Software Defined Network with Fortigate
Hello, people of Hive, today I will be showing a continuation of my last post, we will make an SDN or Software Defined Network we have this Topology, the IPs may vary you need to open the console of the firewall and with the command get system interface you can see the IPs.
We need to edit the interfaces, first the port3, we will put an IP address and mask as we defined in the topology, and we will give the IP address 192.168.2.1 to the First Fortigate and 192.168.2.2 to the second Fortigate.
In port 2 of each Fortigate, we define the LANs, we will give a Manual IP to each Client PC and we give the PING access so we can check connectivity between networks and to the Firewall.
Now we go and edit the SD-WAN interface, we do this in each FortiGate of course, we select port3 the interface we are using to connect between Fortigates and we give the IP Gateway in each case the opposite Firewall port3 IP.
Now we make a Static Route, the destination is 0.0.0.0/0 this allows access from any destination, and the interface is the SD-WAN we just configured previously, we enable, and we make this in each Firewall too.
Now we have made a policy to give access to the PC Client to the internet, we select as the incoming Interface the LAN, and the outgoing interface the SD-WAN we just created, also we allow "all" in this case for the example, but we can control the type of traffic we want to allow.
Finally, we go to the second firewall, and we allow the incoming interface as the SDN we created(port3), and the outgoing interface in this case is port1(internet/cloud), so now the LAN of the first firewall will have access to the internet but going first to the SDN and coming out to the Second FortiGate Cloud.
Finally, we just test with a ping from the First firewall to the internet or the LAN 1 to the internet, and we can see the traffic going through port 3 and using the SDN we defined. we can see the Bandwidth, volume, and sessions, all going through port 3.
You can leave any comment so we can keep expanding the knowledge about Firewalls and FortiGate, this is very useful, also can be painful to configure but using SDN is less stressful than a regular access list and other technologies, this applies more if the Network is bigger.
You can check my blog here: @taradraz1
Thanks for the time!!!