Fortinet NSE4 Certification Practice Test Questions, Fortinet NSE4 Exam Dumps

Get 100% Latest NSE4 Practice Tests Questions, Accurate & Verified Answers!
30 Days Free Updates, Instant Download!

Fortinet NSE4_FGT-7.0 Premium Bundle
$54.98
$44.99

NSE4_FGT-7.0 Premium Bundle

  • Premium File: 106 Questions & Answers. Last update: Dec 3, 2024
  • Training Course: 87 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates

NSE4_FGT-7.0 Premium Bundle

Fortinet NSE4_FGT-7.0 Premium Bundle
  • Premium File: 106 Questions & Answers. Last update: Dec 3, 2024
  • Training Course: 87 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates
$54.98
$44.99

Download Free NSE4 Exam Questions in VCE Format

File Name Size Download Votes  
File Name
fortinet.pass4sureexam.nse4_fgt-6.4.v2024-10-09.by.gracie.71q.vce
Size
4.4 MB
Download
124
Votes
1
 
Download
File Name
fortinet.certkey.nse4_fgt-6.4.v2021-10-29.by.clara.72q.vce
Size
4.44 MB
Download
1183
Votes
1
 
Download
File Name
fortinet.certkey.nse4_fgt-6.4.v2021-10-11.by.ellis.59q.vce
Size
3.28 MB
Download
1199
Votes
1
 
Download
File Name
fortinet.actualtests.nse4_fgt-6.4.v2021-07-09.by.reuben.107q.vce
Size
6.3 MB
Download
1299
Votes
1
 
Download
File Name
fortinet.passit4sure.nse4_fgt-6.4.v2021-06-22.by.florence.64q.vce
Size
3.9 MB
Download
1309
Votes
1
 
Download
File Name
fortinet.pass4sureexam.nse4_fgt-6.4.v2021-05-19.by.christopher.30q.vce
Size
2.37 MB
Download
1346
Votes
1
 
Download
File Name
fortinet.examlabs.nse4_fgt-6.4.v2021-02-12.by.elliot.36q.vce
Size
1.85 MB
Download
1444
Votes
2
 
Download
File Name
fortinet.examlabs.nse4_fgt-7.0.v2024-09-07.by.martin.33q.vce
Size
2.57 MB
Download
202
Votes
1
 
Download
File Name
fortinet.selftesttraining.nse4_fgt-7.0.v2021-12-28.by.jessica.36q.vce
Size
2.79 MB
Download
1183
Votes
1
 
Download
File Name
fortinet.passguide.nse4_fgt-7.2.v2024-05-31.by.darcey.7q.vce
Size
16.56 KB
Download
288
Votes
1
 
Download

Fortinet NSE4 Certification Practice Test Questions, Fortinet NSE4 Exam Dumps

ExamSnap provides Fortinet NSE4 Certification Practice Test Questions and Answers, Video Training Course, Study Guide and 100% Latest Exam Dumps to help you Pass. The Fortinet NSE4 Certification Exam Dumps & Practice Test Questions in the VCE format are verified by IT Trainers who have more than 15 year experience in their field. Additional materials include study guide and video training course designed by the ExamSnap experts. So if you want trusted Fortinet NSE4 Exam Dumps & Practice Test Questions, then you have come to the right place Read More.

FortiGate Firewall V6.4

19. Lecture-19:Configure & Verify Static & Default Route Lab.

In the lab, we will take a few routers. It can be a firewall as well. By the way, instead of routers, you can take a firewall. It can be here. Any firewall, by the way, not only FortiGate. It can be a FortiGate here. It can be PaulAlto. It can be Checkpoint. It can be anything. Any layer three device. It can be here. But in my case, I will take two routers as an example. But keep in mind, the opposite router can be a firewall. Another firewall as well. Okay? So we will take two routers and configure two lubricant interfaces. Same interfaces, eight here and the same here. Because I want to show you something else as well. Outside, we will use the IP addresses 192.168.two.one and two.two.SDS. Okay? Inside we will take two systems, one into one and one into two. And port three will be our management interface. By the way, management is on port one.

But because we are using port one, we will take port three as an example, okay? Otherwise, you can make port one as a management port, port two, and port three here if you have some difficulty configuring some commands. So this is our topology. We will connect management to our net cloud so that we can take control of this firewall. Okay? So let's do it. So from here, let me drag the firewall. This is a firewall, okay. And let me work on them because it's taking time. Here I will make one switch. So it's better to make the switch so it will look good. One, this is a switch, okay? And here I will take two routers. So let me take router one and router two. So these are two routers. And inside, let me try a new switch. And here I will take two dockers One is a Victorum. Okay? And let's take another, which is a router client. We can make a router as a client as well by the way.So let me do it. So let's align them by using Let me make them here. This one. Okay? So PC one, let me change your name to PC two. This is my router. Turn into a PC two and R one error, two is fine. What else do I need to do? That's it. Let me do connectivity support. One is outside. Okay, And this one to zero and two zeros. Two here. Okay, And this one port two is for externally connected to a PC as well as here. Okay, Now I need a net cloud I can use as a management tool.

