
Fortinet: Packet Capture on FortiGate firewall - 8 Examples
Переглядів 7 тис.2 роки тому
Fortinet: Packet Capture on FortiGate firewall - 8 Examples
Remote Worker FortiAP (Wireless Controller)
Переглядів 4,3 тис.2 роки тому
Remote Worker FortiAP (Wireless Controller)
Manage FortiAP with FortiGate (Wireless Controller)
Переглядів 31 тис.2 роки тому
Manage FortiAP with FortiGate (Wireless Controller)
FortiGate: Inbound Deep Inspection/TLS Offloading
Переглядів 8 тис.2 роки тому
FortiGate: Inbound Deep Inspection/TLS Offloading
Deep Inspection on FortiGate firewall with 5 Examples
Переглядів 21 тис.2 роки тому
Deep Inspection on FortiGate firewall with 5 Examples
Fortinet: Hairpin NAT (or NAT loopback) with FortiGate
Переглядів 13 тис.2 роки тому
Fortinet: Hairpin NAT (or NAT loopback) with FortiGate
Fortinet: Port Forwarding(Virtual IP) with FortiGate firewall
Переглядів 28 тис.2 роки тому
Fortinet: Port Forwarding(Virtual IP) with FortiGate firewall
newbie to fortigate, this video resolved my site-to-site vpn issue
Good job
AP1's client can see AP2's client, could you please help?
Can this be pushed via GPO, so that hands on each device is not required?
can you create the video for the configuration between FortiEMS and FAC?
Hi @#ToThePoint Fortinet I noticed my onboarding VLAN has captive portal enabled by default for the VLAN, would that be necessary?
Whether it's necessary would probably depend on the security that the customer expects, and the access that the firewall policy is providing.
What happens in a scenario where you have multiple internet gateways in a sdwan
regarding which IP should you use for ftm-push server? I suppose you'd pick one IP from an interface that you're using in SDWAN, or you could try hostname (where you'd change hostname if one SDWAN link goes down, maybe a DNS based failover service could make it more automated)
love this
Tried on 60F, but after 1 minute status LED becomes solid. It doesn't blink, and pressing/holding the reset button doesn't do anything.
does fortinet log if files are deleted on network shares from a vpn session ?
Instructions method 2 not clear
plz how you get the ip public address in the port wan
thanks for sharing.
just great. thanks for sharing.
Tried this so many times and changed options, my tunnel always shows inactive
THANK YOU THANK YOU THANK YOU. I had everything correct - except setting the VIP as the destination. I had the VLAN set as the destination. Thank you!
Straight forward and time saving :) thumbs up!!
Hi is it possible to revert downgrade the HA Cluster on the method2?
Interesting video, well done ! Thanks
Gracias me fue muy util, tu informacion
thanks for sharing
Mine does not let me type my serial number 😢
Reset button doesnt work?
Good stuff.
Do we have to have a windows server to do do MFA with a Fortinet VPN?
mine turns down after 4 seconds
Hello, how do you backup and restore on different Fortigate types, for example from Fortigate 60D to Fortigate 61f.
can i use different /30 subnets in port1 and port3 of active & passive firewall? and if i configure eBGP neighbor using port1 and port3, then what attribute will differentiate routes published from active & passive firewalls?
Any benefit of using IPsec vs just SSL VPN?
Many Tanks, you save my ass :)
Very useful. Thanks mate!
Very well explained. Thank you!
Great job! it worked smoothly, could you do one for the SMS gateway (hopefully Free service LOL)
thank you, this video was super helpful
Great video, all the info a person would need and none you don't. Thanks so much! :)
this has been so very helpful
Nice video, thanks.!
Hello! Can we backup from old and to new box with different model of fortigate
No, you need FortiConverter for that
thanks for sharing this VD
Great Video !!! I just want add - "diag vpn ike log-filter name *TUNNELNAME*" will help you to filter the logs of specific tunnel.
This extremely helpful speedy video of the day
HI priority of both firewalls is showing 128 default. So how these firewalls become primary and secondary???
thanks you for sharing this VD
thankss for your explication!!
After HA gets sycnrhonized, will FG2 change it's primary/external IP address or keep the separate one that it started with?
The reason i ask is realted to IPSEC Tunnels
Yes fg2 will change its external ip to be the same one as fg1. Although fg2 won't actually 'claim' the fg1 ip from a networking perspective until fg1 goes down
Should FG2 start out with zero polices/networks/vlan/other-configuration, other than a public IP address?
Yes no config needed on fg2, just need to be able to access it so even pub ip not actually needed
How about machine certificate? So you want just a certificate for machines to restrict which machines are used to connect to SSL VPN or maybe this is done with another feature / product
You should be able to use a similar process to make machine cerrt work too. Ie. I see no reason why machine cert won't work
Can I create a LAG across multiple FortiSwitch aka MC-LAG for redundancy? For example, I want to connect my server to multiple FortiSwitch with LACP LAG for redundancy. If yes, how can I achieve that on the FortiSwitch side?
Check out this video which shows how to configure MCLAG: ua-cam.com/video/OpfhQxkQyog/v-deo.html After MCLAG is configured, then I assume your server can bond links with LACP? In which case, you go to WiFi & Switch Controller > FortiSwitch Ports > Trunk and Create New Trunk Group, select ports on both FortiSwitch MCLAG members
Hey, if I have a third-party downstream switch (such as Juniper) that I want to connect to upstream FortiSwitch. How can I tag all the VLANs on the FortiSwitch port that is connected to a third-party switch?
On the FortiSwitch port connected to Juniper port, you would conifgure "Allowed VLAN's" and specify the VLAN's that you want communicated to the Juniper side. The allowed VLAN list for each port specifies the VLAN tag values for which the port can transmit or receive frames. See more: docs.fortinet.com/document/fortiswitch/6.4.6/administration-guide/146333/vlans-and-vlan-tagging#Allowed
Наглядно и понятно даже без перевода. Спасибо.