Published June 2, 2023, 10:20 p.m. by Liam Bradley
Nothing special about this video. We are simply creating the vpn connection and pinging the loop back to the second site in our lab.
Next video we will add the redundant connections to both sites.
You may also like to read about:
hey guys welcome back to another video
my name is Devin Adams on the foreign
instructor here in Tempe Arizona and I
record these videos for the people who
take my class and in the last video we
created a VPN tunnel using the sd1
interface on the FortiGate six to three
and then we also created a firewall
policy rule to ping a loopback interface
that we could test pretty much the
quality of the VPN tunnel now a lot of
this is gonna make more sense the more
tunnels that we add but I thought to
myself you know what's at least for
tonight's let's go ahead and connect
over our Texas FortiGate here so we did
New York City last time now we're going
to take this mean win one here and
connected to the main Windex in here in
our additional forty gates guess what
guys it's identical to what we to what
we just did in the last video but you
know like I said I don't I don't do in a
YouTube magic I I tried to show every
step on the way and yeah anyways so
before I begin I was drawing the VPN
tunnels right and I just realized you
know what this is gonna get way too
messy way too fast so I'm probably gonna
think of a different solution here maybe
even just sketch something for myself
but basically what we're gonna be doing
here is using 10 1031 and 1032 for our
Texas for two gates and I I'm just using
this naming convention as in like you
know the one here the 10 there the 3
here the 30 here just just to kind of
make some sense of the IP address game
whatever so I'll be quiet you can always
tell when I like to start recording
these later too
so sorry guys I want to always get a
couple of these out of the way so let's
go ahead and build our first tunnel from
our headquarters for two gates so and
once again if you didn't see this before
we did it in the past video and our art
in New York for two gate there so
alright and I cannot remember any of my
passwords here we go
alright let's login to the FortiGate
here we are ok so just like before the
very first thing we're gonna want to do
is go to our our network our SD Wham ok
and we did that the last time but now
we're gonna say create new alright and
this is going to say give me a brand new
VPN tunnel and we're gonna say to Texas
alright and the IP address is 110 207 1
so these are make-believe public IP
addresses so
10200 dot 7.7 dot 1 alright and the
outgoing interface is gonna be our port
1 ok super secret password
bringing it creates and then we're not
gonna do anything until we put a IP
address on that on that interface so
let's go ahead and do that let's go to
interfaces let's open up our SD win
let's open up our port 1 and we should
have our our Texas here we are and here
it's gonna be 10.10 30.1 going into 1010
30.2 and I kind of explained this before
how normally there's no IP addresses on
VPN tunnels but we're doing it here just
to add it to the SD one so I will even
make this ping Bowl if we ever need it
for testing reasons so alright now that
it has an IP address we should be able
to even though it like disappeared on me
here we go I'll probably cuz it's not up
let's go let's go back and actually add
it to the SD way now alright so there we
go to Texas and now we actually have an
IP address that we can pass it off to
alright sweet
let's go ahead and do the other side and
hopefully it won't lag like it did
before that was horrible by the way I'm
sorry guys the last video was like
pulling teeth here alright I think it
just needs to kind of like wake up all
right one of these days come on buddy
I'm trying guys all right here we go
so this is our PC over in in Texas and I
did this last time in the New York one
now I just haven't used these little web
term boxes in a few days and I think
it's just waking itself up I'm not too
sure so we'll let it we'll let it login
in fact I'll just oh there it kind of
goes I'm just gonna hit pause here and
count to 30 or something yeah I have no
idea what I took so long but here we go
so we're over here in Texas let's just
do the opposite so let's go to network
let's go to our SD win alright let's go
ahead and do new ok we're gonna say give
me a new VPN tunnel alright so this is
gonna say to HQ I don't know why I'm
shouting at everyone my caps locks must
be on here we go and it's gonna be 10
200 1.1 and the outgoing interface is
gonna be that that AT&T one so I'm just
making all these up of course alright
make sure the passwords match up and
that should create our phase 1 and phase
2 for us so here we'll hit cancel all
right and that's because we need to go
put in that IP address so let's go to
our interfaces let's expand our SD win
cluster down here alright there we go
okay so here we'll say let's see here
yep
10:00 10:30 to 10:00 10:30 1 make a ping
a bowl
oh I forgot 2/32 mob by ad head okay
noise okay cool cool and now let's go
add it back to the SD win and then I'll
pass it off there we go
alright so not too bad just make sure
that you hit the apply okay I made that
I made that mistake last time I didn't
hit the reply button so so technically
you know that is that is it so we made
the tunnels now our second goal here was
to create kind of like a health check
rights and that's why we made those