So, net cloud, allow me to drag it. Okay, Let me connect them to port three of the firewall. Okay? And let me do one thing. This is my management mgmt. Let me give them this name because it sounds upwards. Let me change the. What is it called? Change symbol And you can use any symbol. So supposing this one So this is my management, okay? And before starting, let me assign an IP to this stocker. So what did we decide? 182-16810 subnet for this site and two subnets I believe. Yeah Okay, so click on Docker, go to EditConfiguration, remove from Auto, Start from Auto Remove, and give them one and a gateway. Remember that the gateway is hunter. No need for DNS by the way, because we are not doingany Google or anything. If you want, just put it here. By the way, that's it. It's the static IP of this device. Okay? And now you can see all the devices because the rest of the devices can be enabled and configured via IP. So let me put one here. So this is one router. Two will be PCtwo, which is two. It means one and two. Okay? And also, let me copy this one. So this should be one. And let me repeat, this should be two. Okay? That's it. And this side, if you want, this will be our hunter. This interface has both sides of 100. You can use anything. By the way, it's not required to be 100 and this should be management, definitely our management interface IPS. By the way, we are using one,one, four. My subnet is this one. In your case, it will be different. By the way, this is when a net interface is going to let's configure this PC, but we take R One as a PC.

Okay? So what I need to do is go to our router and give them the name PC Two. Okay, and what we need to do is go to configuration interface zero, IP address 192, 168,one 2255-255-2550, no shutdown and configuration mode type no IP routing when you send no IP routing, so the router becomes like a client. Okay? There will be no more routing protocol anymore.Even if you type, there will be nothing. Okay, Display IP route So nothing is there, but I need to configure the gateway. So the iPad gateway and what will be the gateway? I say 100 the file one, so one hundred sixty-eight hundred one hundred. So my PC two is ready, which I made from our router as a PC. Okay, and you need to type this one as well, 100 on this side. So this one is ready. Now I need these two devices. By the way, there are eighteen, which we will configure. You can take any IP, but I'm taking eight eight.We will configure eight as loopback interfaces. So let me go to these two devices and configure them right-click and console. First we need to go to R1, which is the outside one. So go to interface zero,IP address 1921-6825-5255-2550, no shutdown.

Okay, route IP address is configured, another is loopbakeinterface loopbake one, IP address eight, and 2550. no shutdown, no need for no shutdown. But anyway, if you want another thing, I want to configure username admin with privilege 15 and password. I need to enable httpserver ipsttp server on your server. Okay? And I p http authentication local because we create one user there, that's it. So I enable http, I enable https, I enable tenant and I apply the interface IP What I need is a gateway. So I will say IP route because it's not a PC. I make them and use them as a router. So I will say IP route, whatever you have. You know, this is called the default route. And Cisco, which we will do in 40 years as well. And I will say, whatever you have,you have to give in to 200. Who the hell is two dot hunter?This one, this guy, And I will need this and R2 as well. So let me copy it. Go to R Two. Now, this is the same thing that I did here. I need to repeat here different IPs, go to interface E.Zero IP address, 192, 168, 2255-255-2550, no shutdown. Okay, and the default route. Default route And what I need to do is, line VTfour, transport input and password, and login. Let's configure. Okay, Exit the IPHTTP server. The http server has been set up as an iphtp CQL server. Https is configured. Iphtp authentication is local. I say whenever someone logs in to this device with HTTP, ask them for the username and password. What is the username and password? Admin with full privileges as an administrator. And the password is one, two, three. Okay, that's done. R Two is also configured.

So my R one is ready, R two is ready,PC one is ready, and PC two is ready. These are the basic configurations that we've done. Now the question is, before going inside this firewallgraphically, I need to configure port three as a management port because port one is used in another way. So I can right-click this Portugal and go to the console. Okay, I need to do some basic stuff here. First, by default, the username is admin. There is no password. Enter. Three times enter the new password, 12312. Now I am logging to 48 for one. When I say show system interface question mark, I mean it. So Dhcps is by default enabled on the first interface, which is utilised for some other purpose. And I need this port three, which is static. So, two things. Either I have to assign a static IP from this range, or I can make port number three as a DHCP,so it's better to do it as a DHCP. Go into configuration. Sorry. Config system. What? I'm typing "config system interface." Go to system interface configuration and type in edit port. Now it's coming. Port one, press two, type "tape button. Tape button. Okay, The number one on the keyboard becomes two, then three, and finally enter. Now set. If you don't know anything, I will tell you. We'll execute the command, but it's already in place. So set it to allow access to excessHttp, https, pin, et cetera. Another thing, make mode the default; there is a DHCP server. Now it will get IP and type n automatically. When you type in, it means that you save the configuration and apply it. That's it. Now if I say choose system interface question mark, soDHCP is enabled on port three and port three. I have a net cloud, so definitely after a while it will give IP here automatically from one of the four range. In my case, one to four. In your case, it can be different. So it's assigned IP 1921-681-1422.

