Cisco | Koneksi Internet Firewall Forti - Skenario 1

 

Kali  ini buat lab untuk jaringan enterprise goal kita sederhana yaitu untuk host / komputer yg ada di area serverfarm bisa akses internet. Dimana masing-masing perangkat network terdapat ada router Internet, Firewall, Router Edge, Switch-Core dan Switch ServerFarm. Untuk mempersingkat waktu masing-masing perangkat langsung kt konfig.

Router R-INET-01
hostname R-INET-01
!
interface GigabitEthernet0/0
 description LINK-TO-FW-T1-01
 ip address 11.11.11.2 255.255.255.248
 ip nat inside
 ip virtual-reassembly in
 standby 1 ip 11.11.11.1
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 100 decrement 20
 no shut
exi
!
interface GigabitEthernet0/1
 description LINK-to-R-INET-02
 ip address 11.11.11.253 255.255.255.252
  no shut
exi
!
interface GigabitEthernet0/2
 ip address 10.0.137.102 255.255.255.0
 ip nat outside
 no shut
exit
!
ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 10.0.137.1
!
access-list 1 permit any
end

Router R-EDGE-01
hostname R-EDGE-01
!
interface Loopback1
 ip address 10.1.1.1 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet0/0
 description LINK-TO-FW-T1-01
 ip address 12.12.12.2 255.255.255.248
 standby 1 ip 12.12.12.1
 standby 1 priority 110
 standby 1 preempt
 ip ospf 1 area 0
 no shut
 exit
!
interface GigabitEthernet0/1
 description LINK-tSW-CORE-01
 ip address 13.13.13.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
 exit
!
router ospf 1
 default-information originate
!
ip route 0.0.0.0 0.0.0.0 12.12.12.4
!
end

Konfigurasi SW-CORE-01
hostname SW-CORE-01
!
interface GigabitEthernet0/0
 description LINK-TO-SW-CORE-01
 no switchport
 ip address 14.14.14.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 negotiation auto
!
interface GigabitEthernet0/1
 description LINK-R-EDGE-01
 no switchport
 ip address 13.13.13.2 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 negotiation auto
!
router ospf 1
!
Konfigurasi SW_SF-01
hostname SW-SF-01
!
interface GigabitEthernet0/0
 description LINK-SW-CORE-01
 no switchport
 ip address 14.14.14.2 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shut
!
interface Vlan10
 ip address 10.87.10.253 255.255.255.0
 standby 1 ip 10.87.10.1
 standby 1 priority 110
 standby 1 preempt
 ip ospf 1 area 0
!
interface Vlan20
 ip address 10.87.20.253 255.255.255.0
 standby 1 ip 10.87.20.1
 standby 1 priority 110
 standby 1 preempt
 ip ospf 1 area 0
!
interface Vlan30
 ip address 10.87.30.253 255.255.255.0
 standby 1 ip 10.87.30.1
 standby 1 priority 110
 standby 1 preempt
 ip ospf 1 area 0
!
router ospf 1
!
interface GigabitEthernet0/2
 switchport access vlan 10
 switchport mode access
 no shut
!
interface GigabitEthernet0/3
 switchport access vlan 20
 switchport mode access
 no shut
!
end

Konfig IP interface

Static Route

 

IP DNS

Firewall Policy

 

 

Set IP di masing-masing PC

Verifikasi
test ping ke 8.8.8.8 (google) berhasil

Sukses...!!!

Berbagi :