Go to Global mode > System > VDOM > root > double click to number from Ref. The solution here is to clear all references to a port (a reference = a configuration like policy rule, dhcp server, interface that is attached to that interface).
This issue is seen when you configure firstly the interface, then activate the VDOM. In case you already have a configuration for port4, it will be automatically imported to root VDOM and you cannot modify from Network > Interface > port4 the Virtual Domain to customer. At last, go to webui using your browser and start the lab. # from this point on, all requests to Internet are blackholed (the exception is the packets sent to client ip 10.128.0.20, which traffic originates from remote students).ĥ. # overwrite now the old default route from fw with AD = 1 Now, go to cli (via vnc) and create 2 new static routes: Remeber that this device has an implicit default route to 10.3.255.254 with AD = 5.įGT60 # get router info routing-table details
Wait for the firewall to reboot, then access the machine again via vnc to make sure the mgmt ip was not changed (in case it is changed, the webui interface will hang at reboot until timeout).Ĥ. From the browser, go to IP_FORTIGATE/ng/system/vm/license and upload the first license that is found on UPB-Learning course.ģ. This is just an example, you will have a different address assigned.Īn alternative here for taking the assigned internal ip is: go to Globalprotect UI > Settings > Connections tab > Assigned Local IP.Ģ. On the example from above see that the source ip address is the internal one: 10.128.0.20, which will be used later to fwd packets via 10.3.255.254 (def gateway). # from you host, send an imcp echo-req to the specific port1 ip address We will blackhole the default route after the license is marked as VALID, then create a route only for client user ip (which will mostly be the same for all firewalls).ġ. As we have only 2 licenses available in total (starting with HA lab, we are going to use 2 firewall machines), we need to reuse them for all Fortigate firewalls using the following steps:Ġ. From this lab on, we will need to have a licensed VM with no access to Internet (to keep the Valid status).
0 kommentar(er)