Copy this IP and now go to any of your system browsers and type this IP. So let me type this IP and enter okay. It will graphically open the firewall Admin and password is nowwe are in the firewall. Let's change the name. They will ask me again and again if it's better to give them FG. So I'm logging in with FG. I changed the name. Okay, first and foremost, as we all know, always begin with interfaces to configure the interfaces. Go to interfaces. I have three interfaces, click on "plus," and we know the structure now where I will discuss step by step each and everything. So please don't ask. You have to be sure of this. Port one is not our management. Administrative Access Now you know what administrative access is. Click on port one and either double click or click on edit. It's up to you to give them the name when you can. So it will be easy if you give them the role as well, and it's asking how badly we give them any bandwidth. It says how much bandwidth will go on this one, because if not at HCP, make the manual and what we decide 241.So assign that IP I don't need HTTP, don't need SSH, don't need HTTP, just ping because this is not a management interface and okay, that's it.

So when my web interface is ready, I give them the name and remove the administrative basis. Now going to Port Two So in our topology, port two is our Lane interface. So just give them a name, even if you want to give them the role, and it should be one dot like this one. Okay? And just allow ping on this one so that we can test them. Okay? Okay, so my land interface is ready when it's ready. Okay, but I have a third interface, so at least we know. Just change the name and here type in mgmt, roll,donate and keep the Dhcpipe. No need to make them static and allow everything if you want SSH also. And okay, it's okay, it's give me the error date. You are already logging with that one. So lane management and when, okay, sorry, let me show you by role so that we can see it. So lane when, and the other is management, both of which fall under this category. Anyway, leave it like this. So land management and whenso interfaces have been done. Okay, so next thing we need to configure DNS, but in this case we don't need DNS because we are not going outside and we know for which thing we require DNS. Now coming to the third part of the undernetwork, there is a static route. Nothing is configured here, but before configuring anything, do you think this PC is reachable to this R one? Let's see if from PC one or PC two, if I try to reach eight, do you think it will be reachable?

No, eight eight, it's not reachable. You will definitely think that there is no policy. So let's configure a policy as well. Here is a policy and an object that we will discuss. Go to IP for policy. By default, everything is denied. We will see this in detail, so don't worry about this one and create because there is an implicit denyrule. Create a rule and give it any name. Suppose I lend to N. I give this name to the incoming interface, which is lend. That's why we give them the name. It's easy to understand and is going to win. So the source can be anyone at any destination; it can go anywhere; it will go all the time and it should be except that this net should be enabled in all sessions so that we can see the traffic. Okay, so the policy is also there, okay? No traffic is there if I send the traffic again, so I'm not reachable. And maybe we will see the traffic there as well, which will hit the first one, but still I'm not reachable. So it's not about the policy. Okay, the policy is still there, but why can't I reach the other side? because we don't have any route.

So go to the network and here is a state crowd. When I click on state crowd, there is a create button to create a route. If you have already, you can edit them with the pencil icon. You can clone them like a copy and paste. You can delete if you configure anything. You can search if you have so many routes okay. And there is a small button to enable more things, like if you need a distance, we just discuss distance and priority. We also discussed priority and applying now will show distance and priority as well. You can filter this one, which I've discussed in other things as well. It's the same approach. You can filter bydestination by gateway IP interface. What is the destination? The destination network gateway IP nextIP interface is the exit interface status? active or inactive comments if you have any comments. We just discussed zero to two hundred and five. Any value? Maybe ten, maybe whatever the end priority is, and if you want to search now, let's create a route. It's a new static route called "dynamic Gateway." What is Dynamic Gateway?It will pick it up automatically if your gateway is changing. You can enable Dynamic Gateway, but in our case, we want to statically change the destination. "Destination" means where you want to put the destination details. But the destination is two-way subnetwork and Internet services. Subnet means which? Subnet. Suppose if I want to know where I want to reach, I want to reach eight, which I'm not reachable from inside, I'm not reachable.

So I say my destination is 80. Sorry, 80dot zero with 24 subnet mass. Sorry with eight. This is the network where I want to reach the destination with the subnetmass. This is called a subnet. Keep in mind that you can do a single IP as well. Then you have to type eight with LQtwo. It's also possible that this is also called a subnet, but this is a single IP. But in our case, it can be zero and 32, instead of eight. So this is my subnet where I want to reach. But it's asking me to get the address from which headway you have to go there. Okay, we are at the next hop. So it is here as well, and here anyway, I will choose, I suppose, 109 21682 one.So I enter 109 21682 here. This is the next hop. The gateway address means the next hop. So, because this route is here, the interface is automatically selecting one port. Otherwise, you can choose. So when port one reaches port two next time, You know where you want to go so far. What is the next hop after the gateway? Interface means from each interface the traffic will go out and the administrative distance known. We just discussed it by default because it's the default route static route.So the administrative distance is ten, but you can change it. I will say I want to go to eighteen. I suppose this is a comment if you want to put a comment. All these things are available in the screw router as well.

