Posts

Showing posts from September, 2023

How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment
Read more

How to change the SSH port no in Cisco devices

-
Image
Design Connectivity    R-1#conf terminal R-1(config)#ip ssh port 4401 rotary 1 R-1(config)#line vty 0 15 R-1(config-line)#rotary 1 R-1(config-line)#exit R-1(config)#ip access-list extended SSH-PORT R-1(config-ext-nacl)#permit tcp any any eq 4401 R-1(config-ext-nacl)#deny tcp any any eq 22 R-1(config-ext-nacl)#exit R-1(config)#line vty 0 15 R-1(config-line)#access-class SSH-PORT in R-1(config-line)#exit R-1(config)#end R-1#write memory Here I got the Access SSH to the Router using port no 4401
Post a Comment
Read more

OSPF WITH LINK AGGREGATION BETWEEN Cisco & FortiGate

-
Image
  OSPF WITH LINK AGGREGATION BETWEEN Cisco & FortiGate Figure 1 : OSPF AREA 0 with Link Aggregation between Cisco & FortiGate     FortiGate Firewall Link Aggregation: - Figure 2 : FortiGate_7 Network Interface configured with 802.3ad (LACP) Figure 3 : FortiGate_5 Network Interface configured with 802.3ad (LACP) FortiGate_5 Configuration   Step 1: Click on 802.3ad Link Aggregation and go to edit      Step 2: Giving the Name and selecting the ports inside the interface member and assign the IP Address.   FortiGate_7 Configuration    Step 1:     Click on 802.3ad Link Aggregation and go to edit    Step 2:     Giving the Name and selecting the ports inside the interface member and assign the IP Address.   Cisco Switch Link/Port Aggregation: - Cisco_SW-2_Configuration interface Port-channel16   description ***Conneted_to_FortiGate_5***   no switchport   ip address 16.1.1.2 255.255.255.252   interface Port-channel17   no switchpo
Post a Comment
Read more

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Post a Comment
Read more