Forti - Firewall ServerFarm on Nexus - VRF Mode

Berikut Konfigurasi masing-masing perangkat: Noted: Firewall Kiri-Kanan itu tidak termasuk bagian dari konfigurasi di Skenario-1 ini, jd kita abaikan ja. Nanti di Skenario-2 baru kita lakukan konfigurasi di FW kiri-kakan, dimana nantinya akan kita jadikan sebagai firewall serverfarm untuk melakukan inspect trafik antar east-west dan north-south (mana yg boleh, mana dan tidak). Nantinya setiap trafik dari dari luar (Lan-Disti dan area internet) akan masuk ke area SF dan sebalikya akan di inspect oleh firewall, klo yg sekarang masih bypass, tanpa ada inspecct di area SF.  Goal kita disni adalah step migrasi firewall area SF, dmana area SF sebelumnya tidak ada firewall menjadi ada, dan bagaimana step-migrasinya, ikut step-step dibagian skeanrio-2.

Aktifkan Fitur-Fitur ini di switch NXOS SF
feature ospf
feature ospfv3
feature interface-vlan
feature hsrp
feature vrrp

hostname SW-FS-01
interface eth1/1
no switchport
ip address 10.90.252.6/30
no ip ospf passive-interface
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no sh
exit

interface eth1/2
no switchport
ip address 10.90.252.21/30
no ip ospf passive-interface
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no sh
exit
interface eth1/3
  description CS-02
  no switchport
  ip address 10.90.252.13/30
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
exit

interface eth1/8
  no shutdown
  switchport
  switchport mode trunk
exit

spanning-tree vlan 10,20  priority 8192
spanning-tree vlan 30,40  priority 16384

vlan 10
name Vlan10
exit

vlan 20
name Vlan20
exit

vlan 30
name Vlan20
exit

vlan 40
name Vlan20
exit

interface Vlan10
  description vlan10
  no shutdown
  no ip redirects
  ip address 10.0.1.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
  preempt
 priority 110
  ip 10.0.1.1
exit

interface Vlan20
  description vlan20
  no shutdown
  no ip redirects
  ip address 10.0.2.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.0.2.1
exit

interface Vlan30
  description vlan40
  no shutdown
  no ip redirects
  ip address 10.0.3.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.0.3.1
exit

interface Vlan40
  description vlan40
  no shutdown
  no ip redirects
  ip address 10.0.4.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.0.4.1
exit

int loo1
 ip add 192.168.254.254 255.255.255.255
 ip router ospf 1 area 0.0.0.0
exit

router ospf 1
  router-id 192.168.254.254

hostname SWFS-02
interface eth1/1
no switchport
ip address 10.90.252.18/30
no ip ospf passive-interface
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no sh
exit

interface eth1/2
no switchport
ip address 10.90.252.10/30
no ip ospf passive-interface
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no sh
exit

interface eth1/3
  description TO-CS02-FS01
  no switchport
  ip address 10.90.252.14/30
  ip ospf network point-to-point
   ip router ospf 1 area 0.0.0.0
  no shutdown
exit

interface eth1/8
  no shutdown
  switchport
  switchport mode trunk
exit

vlan 10
name Vlan10
exit

vlan 20
name Vlan20
exit

interface Vlan10
  description vlan10
  no shutdown
  no ip redirects
  ip address 10.0.1.3/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
  preempt
 priority 110
  ip 10.0.1.1
exit

interface Vlan20
  description vlan20
  no shutdown
  no ip redirects
  ip address 10.0.2.3/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.0.2.1
exit

interface Vlan30
  description vlan40
  no shutdown
  no ip redirects
  ip address 10.0.3.3/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
  preempt
 priority 110
  ip 10.0.3.1
exit

interface Vlan40
  description vlan40
  no shutdown
  no ip redirects
  ip address 10.0.2.3/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.0.2.1
exit

spanning-tree vlan 10,20  priority 16384
spanning-tree vlan 30,40  priority 8192

int loo1
 ip add 192.168.254.253 255.255.255.255
 ip router ospf 1 area 0.0.0.0
exit