And status means I want to enable this route. You want to keep them disabled so they will be inactive, which I will show you later. If I remember correctly, there is an advanced option priority, which we discuss. If this one is tied, you can put a priority yourself to give it to someone else. So that's why it's name is "priority." But anyhow, right now I don't want to keep it and I click okay, so my route is static. It has been configured with distance ten and there is no priority. "Status is enabled." This is my comments. The next hop is IPS two, and this is the destination where I want to reach. But when I click, there is another thing as well, internet services. This is a free definition. There is a free database like Amazon, Facebook, and Google, so many databases are already created. Suppose you want to reach somebody via Facebook. Facebook is a huge database. Suppose Facebook is better than Google because there's so many, so it's better to Google Gmail type of Gmail and get the address where it will reach from whichexit interface, which next hop, so it's already there predefined for you if you want to use it, but not everything, but most of them, if you check, there's so much huge data 1361 Internet services are predefined, like Facebook. Amazon So many April are predefined for you, so you can use that one.

You can clone and create a new one. You can edit, so it will come and if you want to change something, either double click, you can make them changes as well, and when you click, you can delete them as well. Let me clone it and change the IP to two as well, because reaching to eight eight is also a two. Same going out and same destination. Now let's see if I can reach it. Everything is settled now. Now look at I can reach it. Before it was not reachable. So now that I'm reachable, the problem was not with the policy, but with the lack of a route. How do I know that this route was used? Go to monitor and there is a routing monitor, and here are two static numbers. Sorry about this one. Let's say there are two static routes. configurestatic and static with the get when next up is twodot one and two. Both go out with this one. The administrative distance is ten. Here you can use refreshtype to see which type of connected I have you connected because these are my connected interfaces The connected static network is the destination. network gateway Next hop interfaces, name of the interfaces where traffic will go out and distance. You can filter them here. If you want to filter something again, the same approach, there is a small gear icon to enable metrics If you want to see the metrics as well, it will show because all these are statics, so no metric is there. You can see those enabled if you don't need the metrics.

So here we are again. If you choose, you can edit them from here. It will take you there. I suppose if I want to this one look at it will take me to a static route from here, so it can take you there as well another end route lookup.I will show you a bit later. Suppose you have huge data and you want to search for some specific things in createaddress. We will discuss this and address list and search if you want to sell something here. Now it's showing me static and dynamic in this table and routing monitor. But a bit later, we will do the policy route as well. So per policy, you have to click on the policy. Nothing is configured here. Right now we have all the things configured,only stated and dynamic can be shown here. We will see this one a bit later. So this is the route and you can refresh it as well. And the same thing can be verified by command as well. So the command can be shown from here, which is known as CLI, and you can type here There is information, I believe. Let me clear it. Get the router information, then the routing table, and then let me choose a static this one. So we have a static route configured. This one is the default one to the management one. Look at that one. This one. Look for this one. Eight eight, there are two route configurations. Ten is the administrative distance and either we can copy this command, okay? Either go here because it will show you a clear cut So it's better to do it here.

Edmund, I'm logging with SSH one, two, and three and you get router info. You can see clearcut. So S means static, eight is the destination network,eight is the subnet mask, ten is the administrativedistance, and zero means the metric because stating and defaulthave no metric administrator decided, so that's why it's zero and it will go through this way. Two dots one and two, with port one and port two, both. Now the question is which path has been used because in the routing table it shows both the administrative distance is the same. So now let's check out. Go to R1, which is the destination. eight Let's gear enable, debug IP ICMP and enable the same thing on R2 as well. Let's see which traffic will hit which router. Do you think everything is similar to what I told you about India? So the thing which I will show you later on, it's come up before. So it's okay because this next IPis less so it will be chosen. Even though administrative distance is the same, priority is similar. So the last thing that will be decided is the next hop IP, which is the less one. As a result, two to one is less than two to two. So every traffic will go to R one.So let's see how we know. So, generating from R two, ping eight, and going to R one. So it has been hit here by the way it's sent here. It hasn't been load balancing. It will not work as a load balance anyway. Let's verify okay, it's going to both load balance and do load balancing. But by the way, the last resort thing is that they will decide the next hop IP.

But in this case, for some reason, both interfaces promote balancing. We will do it later in the course, so don't worry. There are so many methods they can use and you can use them. But anyway, right now, both the routers are here. So, please, can you test out from the PC and see where Tab is going? If it's showing both, it's showing me two two.But if I do it again, it will show me two one.So they're doing load balancing, by the way. So let me do it again. It's going to be two. Okay, And let me do it again. So it's basically taking two,which is wrong by the way. Anyway, for whatever reason, show me the error. Okay, And the last thing I remember him asking about was the name. He said the stateful and stateless firewall Now things will be clear here. I just memorised it. Let me show him as well. So it will be clear to you. Then we will go to the route by the way, because the 40-gate firewall is also a next-generation firewall and it's a stateful firewall. It's keeping the state. Now from PC Two. I can ping PC One. Yeah So if I can ping PC Two to R One, then R One has to ping PC Two as well. Because this item can ping So I definitely have return traffic coming to me. Examine from a computer. When I say ping, let me pin directly to the router so it will be more clear to you. I can ping two dots with two dots. Let me ping it again. From PC two to NR one, it'sreply with the email to whom? ZeroZero to two. Anyway, it will reply to the gateway. So my truck is coming from this side. I ping and he can reply came to me.And that's why you showed me that it's reachable. Look at five files.

