Thank you for explaining it in a simple and effective way !! Also, please explain me the difference between H/W switch, S/W switch and VLAN switch in the Fortigate! Thank you!!
Watched this super tired didn't understand a thing... rested up watched again perfect sense you are a godsend! People who say Cisco cli is easier are nuts... Keep this going with these I'd request multi vlan network and dns most secure way
Great video. There’s an easier way. Just add all your VLANS/Subnets into a Zone (for example, an inside or trust zone), and disable “Block intra-zone traffic”, and they will all be able to communicate with each other without having to add any policies. Cheers
Thanks a lot,do I have to allow the vlan in the trunk linke or the native vlan is enough. I noticed in my Network the data vlan and voice are not mention in the trunk but sill pc can get an ip from the data vlan ,,How come don't I need to say switch port trunk allow vlan,x,y,z .
hhhh it's actually an animation software called Videoscribe, these icons are not buildin, I make them in Adobe illustrator & call them in videoscribe. Afterwards take a screenshot & paste in PowerPoint. That is what you see in the video
I have all that setup with a Netgear smart managed switch. I can ping all vlans from a machine in VLan1 but I can't ping the machine on vlan 1 from the other vlans?
For a stateful firewall, I believe a single policy should be enough to facilitate to and fro traffic. Is it possible to do that in the FortiGate firewall as in Cisco ASA firewall?
Well actually it depends, if you have a very small environment, then this approach is fine. If you're network is medium to large then YES, you need to separate via an L3 switch.
Hello, Dr. Do you have any video related to ADVPN on Fortigate? It would be a great help, because of the amount of customers using this service nowadays. Regards.
Can the ip address of the SVI be completely different from the main interface ip? For example, the main would be 192.168.1.99/24, then can a I use 30.30.25.1/24 for one of my SVI?
Sorry Jim your comment was in the spam of TH-cam, TH-cam blocks comments containing IP addresses i guess. Yes you can, the main interface will be as a native vlan with no vlan tag of course & the other SVI can be any Ip you want
Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.
![[Live สด] การออกรางวัลสลากกินแบ่งรัฐบาล งวดวันที่ 16 พฤศจิกายน 2567](http://i.ytimg.com/vi/wPd7VFfWHIA/mqdefault.jpg)
Thank you for explaining it in a simple and effective way !! Also, please explain me the difference between H/W switch, S/W switch and VLAN switch in the Fortigate!
Thank you!!
Excellent videos! New to fortigate here.
Watched this super tired didn't understand a thing... rested up watched again perfect sense you are a godsend! People who say Cisco cli is easier are nuts...
Keep this going with these I'd request multi vlan network and dns most secure way
Haha right, sleep is extremely important, need to have it to understand concepts 100% of the time.
Waiting for the next vid on the series on fortigate! Great vid! The past 2 vids got me everything I need!
Great video. There’s an easier way. Just add all your VLANS/Subnets into a Zone (for example, an inside or trust zone), and disable “Block intra-zone traffic”, and they will all be able to communicate with each other without having to add any policies. Cheers
Thanks for the trick! haven't done that but will give that a try as well.
Idea is good ..but all vlans in one zone is not recommended and is a security concern in real environment...
Very cool I didnt know you could clone policies in reverse.
Great series so far. When will the next upload be?
Thank You for the appreciation! Coming Soon.
Nice work, waiting for new videos..
nice work bro. keep it up
Thanks for your videos. Very helpful.
thanks for sharing this VDO, this is really helpful Thanks❤❤
You are welcome @netconfig999. Nice channel name by the way 😀
great man! I need more of this!
More coming soon Man 🙂
Thanks! really love your video's. When will you post a video about the SD-WAN?
I really want to, but struggling a little with time, hopefully will get some time
Well explained. Thanks for this vid man.
Glad that helped you brother.
Thanks a lot,do I have to allow the vlan in the trunk linke or the native vlan is enough. I noticed in my Network the data vlan and voice are not mention in the trunk but sill pc can get an ip from the data vlan ,,How come don't I need to say switch port trunk allow vlan,x,y,z .
That is because a cisco switch by default allows all vlans. You limit the vlans on a trunk by the command "Switchport trunk allow vlan x, y, z".
Excellent work
Thanks a lot. Could you tell me what kinds of tools you use to draw the diagram? Does it come with those cute icons?
hhhh it's actually an animation software called Videoscribe, these icons are not buildin, I make them in Adobe illustrator & call them in videoscribe. Afterwards take a screenshot & paste in PowerPoint. That is what you see in the video
Great! Thanks a lot, keep it up bro!
Thanks, will do!
I have all that setup with a Netgear smart managed switch. I can ping all vlans from a machine in VLan1 but I can't ping the machine on vlan 1 from the other vlans?
Im not sure about netgear actually. Possibly a policy is blocking the traffic from other vlans to your target vlan 1
For a stateful firewall, I believe a single policy should be enough to facilitate to and fro traffic. Is it possible to do that in the FortiGate firewall as in Cisco ASA firewall?
Bro at 11:14 you see that we pinged the server right, that happened because of stateful inspection.
Can I ping a printer in another VLAN, without disabling the firewall in the source laptop? assuming there is interVLAN policy between the 2 VLANs
You should be able to ping it
thanks pal great tutorial
Single trunk link is enough to get All vlans from switch pls.tell.reason for three links to switch
Hi Sandeep. It is a single physical Interface. There are 3 logical interfaces with vlan tags,same as you would do via a trunk.
Will there be a loss of processing speed? Is it better to use a dedicated L3 Switch in this scenario?
Well actually it depends, if you have a very small environment, then this approach is fine. If you're network is medium to large then YES, you need to separate via an L3 switch.
@@doctor.networks got it, thanks!
Hello, Dr.
Do you have any video related to ADVPN on Fortigate?
It would be a great help, because of the amount of customers using this service nowadays.
Regards.
Let me note that down & I will surely make a video on it
thanks for posting it. Is eve-ng running on your PC or on an EXSi ?
Specifically for this video it's a physical ForiGate box. Normally for my videos I use Eve-ng on a Esxi server to offload resources
good explanation, thanks
Glad it was helpful!
Thank You for this video.
you're welcome brother 😀
Can the ip address of the SVI be completely different from the main interface ip? For example, the main would be 192.168.1.99/24, then can a I use 30.30.25.1/24 for one of my SVI?
Sorry Jim your comment was in the spam of TH-cam, TH-cam blocks comments containing IP addresses i guess. Yes you can, the main interface will be as a native vlan with no vlan tag of course & the other SVI can be any Ip you want
@@doctor.networks Thank you.
Is there a Lecture #6 ? Or the videos end here?
Unfortunately My career took a huge turn here, couldn't continue. But now I'm thinking of resuming the series soon
Thanks. You're awesome :)
Thanks for the super awesome comment man!
Why need this much of policies for intervlan, i think just create a zone and add the vlan's to that zone, that's bettee to simplifying 😊
Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.
Thx❤❤