[Sdwan-sec] I have figured out how to configure SD-WAN, Link Aggregation, Virtual IPs and IP Pools on Fortigate 200F and 201F Firewalls
Turritopsis Dohrnii Teo En Ming <tdtemccnp@gmail.com> Thu, 30 March 2023 15:32 UTC
Return-Path: <tdtemccnp@gmail.com>
X-Original-To: sdwan-sec@ietfa.amsl.com
Delivered-To: sdwan-sec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24541C14CE2F for <sdwan-sec@ietfa.amsl.com>; Thu, 30 Mar 2023 08:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.095
X-Spam-Level:
X-Spam-Status: No, score=-1.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYXzmH0WQx0W for <sdwan-sec@ietfa.amsl.com>; Thu, 30 Mar 2023 08:32:44 -0700 (PDT)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72F1FC15155F for <Sdwan-sec@ietf.org>; Thu, 30 Mar 2023 08:32:41 -0700 (PDT)
Received: by mail-yb1-xb2a.google.com with SMTP id p203so23931827ybb.13 for <Sdwan-sec@ietf.org>; Thu, 30 Mar 2023 08:32:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680190360; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=kPqpbzq4654zCCi1nFScy0R9QnAqEY0RrT5dZOWrxkI=; b=Eah8rLBE8dvDPyMHkmY2SSPrrDJGh31QH2/jR/58qS+b1yPXfnw0CJUqiaRsFlKLjm 0ypxnMPrjckweEZFlNrLRT6RuCdu/6awzRRL/qCNJVEypPhKXP+vC9k8S8X0DO1KiWXl UDNeJ8iNhetbdfAqb5pamN2IS/4jGXfh0Qbh+tg7gbaUGL1rzzNlhy+8uRj1UxZaJ7eo Qp5ldF48IaMpXgSLesSerUubY1uGqZAO1/OfeNaJC4RXBPhC4MPPkBD5EWc3Vn10LsS9 n8DftixqvvI+4yTI1cO3f7hFGVCRG0dTXiAhBKsS/2lpsV4wJLorwJNg3Pbtlxlfwo2a ea9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680190360; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=kPqpbzq4654zCCi1nFScy0R9QnAqEY0RrT5dZOWrxkI=; b=KTNQHC0tovMt7PHnx4uAk1+VAxt8QFv6k0Rexy4MbBKWrJihlvrC0vxu3ThQ4UmY+p onIwGhGjAsk51ZHTn56s3A4DlVj+9h+SljlUKYtoFEeW/NM2bboZYEE6FOzhozDMA3oK z7dIPm0GVMKI8tqhzFKt/TqY+Kfu4kWHf6/Cpl7MGlzPq/nJKuda/CbV9AGuXRuCfD6+ 0G4I9qGWH9mZFQgN7JKTEzMnTdccTrcgY4fuYP5+LViKLDJKJEy3acMobZcvo2PFyLsF v06k0hUEXhS4jAb/rtTKBX+Wi7odl4B+Dw4fxYAYpVtkNvYC/y5ioR8xHZfuovs/PDnI xG9w==
X-Gm-Message-State: AAQBX9dEs9ZMNrfpErivmfVE4HGwI82jLjaBVd7fKKzPQmr1G70TRx3Y yfS8GIA2STyQGTLdzC/GAs+GPOw9Joax6j+HKXaRsQL3sdU=
X-Google-Smtp-Source: AKy350bhGrsXcaQ9cl+AaZEXucVJVMbez9/TUhbY7rS4g4sVLvXSnWk6VROJ0ImWkPGe9Pm8HOG5ZAErCllOLTaM7Hc=
X-Received: by 2002:a05:6902:110b:b0:b77:158d:b3d4 with SMTP id o11-20020a056902110b00b00b77158db3d4mr16162611ybu.10.1680190360034; Thu, 30 Mar 2023 08:32:40 -0700 (PDT)
MIME-Version: 1.0
From: Turritopsis Dohrnii Teo En Ming <tdtemccnp@gmail.com>
Date: Thu, 30 Mar 2023 23:32:38 +0800
Message-ID: <CAD3upLvDOVChj=xVxF20SyA6wKHR20oJ824ee6X15+w0KUwZXg@mail.gmail.com>
To: Sdwan-sec@ietf.org
Cc: ceo@teo-en-ming-corp.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sdwan-sec/8wnrdSpz4OcLKiFzWcCiHKSsNzY>
Subject: [Sdwan-sec] I have figured out how to configure SD-WAN, Link Aggregation, Virtual IPs and IP Pools on Fortigate 200F and 201F Firewalls
X-BeenThere: sdwan-sec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Handling IPsec configurations in large scale SD-WAN deployment with constrained resources <sdwan-sec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sdwan-sec>, <mailto:sdwan-sec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sdwan-sec/>
List-Post: <mailto:sdwan-sec@ietf.org>
List-Help: <mailto:sdwan-sec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sdwan-sec>, <mailto:sdwan-sec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 15:34:20 -0000
Subject: I have figured out how to configure SD-WAN, Link Aggregation, Virtual IPs and IP Pools on Fortigate 200F and 201F Firewalls Good day from Singapore, I have figured out how to configure SD-WAN, Link Aggregation, Virtual IPs and IP Pools on Fortigate 200F and 201F Firewalls, today, 30 Mar 2023 Thursday Singapore Time. I have reviewed the existing configuration of Fortigate 200D firewall for a wine company today. Subsequently I have also reviewed the existing configuration of Fortigate 201F firewall for an investment company today. The Fortigate 201F firewall has SD-WAN configured. I am reviewing the configuration of existing Fortigate firewalls in preparation for setting up brand new Fortigate 200F firewall in April 2023, if I have the opportunity to do so. This is the reference guide on how to configure SD-WAN in Fortigate firewalls. Article: Configuring the SD-WAN interface Link: https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/218559/configuring-the-sd-wan-interface This is the reference guide on how to configure Link aggregation (IEEE 802.3ad) in Fortigate firewalls. Article: Aggregation and redundancy Link: https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/567758/aggregation-and-redundancy Regarding firewall policies (aka firewall rules) ================================================ A. Virtual IPs Virtual IPs are needed for port forwarding. If the direction of the traffic is from WAN to any other physical interface, you are configuring port forwarding. Before you can configure port forwarding, you must configure Virtual IPs. After configuring Virtual IPs, you can proceed to configure firewall policies (firewall rules) for port forwarding. B. IP Pools If your company/business/organization has many public static IPv4 addresses, you can force a server in your internal network to take on a specific public static IPv4 address. This is known as masquerading. IP Pool is applied in firewall policies for the direction of the traffic from LAN to WAN, for example, from your mail server to the internet. This direction of the traffic is known as outgoing internet access. I have become reasonably seasoned in configuring Fortigate firewalls, after having configured Fortigate firewalls of various sizes for 8 different companies/organizations in Singapore. I have also configured SSL VPN in Cisco ASA 5506-X firewall for an investment company in Singapore previously (I think 2-3 years ago). That's all folks. Please feel free to correct me if I am wrong. Hehe. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore Blogs: https://tdtemcerts.blogspot.com https://tdtemcerts.wordpress.com GIMP also stands for Government-Induced Medical Problems.
- [Sdwan-sec] I have figured out how to configure S… Turritopsis Dohrnii Teo En Ming