Let's ping from the dead side. from R1 to this IP. Do you think it will work? No. Let me ping oppositely 192,1681. Two is not pinking isn't strange. Why? From home, I go out to the shop, buy the milk, and come back. Farwhal allowed me to come back. But when somebody came directly from their shop and came to their house, the far wall blocked them. He said, "No, you are not allowed." You just came out of the outside. So this is what we call a stateful firewall. Because when you go outside, there will be a connection created. This person is going out. So when return traffic comes, the firewall would check the existing connection to confirm that yes, PC two already has a connection with this firewall or this outside route and the return will be allowed. You got my point. I told you that if I remember, there is a connection created already. But I don't want to go into detail about how traffic will be changed. I can show you the connection table. It's already there. So on the return traffic is coming, so this side it's not reachable even though I can reach it from one place. How is it possible? Because of next-generation firewall end connections, as well as stateful and stateless firewalls, Okay, let's go to our main topic now, so this is the way to configure state routes.

Now let me go back to the state crowd and let me delete this one and let me edit this one. How we can configure default Just put them at zero and make this also zero. It will give this IP everything and will move from when and with the administrative distance to this one. This is R two. I can still ping eight if I try. I can ping eight by the way, control shift I just needed to ping not directly this route. Let me check if it is not there. I forgot to configure it. That's why it was not taking, so I don't know how I forgot to put my IP address here. Okay, let's try again. It will work now. Did I configure correctly? So the IPinterface is up and running, and the IP route is visible. The state route is there. It will give everything to 200, which is correct. Let me pin my gateway at one ninety two,one sixty eight, and two hundred Yes, I'm reachable and the gateway is also there, so let's try again. For some reason, it's giving me an issue. Two is the correct one, and let me get my way, so my gateway is correct here. Okay, and let me see, did I put something wrong? If anything, give it to two dot two. Okay, with priority. This one is two, which is correct, by the way, so let me change to one. It's not giving my route to the R one and R two for some reason. Reload that PC two. No. 2 PC Reloaded I think the already established connection is there, so that can be the issue after a while. Let me see traceroute eight, so yeah.

It's true, it's not going to the gateway, so let me stop this one and start okay. Okay, let me go from here and try Let me go to terminal and pingeight, and then let me try eight because we configured the web browser as well, so okay. Let me say, stop this one too. have basic connectivity issues, by the way. Let me ping it. Let me ping my gateway I can reach mygateway, so the issue is in the firewall. So let's go back to the firewall. Okay, and here I need to check the policy as well. The policy is whether it is allowed or not to go outside soil to land is okay, which I say no inspection. For anything it has to go, it's not related to that one. So the issue is in the routing table. So let's go to the state route and, by the way, monitor the route. Okay, I get the point. The issue is that we have management as well. So it will go to the management interface. So it will fix the issue. Okay, I got the one. That's why it's going. So let me change my management interface. Because it will automatically give the route. Here is the management interface. This one, it will give the default route automatically. So this one is powerful. It will take this one. So let me make them statically, let's say okayrather than to use dynamic because dynamic will take the route and my traffic will not reach there. The one which I want will tell you about this one. So now if I try, by the way, now it's come up okay. And if I go to the terminal and I ping, it's working now. Okay, and now this one has also come up. So Edmund and one, two, three, so I'm going to try one now.

You need to stop this one. You can start this one. And the last issue which I was talking about was also related to this one issue. That's why the issue was because I was using DHCP to get the management IP. So they took the default route of management one. So, normally, any traffic that comes to the management interface for the default route will take this path. So I was forwarding here and the traffic was coming here. So it is not here. So that's why I was not reachable here. So that's why I changed this from the DCP to a static one. So static one, it removed the route, it created an automatic route here, which, by the way, will no longer be here. But anyway, let me show you. Previously, there was another default route washere with a management interface. It was previously displayed as the default route. So that was the prisoner to the other one. So that's why I get the issue. Anyway, let's go now. It will work on everything. I need to show you how to network and go to a static route. So now this is called the default route, whatever,it will go to the two, okay? So from here, if I initiate any traffic, okay. And if I say traceroute eight, it will go to one dot 100 and then two dot one. Everything is going to two dot one.

Okay, And if I ping, if you want to see, let me go to the console. So you will see the traffic reply from this one. This one. Okay, And let's go back to do it again. Allow me to clone it again, but this time allow me two for the same purpose. As a result, the two default routes are the same. Now what will go distance is the same priority is similar to what I was to show you last time, but unfortunately due to that issue, let me enable R as well as debug IPIC and now let's see which way the traffic will go okay. It's going two ways again, so it's doing load balancing. It's okay now what I want to do if I want to prefer anything. I have two options to change the administrative distance. Either priority, so let's do the first administrative distance of eight now, which one will be preferred? Two one because it will check that the destination is similar. It will also check the administrative distance, which means the lowest one will be preferred now. Every route will go to two one. How do we know? So let's verify this R one r two, okay and let's generate traffic from here. It's going two-one and if you do it again, two-one and if you ping eight, look at rone is hitting, there is no traffic coming in R two why?Due to administrative distance, even though both have the same destination, the administrative distance is less for this one, so it will prefer this one. Now let's do another thing. Let's make this one also eight. Now the question is, both are similar.

