Scribd
Upload
16 views16 pages

Sdwanfortinet

Uploaded by

Mohcine Oubadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views16 pages

Sdwanfortinet

Uploaded by

Mohcine Oubadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

FORTINET MEGA LAB

(SD-WAN, IPSEC SITE TO SITE VPN, S-NAT, D-NAT)


A. Router ISP
hostname ISP
ip vrf ISP-01
ip vrf ISP-02

interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/1
ip vrf forwarding ISP-01
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/2
ip vrf forwarding ISP-01
ip address 20.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/3
ip vrf forwarding ISP-02
ip address 30.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/4
ip vrf forwarding ISP-02
ip address 40.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/5
ip vrf forwarding ISP-01
ip address 50.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/6
ip vrf forwarding ISP-02
ip address 60.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

ip nat inside source list 1 interface GigabitEthernet0/0 vrf ISP-01 overload


ip nat inside source list 2 interface GigabitEthernet0/0 vrf ISP-02 overload
ip route 0.0.0.0 0.0.0.0 192.168.222.2
ip route vrf ISP-01 0.0.0.0 0.0.0.0 192.168.222.2
ip route vrf ISP-01 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.222.2
ip route vrf ISP-02 0.0.0.0 0.0.0.0 192.168.222.2
ip route vrf ISP-02 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.222.2

access-list 1 permit 10.1.1.0 0.0.0.3


access-list 1 permit 20.1.1.0 0.0.0.3
access-list 1 permit 50.1.1.0 0.0.0.255
access-list 2 permit 30.1.1.0 0.0.0.3
access-list 2 permit 40.1.1.0 0.0.0.3
access-list 2 permit 60.1.1.0 0.0.0.255
B. FGT-HO
1. Physical Interface

2. SD-WAN Interface

3. Routing

4. Security Policy
5. SD-WAN Zone

6. SD-WAN Rule
7. Performance SLA

8. IPSec Site to Site VPN

9. Konfigurasi D-NAT
C. FGT-SITE-A
1. Physical Interface

2. SD-WAN Interface

3. Routing

4. Security Policy
5. SD-WAN Zone

6. SD-WAN Rule

7. Performance SLA
8. IPSec Site to Site VPN
D. FGT-SITE-B
1. Physical Interface

2. SD-WAN Interface

3. Routing

4. Security Policy
5. SD-WAN Zone

6. SD-WAN Rule
7. Performance SLA

8. IPSec Site to Site VPN


E. TESTING PC-HO

1. PC-HO to PC-SITE-A

2. PC-HO to PC-SITE-B

3. PC-HO to Server via D-NAT

4. PC-HO to Internet
F. TESTING PC-SITE-A

1. PC-SITE-A to PC-HO

2. PC-SITE-A to PC-SITE-B

3. PC-SITE-A Server via D-NAT

4. PC-SITE-A to Internet
G. TESTING PC-SITE-B

1. PC-SITE-B to PC-HO

2. PC-SITE-B to PC-SITE-A

3. PC-SITE-B Server via D-NAT

4. PC-SITE-B to Internet

You might also like