Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Forti - Link Redudancy & Aggregation

Forti - Link Redudancy & Aggregation

Oleh Hasugian Posting Komentar

 1.Link Redudant (Tag Vlan) --> Konfig Interface

 

 




 

















Lanjut Buat Redudant-1...Pilih  Interface --> Create New, sesuaikan dengan gambar dibawah ini
















anjut Buat Redudant-2...Pilih  Interface --> Create New, sesuaikan dengan gambar dibawah ini

Hasilnya..





Terahir, Klik Policy & Object --> Firewall Policy (untuk vlan 10 dan vlan 20 bisa ke internet)



 

 

 

 

 

 

 

 

 

 

 

 

 



Konfig Switch SW-DMZ
interface range gigabitEthernet 0/0-1
no shut
desc LINK-TO-SW-DMZ
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode active
exit

interface port-channel 2
no shut
switchport trunk encapsulation dot1q
switchport mode trunk
exit

interface  gigabitEthernet 0/2
no shut
desc LINK-VLAN_10
switchport access vlan 10
exit

interface  gigabitEthernet 0/3
no shut
desc LINK-VLAN_20
switchport access vlan 20
exit

VERIFIKASI (dari PC01, PC02)



















Berhasil.../ Succsess..!!
forti
Forti
redudantcy
aggregation

2. Link Aggreagtion















Berikut Konfigurasi di masing-masing perangkat
Konfig Forti FIrewall
Interface



Routing Statik
 


 

 

 

 

 

 

 

 


 Firewall Policy









SW-CS-01
feature ospf
feature ospfv3
feature interface-vlan
feature hsrp
feature vrrp
feature lacp

vlan 100
  name Outside_Forti_Inet
exit

interface ethernet 1/1
description OUTSIDE_FORTI_P2
no shut
switchport mode access
switchport access vlan 100
channel-group 5 mode active
exi

interface ethernet 1/2
description OUTSIDE_FORTI_P3
no shut
switchport mode access
switchport access vlan 100
channel-group 5 mode active
exi

interface Vlan 100
  description vlan100
  no shutdown
  ip address 10.100.100.2/29
  ip ospf passive-interface
  ip router ospf 1 area 0
  hsrp 1
  preempt
  ip 10.100.100.4
exit

interface port-channel 5
description OUTSIDE_FORTI
no shutdown
switchport
switchport access vlan 100
switchport mode access
exi

interface eth1/5
  description # Link To SW-SF-01 #
  no switchport
  ip address 10.1.1.2 255.255.255.252
  ip ospf network point-to-point
  ip router ospf 1 area 0
  no shutdown
exit

router ospf 1
interface loopback0
  ip address 192.168.254.254 255.255.255.255
  ip router ospf 1 area 0
exit

interface eth1/3
  description #link to CS-02#
  no switchport
  ip address 10.3.3.1/30
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
exit
interface eth1/4
  no shutdown
  desc #LINK L2 TO SW-CS-02#
  switchport
  switchport mode trunk
exit

ip route 0.0.0.0 0.0.0.0 10.100.100.1 default-route
!
interface eth1/5
no switchport
no shut
ip address 10.15.15.1/30
ip ospf network point-to-point
ip router ospf 1 area 0
exit

interface loopback0
  ip address 192.168.253.252 255.255.255.255
  ip router ospf 1 area 0
exit
!
router ospf 1
 default-information originate
!

SW-CS-02
feature ospf
feature ospfv3
feature interface-vlan
feature hsrp
feature vrrp
feature lacp
exit

vlan 100
  name Outside_Forti_Inet
exit

interface ethernet 1/1
no shut
description OUTSIDE_FORTI_P2
switchport mode access
switchport access vlan 100
channel-group 5 mode active
exi

interface ethernet 1/2
no shut
description OUTSIDE_FORTI_P3
switchport mode access
switchport access vlan 100
channel-group 5 mode active
exi

interface Vlan 100
  description vlan100
  no shutdown
  ip address 10.100.100.3/29
  ip ospf passive-interface
  ip router ospf 1 area 0
  hsrp 1
  preempt
  ip 10.100.100.4
exit

interface port-channel 5
description OUTSIDE_FORTI
no shutdown
switchport
switchport access vlan 100
switchport mode access
exi

interface eth1/5
  description # Link To SW-SF-01 #
  no switchport
  ip address 10.2.2.2 255.255.255.252
  ip ospf network point-to-point
  ip router ospf 1 area 0
  no shutdown
exit

router ospf 1
interface loopback0
  ip address 192.168.254.253 255.255.255.255
  ip router ospf 1 area 0
exit

interface eth1/3
  description #link to CS-01#
  no switchport
  ip address 10.3.3.2/30
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
exit

interface eth1/4
  no shutdown
  desc #LINK L2 TO SW-CS-01#
  switchport
  switchport mode trunk
exit

ip route 0.0.0.0/0 10.100.100.1 name TO-INET
!
router ospf 1
 default-information originate
!
R-INET-01
router ospf 1
!
interface GigabitEthernet0/1
no shut
 description LINK-TO-FW-01
 ip address 202.191.100.4 255.255.255.248
 ip nat inside
 standby 1 ip 202.191.100.1
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 1 decrement 20
 exit
!
!
interface GigabitEthernet0/2
 description LINK-to-R-INET-02
 ip address 11.11.11.254 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
 exit
!
interface GigabitEthernet0/0
 ip address 192.168.14.101 255.255.255.0
 ip nat outside
 no shut
 exit
!
router ospf 1
redistribute static subnets
 default-information originate
!
access-list 1 permit any
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.14.2  
ip route 0.0.0.0 0.0.0.0 11.11.11.254  253
exit
!
R-INET-02
router ospf 1
!
interface GigabitEthernet0/1
no shut
 description LINK-TO-FW-01
 ip address 202.191.100.3 255.255.255.248
 ip nat inside
 standby 1 ip 202.191.100.1
 standby 1 preempt
 exit

interface GigabitEthernet0/2
 description LINK-to-R-INET-01
 ip address 11.11.11.254 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
 exit
!
interface GigabitEthernet0/0
 ip address 192.168.14.102 255.255.255.0
 ip nat outside
 no shut
 exit
!
router ospf 1
redistribute static subnets
 default-information originate
!
access-list 1 permit any
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.14.2  
ip route 0.0.0.0 0.0.0.0 11.11.11.253  253
exit
!
SW-SF-01
feature ospf
feature ospfv3
feature interface-vlan
feature hsrp
feature vrrp
feature lacp

interface eth1/2
no switchport
 description # Link To SW-CS-02#
no shut
ip address 10.15.15.2/30
ip ospf network point-to-point
ip router ospf 1 area 0
no sh
exit

interface eth1/1
no switchport
  description # Link To SW-CS-02#
 ip address 10.16.16.2/30
no ip ospf passive-interface
ip ospf network point-to-point
ip router ospf 1 area 0
no sh
exit

vlan 10
name Vlan10
exit

vlan 20
name Vlan20
exit

interface Vlan 10
  description vlan10
  no shutdown
  no ip redirects
  ip address 10.87.10.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0
  hsrp 1
  preempt
 priority 110
  ip 10.87.10.1
exit

interface Vlan 20
  description vlan20
  no shutdown
  no ip redirects
  ip address 10.87.20.2/24
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 10.87.20.1
exit
router ospf 1
interface loopback0
  ip address 192.168.254.252 255.255.255.255
  ip router ospf 1 area 0
exit
VERIFIKASI















forti
Forti
HA



Posting Komentar untuk "Forti - Link Redudancy & Aggregation"

Posting Komentar