check ping via port1 and port3 work from both endpoints: # ids may differ, but see that there are 2 virtual interfaces attached to bridge pnet1 from eve-ng machine (root:student credentials), see the bridge configuration (pnet1 for brctl showīridge name bridge id STP enabled interfaces You can also use here the alias outside_redundantĪfter finishing the netw configuration on both machines, check the following:
port3: connection with Cloud1, in the same netw as the first FGT. Then, go to client2, check the ip from eth0 and ping the firewall. Enable also http, https, ping for admin access. Use the network 172.30.0.0/24 with 172.30.0.1 for port2 and dhcp server configured (with. port2: connection with client2 (reuse the one from the latest lab and connect it to port2 of FGT2). ExampleįGT81_2 # get router info routing-table details The static routes should be the same as for FGT1. Then, to repeat all steps from the latest lab regarding Licensing and configure the following interfaces: # set macaddr - use here the format: 50:00:00:byte_2_eveng_ip:byte3_eveng_ip+1:byte4_eveng_ip You will need firstly to change the mac address: Start the device and check the port2 network (as defined above) and for port3 use ip 10.0.0.1/30Īs VDOMs are still enabled on the first FGT, you will need the following syntax to access the interfaces config (for example):įor the second FGT (FGT2 or Remote-FortiGate), create a new node with 4 interfaces, 1 vCPU, 2 GB RAM, then start it. You can use here the alias outside_redundantģ. For this, we need a new Cloud Network that will connect virtual interfaces and simulates a new ISP connection (same or different) from both sides. port3: used for creating a backup connection between the 2 FGT devices.
You should have for port2 interface 172.16.0.1 and for client1 172.16.0.2 (or any other ip given by DHCP server) - subnet in network 172.16.0.0/24
For this, you can keep client1 from the previous lab and remove client2 from port4 interface (found in customer VDOM).
port2: used for creating a client network (the branch we need to connect via IPsec tunnel). In this case, redo the steps from the previous lab for Licensing, with the exception of 2 and 3 (no need to readd the license and reboot machine). This is caused by the changing of your public ip address, which means also the internal one (10.12*.*.*) is going to be changed and the added static route by you will be useless. You may see that you cannot access webui via http/https.
0 kommentar(er)