What do I need to do? Click on the first one and go to advanced and put priority ten, so two one.I gave them the highest priority, and two. I gave them less priority of five. Keep in mind that this time administrative distance issame but priority. This one is ten and this one is five. Which one will be preferred? So first it will check the ad. They will say this is a tie but the tiebreaker is this one. They will say the lowest one. So now all the traffic will go to two. Let's try it two. Let me clear two dot two and let me clear two dot one. Let's generate traffic. It has to go to which one? Two, let me put this one here, mainly one window, so it's going to be two less that will be created for you why?Because it's keeping the record, that's why after a while it will go there, so don't worry, it will go to this one okay. It will go to two. There is nothing here. Why is it going to two? Due to this priority, less priority is preferred, so administrativedistance is tied now. It will take a decision based on priority. These two things are clear to you, and also the default route and static route are clear to you. What else do I need to show you? Okay, one more thing: which route will be added to the routing table? Let me go to firewall. That's the question as well. That's the last thing I need to show you. Because that is why I have come. get route info Assume there is a default route star, implying that the administrative sorry subnet mask is zero. This is the administrative distance. There is no metric either will work at port one, but something is written here extrafive means the priority and ten is the priority, so in the routing table, both will be present.

Keep in mind, let me go to monitor the route, both will be there So based on administrative distance, both routers will be present in the routing table. We will take a decision based on priority, but if I change administrative distance, one will disappear and this one will appear. I need to clear the last thing to go to a new topic, so let me change administrative distance to 218. Here I configure both with administrative distance eight and 18. Do you think both will be present in the routing table? No, only this one. Let's go to check out the route. Okay, look at only one is available. These are So now it's showing only one and before it was showing both. Let's see only one. It's clear that when both have the same administrative distance, both will be available in the routing table. But this decision will be taken based on priority. The less priority, the better. The traffic will go there. But both will be available in the routing table.

20. Lecture-20:Configure and Verify Policy Routing Lab.

Is policy based routing.Policy routing is what we call it here. So, in 40 gates for one, we use policy routing to redirect traffic from static routes. Maybe all your routes are going to one place, but you want to apply some policy. That's why it's called "policy-based routing," meaning based on your policy, okay? It's like a VIP person. So it will be treated separately and differently from all other common people, like business class when we are traveling. So you will see business class and economy class. So all economy classes are the static route. Either the default route or policy-based route is a VIP, which will give them extra protocol to go this way like a business class. So we call this policy-based routing. Either policy routing so we can redirect or redirect the traffic to some other location, whatever we set up in policy-based routing. So how do we do that one?

We will use a small topology. So let's do it. Okay, then let me start the firewall because it may take some time and I require two switches. So let me try one switch this side and one switch this side. Okay, now I need two routers. So this is R one and this is R two. Also, in those days, I needed one doctor as a client for telenet; otherwise, you can use this PC directly. Okay, either you can use one or two, and it's up to you guys. Anyway, let me take one. Where is web term?So these two are my clients. Let me change the name to PC Two, which we did yesterday. Okay, that's the only thing which we require. So let me drag it here. Okay, now I need connectivity. So let me assign this one. Okay, so yesterday we put zero slash oneinterface here and then let's connect to zero. Okay, I need to connect 0 interface. It's better to use the first interface. Yeah, and no need for this site, two will be connected here. Okay, no need for this one, and it should connect to this one. No need. By the way, these two things should be connected here. Okay, this is the smart topology. What can I do? I need to start this device and the two Dockers I will start after configuring it. I already configured IPS, so what I will do is just copy and paste because I know how to assign IP addresses. So let me open that file, I save it here, let me see this one here, this file, okay, to save some time because we did this lab yesterday, okay, so what I need is to configure PC One and PC One.

I just need to remove fromauto tell here and I will assign one IP. So let me copy this one. You just need to remove the hash. You already know this, guys. So edit the configuration. Instead of this one, just remove it and we will paste it. You can keep the template this way. So whenever you need it, just copy and paste it. So one and one hundred is the gateway, and you're done. Now this client is configured. Start Let me quickly write down my IP schema. This is our IP schema for this site. Okay? On this side, we will use two subnets. Okay? And here, our IP address is one. Here our IP address is two in the same way. Let me duplicate this one. This site, or IPS, two dot one, and this side is 100. Okay? So on both sides, the gateway is 100. This side, as well, is 100, and also this side is 100. This would be and now I need management. So I will use net cloud.You can use this cloud as well. And also, you can use thisdocker to connect to this one. So right click on this one. Change the symbol to anything but not the cloud one. So anything. Let me check this one. Change the name to MGT. Okay, let me connect this to 43 for management purposes. So this is my management. Okay, that's it. Now I need to configure these two routers first, either this PC or another. It's up to you. So let me go to R1 and R1. I need to assign an IP address. I need to assign a default gateway. I need to configure, so what can I do? I already have this one. This should be two. This is the R one. Change the IP configuration interface to zero, no shutdown. Create one lubricant, then exit. Then go to the line with UI. Then enter passwords one, two, and three and click Allow. Okay? Then make them enable HTTP. Enable HTTPS, then make HTTPS authentication local. So, instead of a local user, we have a local user with privileges. And this is the default gateway, everything to firewall 200. Just copy and paste. Copy and paste, done. So our R One is done too, right? Let me save so if we restart, everything will be saved. Now go to R two, just change two and nothing else.