router ospf 1
  router-id 192.168.254.253

hostname CS-01
interface gi0/0
  description # Link To SW-FS-01 #
  no switchport
  ip address 10.90.252.5 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/1
  description # Link To SW-FS-02#
  no switchport
  ip address 10.90.252.17 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/2
  description # Link To SW-DISTI-A#
  no switchport
  ip address 10.90.252.50 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/3
  description # Link To SW-DISTI-B#
  no switchport
  ip address 10.90.252.58 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi1/0
  description # Link To CS-02#
  no switchport
  ip address 10.90.252.1 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

router ospf 1

interface loopback0
  ip address 192.168.254.251 255.255.255.255
  ip ospf 1 area 0.0.0.0
exit

hostname CS-02
interface gi0/0
  description # Link To SW-FS-01 #
  no switchport
  ip address 10.90.252.22 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/1
  description # Link To SW-FS-02#
  no switchport
  ip address 10.90.252.9 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/2
  description # Link To SW-DISTI-A#
  no switchport
  ip address 10.90.252.54 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi0/3
  description # Link To SW-DISTI-B#
  no switchport
  ip address 10.90.252.62 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

interface gi1/0
  description # Link To CS-02#
  no switchport
  ip address 10.90.252.2 255.255.255.252
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
  no shutdown
exit

router ospf 1

interface loopback0
  ip address 192.168.254.252 255.255.255.255
  ip ospf 1 area 0.0.0.0
exit

 

hostname SW-DIST-01
interface GigabitEthernet0/0
 description # Link To CS-01#
no shut
 no switchport
 ip address 10.90.252.49 255.255.255.252
 ip ospf network point-to-point
exit

interface GigabitEthernet0/1
 description # Link To CS-02#
 no shut
 no switchport
 ip address 10.90.252.53 255.255.255.252
 ip ospf network point-to-point
exit

interface GigabitEthernet0/3
switchport
no shut
 switchport access vlan 10
 switchport mode access
 exit

interface GigabitEthernet0/2
switchport
no shut
switchport trunk encapsulation dot1q
switchport mode trunk
exit

spanning-tree vlan 10,30 priority 16384
spanning-tree vlan 20,40 priority 0

vlan 10
exi
vlan 20
exit
vlan 30
exit
vlan 40

int loo0
ip add 192.168.254.102 255.255.255.255
exit

router ospf 1
 router-id 192.168.254.102
 network 172.16.10.0 0.0.0.255 area 100
 network 172.16.20.0 0.0.0.255 area 100
 network 172.16.30.0 0.0.0.255 area 100
 network 172.16.40.0 0.0.0.255 area 100
 network 192.168.254.102 255.255.255.255 area 100
 network 10.90.252.48 0.0.0.3 area 0
 network 10.90.252.52 0.0.0.3 area 0

interface Vlan 10
 description Vlan10
 no shut
 ip address 172.16.10.2 255.255.255.0
  standby 1 ip 172.16.10.1
 standby 1 timers 5 15
 standby 1 priority 90
 standby 1 preempt
exit

interface Vlan 20
 description Vlan20
 no shut
 ip address 172.16.20.2 255.255.255.0
  standby 1 ip 172.16.20.1
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt
exit

interface Vlan 30
 description Vlan30
 no shut
 ip address 172.16.30.2 255.255.255.0
  standby 1 ip 172.16.30.1
 standby 1 timers 5 15
 standby 1 priority 90
 standby 1 preempt
exit

interface Vlan 40
 description Vlan40
 no shut
 ip address 172.16.40.2 255.255.255.0
  standby 1 ip 172.16.40.1
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt
exit

 

hostname SW-DIST-02
interface GigabitEthernet0/0
 description # Link To CS-01#
 no shut
 no switchport
 ip address 10.90.252.57 255.255.255.252
 ip ospf network point-to-point
exit

interface GigabitEthernet0/1
 description # Link To CS-02#
 no shut
 no switchport
 ip address 10.90.252.61 255.255.255.252
 ip ospf network point-to-point
exit

interface GigabitEthernet0/3
switchport
no shut
 switchport access vlan 10
 switchport mode access
 exit

interface GigabitEthernet0/2
switchport
no shut
switchport trunk encapsulation dot1q
switchport mode trunk
exit

