Pass Fortinet NSE4_FGT-6.4 Exam in First Attempt Easily

FortiGate Firewall V6.4

1. Lecture-01: Common Network Security Terms

Gonna start from basic terminology network security terms, okay? And we will go forward slowly. So network security terms mean asset vulnerability, exploit rate, attack rate, risk, and countermeasures. These are common network security terms. What is assets? Assets mean anything, which organisation invest, which organisation belong to organization, anything which is variable to the organization. Properties, such as vehicles, equipment, plants, buildings, employee computers, data, or anything else, are examples of assets. So in network security terms, we call them SS, and I'll give you an example of a SS, maybe a device. It may be an employee computer or anything else. A second term is vulnerability. What is vulnerability? Any weaknesses in the system? We call it vulnerability. Weaknesses mean it can be in the system by design, it can be by nature, it can be application-based, it can be protocol-based, and it can be in an operating system. So we call them venerability and humanity as well. Suppose me and you, we all some human very soon they become angry by nature. This is their vulnerability and weakness. Some people are very cool minded. Whenever you say whatever you tell them, they will say nothing. So this is called vendor ability. So vendability can be by design. Maybe when they want to deploy something and they forgot to put something there. So later on, the hacker used that design to hit your server and hit your network to get access. So this is coming like in vendor as well. Every week they have a new patch to install because there are so many weaknesses, like LGM as well. Last week, they released a new vendor ability. They stated that there is a vulnerability and that you must purchase them in order to secure the device and by protocol. So I will give you an example. By protocol, I can give you an all-inclusive example, but it will only serve to demonstrate how and what vulnerability is. So this is my web server and also my Telnet server, okay? And these are my two clients here. Let me put a Wireshark here and start capture just to show you a vulnerability. Don't worry about the setup; what I did is not our point in learning this one. So let me click from here. The client IP address of the server is 19216 812. So I start capturing here with Wireshark, and let me do telemetry from the client side. Because telnet is a widely used protocol, the traffic is sent and received in clear text. So this is what we call availability: 192.168.1200 is our server, and our username is Edmund. I inserted it, and the password is let me go here. So we capture Telnet traffic here. Let me type "telnet" only so we can filter them easily. Click on any traffic and go to the TCP stream. Look at our username as admin or ensure running everything is m easily. Cl Because telnet is unsecured, it's sending and receiving traffic and clear text. So this is the availability by protocol Another example is HTTP. Let me send the HTTP traffic from this client and let me type our web server IP, which is 1200. So Edmund is the user, and my server's password is I use http traffic Let me go to Wireshark, and this time I say I don't need HTTP, I need HTTP traffic. So this is the Http from twelve to twelve two is this client 1200 server Twelve one is this one, and twelve two is this one. This is the docker. I will show you how to install Docker in GNS 3. So when I right-click here HTTP traffic, go to this time follow HTTP stream, and look at everything that is visible here, whatever this one-server one is, and everything that is visible here is authentication. Okay, let me take the second picket because it's showing In the second picket, follow the HTTP stream, and it will show you the username and password as cation. Because Http by nature and tenant by nature is sending and receiving their traffic unencryptedly in clear text. This is known as Vin ability, and these two protocols are vindurable by definition. Now, going to the third one, "exploit," What is exploit? Exploit is the method techniques formula which you use to get the detail and use the availability and damage the server. So which tool do I use to recognise if the password for telnet is one, two, or three and Edmund is the user? I use Wireshark before I use your Telnet because it's more visible. So let me show you this one. Follow the TCP stream. There are one, two, three, and Edmund is the user. So this Wireshark is called an exploit. I use Wireshark, which is an application, and I exploit the Internet and HTTP to get the details of the server. So I take an HTTP and exploit the vulnerability with telnet. because these two protocols have vulnerabilities. I'm giving you examples. There are so many vulnerabilities in everything. There is a special website, which I can show you, and you will find everything vulnerable there. But with this keyword, we call them exploits. So now we know exploits, we know vulnerabilities, and we know assets. Let's go to another network security term, which is thread. thread means anything that is dangerous to your asset. An asset is anything related to an organization; we call them assets. It can be accidentally triggered, or it can be intentionally or unintentionally triggered. So we call them threads. There are so many threads: spyware, hackers, wires, and so many key loggers. We will see key loggers as well. Lost data, Trojans, and a slew of other issues that you may be dealing with, such as being unable to leave your house due to the Corona virus. This is a message