Just enter the same telenet, it's the same gateway same.Just change the IP only. So I changed the IP and copied and went to R two. Okay? And let me paste. My R2 is also ready. Now I need to configure PC Two, which is basically a router, to make the client okay. So for PC two, what I need to do for PC two is also create a script to save some time. That is the script. Assign one to IP, no shutdown, no IP routing,disable IP routing, and put the gateway. That's it. Copy and paste. You can also use the script. Typically, I teach this in CCN and CCNP script. But anyway, just to save time,that's why you already know. I hope so. Okay, they're done just the basic configuration which we did yesterday. Now coming here, because we are not using port one, so port three is not DHCP enabled and we can assign a static IP. My range is one to four, which I told you yesterday. You can verify it as well. 182-168-1140 is my subnet. So besides one IP and two IPs, I can assign anything here because these two IPS are reserved. One is for our interface, and two is for the gateway. So anyhow, let me assign it 100. Okay, what can I do in Firewall? Go toconfig system interface, then edit port three, then allowedHttp so that I can take management.

We already discussed Http, Https, SSH, and Pinkand setting the IP statically because yesterday we had some issues due to dynamically created new route, so it creates an issue.So it's better to make an astatic route for the sales side. So how can we access it? Right click here, go to the console. It means there is no password entry, you can use any password. In my case, I'm always using one, two, three, and paste. So it went to system interface, then it edited port number three, then it said allowed, then it said the IP andend means save the setting and pick it out from here. If I say show system interface, my IP address is there. Now, by default, GCP is enabled on the first port. So let me take this IP and go to any browser and type in the IP address so it will go throughHttp. It will redirect to HTTP admin and the password is let me change the name, whatever you like. In my case, okay, I need to give some names to the interfaces. Okay, so let's go to network interfaces. We are using three interface ports, one of which we are using for when on their side. You can give them many names, by the way, so I give them when men will IP and the IPwe decide 200. I believe, let me check yes, 200. I don't need Http, this is administrative, we already discussed, so don't ask about this thing, just allow ping at least so that we can ping the IP and that's it. Let me copy this one when I'm done. So part one is done. Now go to port two, which is this one.

So let me give them an alias, lane andstatic IP 100, okay, any load ping. Okay, and the last one is sports three, which is this one. So let's assign mgmt and I'll let the IPassign through command-based so it's okay and everything is allowed administrative access. Okay, done. We don't need a DNS now, but we do because we can configure DNS elsewhere. Now coming to the state route, but before going to the state route,I need to create some policies to allow the traffic. Okay, so let's go to policy and object there. Everything is denied by default. I need to create one rule to allow everything for test purpose.So I say, allow everything. Incoming interface: Is my land going to win? The source and destination can be anything. There will always be no time restriction and the action is allowed. Okay, finished. That's it. Now comes My PC two will be unreachable for sure if Iping, so it's not unreachable or the issue is that I know there is a rule, but there is no route. So what we can do is go to network static route, there is no route, we already discussed all these things, click oncreate new, and this is the subnet we will use. So let me say that I want to reach 80 with an eight subnet mask and a gateway of is192-1682, which is this one R one.

Okay, And when it's selected automatically, the traffic will go out through when my port one administrative distance is ten, and I don't want to set any priority. Okay, done. But I have another eighteen, so let me finish this one and just change this to two, okay? And change the administrative distance to 20. I suppose that means the administrative distance with ten will win the election, and when it wins the election, all traffic for eight will go through two. Two is R one.So what we can do is go to R one clear and debug IP packet packet means anything that is coming to this device and also debug IP packet enable. Now let's try from here. Let's pin eight. So the traffic is hit by R One. As we know from here, R One and R Two are configured. Let me show you the topology. We set up ten las and here and everything in R One and R Two. So let me try the traffic for anything else I know from PC Two that ping is going to R One. Let me try telnet. So it's going to R One and also hitting here for ten net showing everything so far. Tenant is also going there. Let me try http because I enabled http as well So, from this Docker, let me go to the console and enter the username admin and password R One. It means http, https telenet, SSH, everything going to R One due to this route,static route, and why there is an administrativedistance which we discussed yesterday. Now I need a special treatment for net traffic, either ping, or trace route.

Let's see the trace route as well. So from PC two, exit let metry tracerroute eight. That's where it's going. So it's going to two and also again, it's hitting here. There is no traffic in R two, even though I enabled the debugger and debug here. So it's proof that everything is going to two, even though eight is in both routers. Now, coming to the policy route, which we want to implement to give special treatment to something, click on the policy route. We discussed yesterday that this one sequence number incoming and all that stuff creates a new incoming interface from where the traffic will come from. Lane, what is the source? So, the source is my whole subnet. It could be PC one, it could be PC two, it could be PC three, it could be anything. So I said it could come from any of these subnets. You can specify a special address or destination. I will say the destination is, by the way, I didn't put eight just for your understanding. So let me type eight dots with eight here, okay? And here's another way to put it: So I said the destination is80 zero with eight subnetmasks, okay? Which protocol? As I told you yesterday, there are zero totwo five five protocols. PCP is protocol number six, and UDP is protocol number 17. And you can use the stream control transmission protocol as well, which is 132, and you can put anything in there and you can specify it as well. So either put here six, it's up to you, or click on TCP, so definitely six by default. Now, the source code is always the source code for most of the traffic. So I say from zero to six hundred fifty-five, these are the protocol numbers, which is from zero to twenty-five. This is the port number, or virtual port number.