spanning-tree vlan 20,40 priority 16384
spanning-tree vlan 10,30 priority 0


vlan 10
exi
vlan 20
exit
vlan 30
exit
vlan 40

int loo0
ip add 192.168.254.103 255.255.255.255
exit

router ospf 1
 router-id 192.168.254.103
 network 172.16.10.0 0.0.0.255 area 100
 network 172.16.20.0 0.0.0.255 area 100
 network 172.16.30.0 0.0.0.255 area 100
 network 172.16.40.0 0.0.0.255 area 100
 network 192.168.254.103 255.255.255.255 area 100
 network 10.90.252.56 0.0.0.3 area 0
 network 10.90.252.60 0.0.0.3 area 0

interface Vlan 10
 description Vlan10
 no shut
 ip address 172.16.10.3 255.255.255.0
  standby 1 ip 172.16.10.1
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt
exit

interface Vlan 20
 description Vlan20
 no shut
 ip address 172.16.20.3 255.255.255.0
  standby 1 ip 172.16.20.1
 standby 1 timers 5 15
 standby 1 priority 90
 standby 1 preempt
exit

interface Vlan 30
 description Vlan30
 no shut
 ip address 172.16.30.3 255.255.255.0
  standby 1 ip 172.16.30.1
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt
exit

interface Vlan 40
 description Vlan40
 no shut
 ip address 172.16.40.3 255.255.255.0
  standby 1 ip 172.16.40.1
 standby 1 timers 5 15
 standby 1 priority 90
 standby 1 preempt
exit

hostname R-INET-01
!
router ospf 1
!
interface GigabitEthernet0/0
 ip address 10.1.1.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf 100 area 0
 ip nat inside
 no shut
 exit
!
interface GigabitEthernet0/2
 description LINK-to-R-INET-02
 ip address 11.11.11.253 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
 exit
!
interface GigabitEthernet0/1
 ip address 192.168.14.200 255.255.255.0
 ip nat outside
 no shut
 exit
!
router ospf 1
redistribute static subnets
 default-information originate
!
access-list 1 permit any
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.14.2  
ip route 0.0.0.0 0.0.0.0 11.11.11.254  
exit
!

hostname R-INET-02
!
interface GigabitEthernet0/0
 ip address 10.0.137.200 255.255.255.0
 ip nat outside
 no shut
 exit
!
interface GigabitEthernet0/2
 description LINK-to-R-INET-02
 ip address 11.11.11.254 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
 exit
!
interface GigabitEthernet0/1
 ip address 10.2.2.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 ip nat inside
 no shut
 exit
!
router ospf 1
redistribute static subnets
 default-information originate

!
access-list 1 permit any

ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.137.1
ip route 0.0.0.0 0.0.0.0 11.11.11.253   
exit

 

VERIFKASI
trace-route dari SW-SF-01

ping dari PC area-SF ke Lan Disti

ping dari PC Lan Disti  ke SF-Area dan 8.8.8.8

sh ip route (cek routing table) switch-DISTI

STEP-1: TAHAP PERSIAPAN MIGRASI 

Persiapan Migrasi: Bagian ini sdh dikonfig di swith SW-FS-01 dan SW-FS-01 sebelum migrasi, jadi konfigurasinya sdh ada di switch SF dan tidak memempengerahui konfig operasi switch.

===========================
SW-FS-01
--------------------------
vlan 256
  name Inside_Forti_Firewall_T3
exit
vlan 257
  name Outside_Forti_Firewall_T3
exit

interface ethernet 1/4
description INSIDE_FORTI_P1
switchport
switchport access vlan 256
channel-group 6 mode active
exi

interface ethernet 1/5
description INSIDE_FORTI_P2
switchport
switchport mode access
switchport access vlan 256
channel-group 6 mode active
exi

interface ethernet 1/6
description OUTSIDE_FORTI_P3
switchport
switchport mode access
switchport access vlan 257
channel-group 5 mode active
exi

interface ethernet 1/7
description OUTSIDE_FORTI_P4
switchport
switchport mode access
switchport access vlan 257
channel-group 5 mode active
exi

interface vlan 256
description INSIDE_FORTI_FW_T3
no shu
ip address 10.90.254.58/29
ip router ospf 1 area 0.0.0.0
hsrp 1
preempt
priority 110
ip 10.90.254.57
 exi
exit

interface vlan 257
description OUTSIDE_FORTI_FW_T3
no shu
ip address 10.90.254.50/29
ip router ospf 2 area 0.0.0.0
hsrp 1
preempt
priority 110
ip 10.90.254.49
 exi
 exit