loopback interfaces beforehand so
there's a couple of ways that you could
do this now I probably could have made
life a whole lot simpler by creating
like a own for my loopback interfaces so
I didn't have to write redundant
firewall policies I didn't even think
about that so obviously this last moment
so but that's okay but let's go ahead
and make the firewall policy it'll be a
good practice right that that you know
repetition is the mother of all learning
kind of thing so here we go I'm gonna
say create new and I'm just gonna say
loopback health loopback health check I
don't know I'm not feeling very creative
anyways it's gonna pop out of the SD win
and it's gonna go to the loopback and
you know what honestly I don't care I
don't care
there's nothing but a logical interface
and here I'm just gonna allow ICMP
alright don't need that okay
not too bad all right and what's nice
about this guy's is that if you remember
we already did that rule in our our HQ
so if we head back over to the to the
data center here to the headquarters and
we go to our policy and objects and we
go to our IP 4 policy our loop back here
should also include the Texas office
also we just have to go ahead and add
that in our SD win rules so pretty
pretty slick huh and that was kind of
the last step there right so if we come
over here to our system know I lied RS
Dewayne rules okay now if you guys
remember the last video we made this
pretty generic one right that went out
to New York okay so I'm actually going
to click this and I'm gonna put a little
underscore in Y C and the reason why is
because when we start getting redundant
tunnels right to the same location
they're gonna be added into the same
rule but here I'm gonna go ahead and I
am going to make a new rule but this one
is gonna say VPN health check to Texas
all right and I promise you this should
make more sense down the road okay and
you know what there might be a better
way to accomplish this all right but I
am gonna have to think of it later
so anyways once again we can just use
that loopback interface okay but this
time we're going to manually pick the
Texas interface and like I said that
should make more sense once we actually
get multiple tunnels to the same
location all right so let's go ahead and
go to our performance s LA's all right
we had one that said VP and check-in TC
she said New York City
well let's go ahead and create a new one
and we're gonna say VPN health check to
Texas all right
and we're gonna be pinging that
interface to Texas yep
not too bad okay and as you can see it's
it's making it alright so then I can go
ahead and hit refresh here and you can
see that it is making it through the VPN
tunnel and it is keeping an eye out on
the quality of that of that VPN tunnel
so once again this will make more sense
when we start adding redundant tunnels
to the same location all right because
we're gonna tell the SD when to always
pick the best one all right so here we
go let's go ahead and do it on our New
York City side okay so here we go New
York City side my Texas I'd say I'm all
over the place alright so we had our we
had a rule but let's go ahead and make
the SD weigh-in rule alright and this
does take care of the routing part of it
too so here we go we're gonna say create
new we're gonna say VPN to HQ and this
is just gonna be for the health check
we'll have to write some some rules
later on now there isn't really a
loopback address that we made in this
site yet so let's go ahead and create it
alright here we go two one seven zero
zero I always do that I always put it up
there instead of down there Oh guys I'm
so sorry
here we go and I'll just have to call
this off loopback or something all right
don't forget our slash 16 so it just
takes a look at those first two okay
here we go
all right and we'll just manually hand
it
to our HQ tunnel alright now don't
forget these rules are top-down so you
got to make sure that happens
all right and then let's go ahead and
ping through it for for a health check
okay so we'll say create new will say to
H Q VPN health check I don't know I
messed up the naming conventions alright
guys
alright so ten to seven zero one and the
participants because we only got one
right now it's gonna be that guy right
there okay and then we can see here all
right we will be able to keep an eye out
on our health statistics okay so at this
point we have sorry guys that was kind
of all over the place so at this point
we now have two VPN tunnels all right
going from our headquarters to New York
City and our headquarters to our Texas
office alright and we're also pinging
through that tunnel to keep an eye out
on the quality of the VPN itself alright
that's about as far as we've gotten and
like I said in a couple videos ago
taking this slow step at a time
and you know what I'm starting to think
there might even be a better way to do
this
design-wise I'm just drawing a blank at
the moment so but uh in the next video
what we're gonna do is add two more
additional tunnels
alright using our two differents LAN
connections for our redundancy so and
then we can point it down the same way
and we can get our health checks going
for both of the tunnels and telling its
hey you know what's always pick the VPN
tunnel that's that's the best all right
and we'll we'll be able to test that so
alright guys so sorry that was kind of
all over the place
and
I'll see you guys soon so
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.