There are two types of port numbers: physical (such as an HDMI port) and USB (also a physical port). These are the virtual ports that I showed you yesterday as well. Again, if I get a chance, I will show you both the protocol list and port number. So, while I stated that the source port is random, I am aware that the destination port is an 80 port in both locations. the nature of the service As I told you yesterday, it's a special header. If you want to give some special treatment to this packet, okay, in the header, like a delay,like priority, reliability, cost, and such things. So you can give them to me, and I'll show you how to do it using wireshark. Like normally, we give types of services, special treatments, quality of services, which are called voice and video, and all that stuff. Okay, then action. I want to forward that traffic rather than to stop policyrouting and where I want to give up because everything is going to R one and R one, IPS 109, 21682 one. So I want to give special treatment to 192 and R2 for 80 ports. And if you want any comments and status enabled, my policy-based routing is done. You can create this number, which will be checked from top to bottom. So the static route says that everything will go to two dots one.

Now, let's see from here SR one. Yeah, after refreshing, it will go to R Two. SR Two now is a special treatment because we say that everything has to go to ROne besides 84 because this is 84. So it's going to take two. If you want to verify it by another method, let me do it. Another thing from PC Two and that was going to R One. Yeah, let me change, or you can create a new rule as well. So, policy route, let me change this to 23. Terrace is making use of the numbers 23 and 23. Now you will see that it will become R-One again because everything is going to R One.But now, let's see telnet telnet was going before ROne, but this time if I reconnect, it will go to R2. Look, it is going to R Two.And before it was going to R One because I changed my policy route from 84 to 23, I said And this way, you can put 443, you can put 25,you can put anything and you can check out. So this was the issue yesterday. The only simple issue was that I had to restart this device. So, eight, it was not there. So that's why whenever I click here, the traffic goes to R One because eight was not there. So the policy-based route was not working.

So it's worth diverting everything to R One. So this is called policy-based routing. And how we can see it if you go to monitor your route monitor. So this thing is for dynamic and static (as mentioned here), static and dynamic and refresh. I'll show you all these things. There is a policy when you click, so there is a policy-based route also. So, if you want to see if policy-based routing is enabled on this firewall, use the following command. So you have to come to the upcoming monitor and click on Policy. So it will show you a separate table. Okay? From wheel to wheel, source to destination. The next hop protocol in action. And if you want to enable extra things like destination port, route source, and source port, So you can verify it from here. route Lookup Let's say I want to start something like this. So click on "search." So if anything is yes, it will be selected. Look at it like this one.So this route is for your route lookup. So a route lookup is basically a search. If you have a large, in our case, only two or three routes are directly accessible. So you can search this way and in this way as well. Suppose you say anything related to lane,so it will be yellow type, okay?But the other one will be selected altogether. Because I don't have any of the run out, you can search by destination port. For example, if you want to search for 23 port, that's fine.

Is your destination IP source and protocol, as well as interface, so it will highlight the entire thing, but it will only be yellow in search? You can definitely refresh if you want to refresh, and you know, you can edit, but I'm in route monitor. Not in edit, so it will take you to the automatically stated route, so you are here now. So these are my stated routes. We configuretwo, we know administrative distance and priority. If you want to put any comments status. The exit interfaces Next hop and destination addresses are okay. Also, you can edit from here by double clicking. Either right click to go to edit or you can clone from here, which I cloned means carbon copy. If you can edit CLI, it will take you to the routing detail directly. If you want to delete or if you want to disable them temporarily, you can disable them here. The status is disabled. Right click to enable it again Okay, and if you want to delete it, so this is our stated crowd place where we can configure a static route and this one is the default. It's the same approach. You can enter from here. You can edit from here. You can edit. Double click and you can copy and paste, so it will create an exit copy that you can delete and you can set the status to enable or disable. If you want to disable temporarily to check something, troubleshoot something, so you can disable and enable it. What else? Yeah, that's it, that's the policy based routing which changed the way the traffic diverted, so let me know quickly if I missed something. Okay, that's it. We also have all this command which I showed you yesterday, getroute, and for route table status, it will show you the routing table in the command okay.

21. Lecture-21:Configure and Verify Dynamic Protocol RIP.

Study with ExamSnap to prepare for Fortinet NSE4 Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, Fortinet NSE4 Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide Fortinet NSE4 Practice Test Questions & Exam Dumps that are up-to-date.

Comments (0)

Add Comment

Please post your comments about NSE4 Exams. Don't share your email address
Asking for NSE4 braindumps or NSE4 exam pdf files.

Add Comment

UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.