interface port-channel 5
description OUTSIDE_FORTI
no shutdown
switchport
switchport access vlan 257
switchport mode access
exi

interface port-channel 6
description INSIDE_FORTI
shutdown
switchport
switchport mode access
switchport access vlan 256
exit
-------------------------------------------
SW-FS-02
 
vlan 256
  name Inside_Forti_Firewall_T3
exit
vlan 257
  name Outside_Forti_Firewall_T3
exit

interface ethernet 1/4
description INSIDE_FORTI_P1
no shut
switchport
switchport mode access
switchport access vlan 256
channel-group 6 mode active
exi

interface ethernet 1/5
description INSIDE_FORTI_P2
no shut
switchport
switchport mode access
switchport access vlan 256
channel-group 6 mode active
exi

interface ethernet 1/6
description OUTSIDE_FORTI_P3
no shut
switchport
switchport mode access
switchport access vlan 257
channel-group 5 mode active
exi

interface ethernet 1/7
description OUTSIDE_FORTI_P4
no shut
switchport
switchport mode access
switchport access vlan 257
channel-group 5 mode active
exi

interface vlan 256
description INSIDE_FORTI_FW_T3
no sh
ip address 10.90.254.59/29
ip router ospf 1 area 0.0.0.0
hsrp 1
preempt
ip 10.90.254.57
 exi
exit

interface vlan 257
description OUTSIDE_FORTI_FW_T3
no sh
ip address 10.90.254.51/29
ip router ospf 2 area 0.0.0.0
hsrp 1
preempt
ip 10.90.254.49
 exi
 exit

interface port-channel 5
description OUTSIDE_FORTI
shutdown
switchport
switchport mode access
switchport access vlan 257
exi

interface port-channel 6
description INSIDE_FORTI
shutdown
switchport
switchport mode access
switchport access vlan 256
exit

FIREWALL-SF-FORTI. Lalu dibagian firewall pastikan sdh dikonfig (interface inisde/outisde, routing defaul & statik, policy rule dan HA) pastikan semua sdh done). Pastikan p2p antar port inside/outside ke swith SF sdh reachable (ping sdh reply). Berikut Capturenya.
Interface IP

PING dari forti ke swith-SF / reply,Ok. jd sebelum migrasi bagian harus dimakesure bahwa p2p antar firewall dengan switch sdh reply, setelh reply, portnya bisa disable lg, menunggu hari H migrasi di enable lg.

===================================================
STEP-2.TAHAP LIVE MIGRASI

Step ini adalah bagian dari proses live migrasi firewall di area SF(selama proses migrasi , berikut langkah2 ini yg perlu dilakukan)

SW_FS-01
--------------
Step-1
NOTED:
Aktifkan port ISNIDE / OUTSIDE di FORTI-FW, status interface-nya mash disable:

• Staus interface Vlan256 dan Vlan257 di swith SF sdh enable/up,  tdk perlu no shut lagi
  
• Aktifkan port phisical INSIDE dan OUtSIDE (port1 - 4), karena staus interface-nya msh disable/down
• Aktifkan port Chanbel-5 dan Channel-6 , akrena interface port-ch5 dan port-ch6 (shutdown)

Step-2
Create vrf context OUTSIDE_FW_T3 di swith SW-SF-01
vrf context OUTSIDE_FW_T3

Step-3: Create spesisifk statik-route (segmen vlan SF) to Forti via interface Outside
vrf context OUTSIDE_FW_T3
ip route 10.0.1.0/24 10.90.254.52 name VLan_10
ip route 10.0.2.0/24 10.90.254.52 name VLan_20
ip route 10.0.3.0/24 10.90.254.52 name VLan_30
ip route 10.0.4.0/24 10.90.254.52 name VLan_40
exit

Step-4 : Cretae VRF context OUTSIDE_FW_T3
router ospf 2
  vrf OUTSIDE_FW_T3
exit

Step-5 :Create default-route
ip route 0.0.0.0 0.0.0.0 10.90.254.60 name internet

Step-6 : Create ip-prefix-list
ip prefix-list static-to-ospf-outside-fw permit 10.0.1.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.2.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.3.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.4.0/24

dan
route-map STATIC-TO-OSPF-OUT permit 10
 match ip address prefix-list static-to-ospf-outside-fw
exit

