Building a Lab to Simulate Real World Scenarios

Tony Zabaneh

© Copyright Fortinet Inc. All rights reserved.

Have you ever to needed practice or evaluate a product, but couldn’t for the lack
of equipment?

2
3
Where do I start?

 Plan your simulated network segments based on your layout.

 Created your own VMWare Network Segments/Virtual

Switches/VMNets (Depends on the Platform you are using)

 Create your Master FortiGate and start assigning the IP Schema and
Network Segments you created.

 Create the rest of network components and map it to the appropriate

network segments (VMWare).

4
Fabric SD-WAN

VIP’s SSL-VPN

HA IPSEC

5
Planning

6
Creating VMs and Subnets

7
Applying Subnets to all VM’s

8
Starting VM’s and Creating IP Schema

9
Apply the Correct Schema other VM’s

10
What Next?

 Next! is fully dependent on what you want to

test/evaluate/demonstrate…etc.
 For this lab, we want to achieve a fabric integrated topology.
» Fix Routing and Security Policies!!
» Enable Telemetry on Relevant Interfaces
» Create a Telemetry Group
» Complete Analyzer Integration
 Configure Site-to-Site VPN
 Install FortiClient on a test computer behind one of the firewalls
LAN interfaces

11
Routing and Security Policies

12
Enable Telemetry

13
Create a Telemetry Group and Join FAZ – Master!

14
Other Use Cases

 Sniffer
 L2 Deployment
 FortiMail to Protect an Exchange Server
 FortiWeb to Protect a Web Application
 FortiSIEM to monitor and integrate with all of your lab
components

15
Fabric SD-WAN

VIP’s SSL-VPN

HA IPSEC

16
FortiWeb with Web Applciation FortiMail with MS Exchange

Sniffer Mode Deployment L2 Deployment

FortiSIEM FortiGate with FortiAuthenticator 2FA

17