How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment

How to Configure VXLAN in FortiGate Firewall

-

How to Configure VXLAN in FortiGate Firewall



A brief explanation of the given topology: -

Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between.

Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600

Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall.

Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN.

Ø We have configured VLAN and VXLAN on both the FortiGate Firewall.

Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain.

 

 

 

 

 

FortiGate Firewall Configuration

VXLAN Configuration: -

FGT-1:

config system vxlan

    edit "vxlan3500"

        set interface "port3"

        set vni 3500

        set remote-ip "10.1.1.2"

    next

    edit "vxlan3600"

        set interface "port3"

        set vni 3600

        set remote-ip "10.1.1.2"

    next

end

FGT-2:

config system vxlan

    edit "vxlan3500"

        set interface "port3"

        set vni 3500

        set remote-ip "10.1.1.1"

    next

    edit "vxlan3600"

        set interface "port3"

        set vni 3600

        set remote-ip "10.1.1.1"

    next

end

 

 

 

FortiGate Interface Configuration: -

FGT-1:



Ø Here Port1 is the LAN port that is connected to the Cisco switch and under this port, two VLANs are configured i.e.; 3500 and 3600.

Ø Port3 is the L3 link connected to the other Firewall with 10.1.1.0/30 subnet.

Ø Port2 is basically for taking web-gui access for the particular firewall, its not related to VXLAN configuration.

Ø Here we have two Software switches configured with the names VLAN-3500-SW and VLAN-3600-SW

Ø Each switch has its own subnet and separate domain

Ø VLAN-3500-SW is configured with the subnet of 192.168.1.0/24

Ø VLAN-3600-SW is configured with the subnet of 192.168.2.0/24

Ø In each switch, we have a two-member interface i.e.; VLAN & VXLAN

Ø For VLAN-3500-SW members are VLAN-3500 & vxlan3500.

Ø For VLAN-3600-SW members are VLAN-3600 & vxlan3600.

 

 

 

 

 

 

 

 

 

Let's see how to configure it:

VLAN Configuration:

  


VLAN SWITCH Configuration:



FGT-2:


Ø Here Port1 is the LAN port that is connected to the Cisco switch and under this port, two VLANs are configured i.e.; 3500 and 3600.

Ø Port3 is the L3 link connected to the other Firewall with 10.1.1.0/30 subnet.

Ø Port2 is basically for taking web-gui access for the particular firewall, it’s not related to VXLAN configuration.

Ø Here we have two Software switches configured with the names VLAN-3500-SW and VLAN-3600-SW

Ø Each switch has its own subnet and separate domain

Ø VLAN-3500-SW is configured with the subnet of 192.168.1.0/24

Ø VLAN-3600-SW is configured with the subnet of 192.168.2.0/24

Ø In each switch, we have a two-member interface i.e.; VLAN & VXLAN

Ø For VLAN-3500-SW members are VLAN-3500 & vxlan3500.

Ø For VLAN-3600-SW members are VLAN-3600 & vxlan3600.

  

Let's see how to configure it:

VLAN Configuration:


 VLAN SWITCH Configuration:

 




 

 

 

 

 


Comments

Post a Comment

Popular posts from this blog

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Read more

Python Script to take the Backup of Multiple device in a Network

-
Image
from netmiko import ConnectHandler Sw_1 = { 'device_type': 'cisco_ios', 'host': '192.168.6.10', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_2 = { 'device_type': 'cisco_ios', 'host': '192.168.6.20', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_3 = { 'device_type': 'cisco_ios', 'host': '192.168.6.30', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional,
Read more