Step-7 : Create New OSPF Proses (ospf 2)
router ospf 2
  vrf OUTSIDE_FW_T3
  redistribute static route-map STATIC-TO-OSPF-OUT
exit
exit

Step-8 : Create vrf SW-SF-01
interface Ethernet1/1
no switchport
vrf member OUTSIDE_FW_T3
 desc TO-CS-01
 no switchport
  ip address 10.90.252.6/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  no shutdown
exit

interface Ethernet1/2
no switchport
vrf member OUTSIDE_FW_T3
 desc TO-CS-02
 no switchport
  ip address 10.90.252.21/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  no shutdown
exit

interface Vlan257
  description OUTSIDE_FORTI_FW_T3
  vrf member OUTSIDE_FW_T3
  no shutdown
  ip address 10.90.254.50/29
  ip router ospf 2 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.90.254.49

-----------------------------------------
SW_FS-02
Step-1

Actifkan port ISNIDE/OUTSIDE di FORTI-FW, staus interface interface-nya mash disable,  
staus interface VLan256 dan VLan257 di swith SF sdh enable/up
Actifkans port Phisicla INSIDE dan INSIDE (port1 - 4), karena staus interface-nya msh disable/down
Actifkans port Chanbel-5 dan Channel-6 , akrena interface port-ch5 dan port-ch6 (shutdown)

Step-2: Create vrf context OUTSIDE_FW_T3 di swith SW-SF-01
vrf context OUTSIDE_FW_T3

Step-3: Create spesisifk statik-route (segmen vlan SF) to Forti via interface Outside
vrf context OUTSIDE_FW_T3
ip route 10.0.1.0/24 10.90.254.52 name VLan_10
ip route 10.0.2.0/24 10.90.254.52 name VLan_20
ip route 10.0.3.0/24 10.90.254.52 name VLan_30
ip route 10.0.4.0/24 10.90.254.52 name VLan_40
exit

Step-4 : Cretae VRF context OUTSIDE_FW_T3
router ospf 2
  vrf OUTSIDE_FW_T3
exit

Step-5 :create default-route
ip route 0.0.0.0 0.0.0.0 10.90.254.60 name Internet

Step-6 : create ip-prefix-list
ip prefix-list static-to-ospf-outside-fw permit 10.0.1.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.2.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.3.0/24
ip prefix-list static-to-ospf-outside-fw permit 10.0.4.0/24

dan
route-map STATIC-TO-OSPF-OUT permit 10
 match ip address prefix-list static-to-ospf-outside-fw
exit

Step-7 : create New OSPF Proses (ospf 2)
router ospf 2
  vrf OUTSIDE_FW_T3
  redistribute static route-map STATIC-TO-OSPF-OUT
exit
exit

Step-8 : Create vrf SW-SF-02
interface Ethernet1/1
no switchport
vrf member OUTSIDE_FW_T3
 desc TO-CS-01
   ip address 10.90.252.18/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  no shutdown
exit

interface Ethernet1/2
no switchport
vrf member OUTSIDE_FW_T3
 desc TO-CS-02
   ip address 10.90.252.10/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  no shutdown
exit

interface Vlan257
  description OUTSIDE_FORTI_FW_T3
  vrf member OUTSIDE_FW_T3
  no shutdown
  ip address 10.90.254.51/29
  ip router ospf 2 area 0.0.0.0
  hsrp 1
    preempt
   ip 10.90.254.49
exit

VERIFIKASI
Ping dan trace dari SF ke internet dan ke LAN-disti

ping/trace dari area LAN-disit ke internet serverfarm

Log Trafic Firewall

Jika Firewall SF-01 down (firewall primary) maka otomatis firewall SF-02 (secundary) auto up.

Done...!  Success..

 =======================&&&&&&=================

TAMBAHAN
Jika mau nge-lab pake switch Nexus di EVE-Ng terkdang tidak mau booting switchnnya, lakukan hal ini;
1. Veris Nexus LAb ini adalah NXOS 9.2.(1)

2. KLo tidak mau booting NXOS nya lakukan hal ini
boot nxos.7.0.3.I5.2.bin

dir flash:

conf t
boot nxos bootflash: nxos.7.0.3.I5.2.bin
atau
boot nxos bootflash:nxos.7.0.3.I7.4.bin
end
copy run start


forti
Forti
nexus

Berbagi :