Tuesday, January 31, 2017

Fortigate - How to configure IPsec VPN with Forticlient (Remote)

This recipe uses the IPsec VPN Wizard to provide a group of remote users with secure, encrypted access to the corporate network.

The tunnel provides group members with access to the internal network, but forces them through the FortiGate unit when accessing the Internet. When the tunnel is configured, you will connect using the FortiClient application.


 

Step 1 - Login into firewall device.
Note : Also take backup the configuration, for safe purpose.

Step 2 - Check the LAN & WAN details.

Step 3 - Create new local user for accessing VPN.

Step 4 - Create new group and add the newly created user.

Step 5 - Create the address under 'objects' for local LAN segments for accessing Local Network.

Step 6 - Now start the IPsec VPN configuration.

Enter the outgoing interface, address range(IP pool, IP which gets assigned after VPN connected). Enable split tunnel and endpoint registrations.

Step 7 - Check the Objects tab, after creating IPsec-VPN automatically added as the VPN range address.

Step 8 - We can see, automatically added one IPsec VPN interface under the WAN section.

Step 9 - Then create a policy for IPsec-VPN to LAN.

Step 10 - Go to Remote computer and install FortiClient, then configure IPsec VPN and connect with the user credentials.

Step 11 - Check the connectivity using ping command.

Step 12 - We can also monitor the connection status on IPsec monitor section.

That's it...

How To Edit Your Hosts File in Windows

The host files map the IP address to its Host names thereby making the DNS lookup easy. If you specify any IP address and its corresponding host name, the work of DNS becomes simpler, thereby making the lookup faster, and the web site can be accessed more easily. Host files can also be used to block any web site on your system. Here, the web site name is specified and a default IP address is set to it. Now, whenever a user tries to access this website it is not located by the DNS.

Host files are generally READ ONLY, in other words you cannot modify them in general. To edit a host file, you need to remove it from READ ONLY constraint and then move it anywhere else to edit it. It can be edited using NOTEPAD. 

Note : We can modify in different method, here I am choosing below steps.

Step 1 -  Open a Notepad with Run as administrator.


Step 2 - Now we need to go hosts file location and edit the file. 

File Path => C:\windows\system32\drivers\etc\hosts
Step 3 -  Add the IP and Host-name, here I am adding my server address for accessing without DNS entry. We can also block websites using the same procedure.

Step 4 -  Check the connection using ping command with host-name.

Here, my host-name resolved, now I can access my server through IP or Host-name.

That's it...

Monday, January 9, 2017

Fortigate - How to setup basic LAN & WAN configuration with Shared VPN using Policy Route


Step 1 - Login into fortigate firewall console.

Step 2 - Check the firewall details.

Step 3 - Configure the WAN for internet access. The static IP will get from ISP provider.

Step 4 - Configure the LAN for internal network access and also need to enable DHCP server on this interface.

Note: Client side, we can configure Static IP or DHCP. If we are using DHCP, IP will release from Fortigate DHCP server.

Step 5 - Now we need to enable static route for internet access.

Step 6 - Configure the DNS for name resolving.

Step 7 - Configuring policy route for forcefully routing. Here, I am using Internet-over-VPN connection (PPPoE), in this case it may not work properly, so I create policy route.

Note: First preference will be policy route. If any policy created in the policy route, this will be given the priority.

Step 8 - Create a policy for accessing Internal LAN to VPN and VPN to Internal LAN connection. And also we need to create Internal LAN to WAN for internet accessing.

That's it...