to you if a huge amount of traffic is going on the road, so you cannot cross the road. This is a thread for you. So many things are the same in your system, your design, your network, and everything. There are so many threads to your organization. So any potential threats are directly dangerous to your asset. We call them thread, and there are many things that can be thread: warm wireless, Trojan, and many other things that we will discuss later. Now, another term is defined for the assets on them. Now I know the username and password of their server. Now I cannot take on their server. There are so many attacks flooding attacks, UDP flooding attacks, sync flooding attack make them down, service down Dos attack DDoS attack, you can capture the data, or you can go to the system. so many things you can do. So this thing we call them attack an action which you take to down the server, network, whatever we call them attack. Another thing is risk, which is another network security term. Any potential loss, either a compromise or damage that destroys your network, we call a risk. Using telnet to access your device, for example, is a risky job in your organization. Telnet is essentially a utility that allows you to remotely access your device, similar to TMI or any other text but command base. So potentially, when there is something instead of Telnet, you can use SSH and any other method, either VPN or a firewall, to make net traffic encrypted. So for this type of thing, we call it a risk. And now the last network-security term is countermeasure. What is a countermeasure? Countermeasure is the initiative you take to secure your organization, your network, your services, and your devices to mitigate the thread, and we just saw the thread. What is the thread? How do we put it in the same case? What can I do? Everybody can see my telnet traffic. What is the counter measure? So the countermeasure is, rather than using telnet, to go to the server and configure SSH, which is the alternative client. So, rather than using a tenant, I can now go to the client because SSH is already enabled there, and say SSH, the username is sam, the IP address is 192.168.0.1, and the password is now. This time I'm using SSH, and let's see the traffic again. But this time I will say "show me the traffic for SSH." Why? It's not there? Okay. Maybe I stopped them. So let's go back, and we can start our shop from here. And please allow me to close this three times. Okay, let me close this session and connect again, and here we will see OK, so it's not showing me SSH twelve, 100 is my server IP or not? I'm hitting something else. Show IP interface in brief Okay, let me go back just to show you; I don't know, for some reason it's not showing me 1200. Okay, anyway, let me see all the traffic. So tell me it is there! Okay, so basically due to this Wireshark Sometimes it will not show you. So let me put this one on my server. Sometimes it shows like this. And let me try this one over IP or And start. So the counter major is I'm just giving an example. Rather than use a telnet, use SSH, and rather than use HTTP, use HTTPS. In this way, you can secure your network. Okay, so let me go back now and go to the console, and from the client, let me do SSH. But before doing SSH, let me capture the traffic again; no need to leave here. Let me capture it from here, and let me start the workshop. Okay, this time it's correct. So let's go to our client. So it says the destination is down, so let me go to the server. Okay, it's not yet on. Okay, so just wait a while, let the demon rest, then I will check from here. So this technique is called a countermeasure. And this way, as a security professional, you have to mitigate all the threats, which can be anything. But I'm giving you an example of Telnet and HTTP. It's taking too much time. So let's go to a common security term. It's not a one-time job. Keep in mind this network security term, which I told you is like a circle, because maybe you protect SSH, but there is a vulnerability in SSH version one as well. So it means you have to use SSH version two. And it's not that you say, "Okay, I have a firewall, I have IPS, and I have everything." So now I am protected and I will set aside and everything will be due by devices. No, there is a vulnerability, a weakness, and a way to attack every day, every minute, and every second. It means this is a fight between the security engineer, you, and the hackers. You protect the device, and they have another solution. You protect that method, and they have another solution to attack you. So my main theme is this is like a circle. There are so many threads that they can use the vendor ability on, and you are exposed due to this vendability, which they will exploit. And there is risk for which you did not account. So the way to protect your assets is to take account of them after every second, or after every week, or after every month, to protect your assets. Again, it will be compromised in another way, and then they will attack again. There is a vulnerability. Again, you have to protect them the same way. It's like a circle to move around. Okay, so my server is okay; now let me go to SSH, and this time I will say, rather than tell you about NET, show me SSH. This SSH version two and the TCP stream I followed found no garbage data. Can you see this is a countermeasure? Why to use the telnet, because everybody can have their data and can see anything which you are sending and receiving. So we use SSH and the other client, rather than using what is called HTTP. There is an https as well. This time, HTTPS, and I'll say 192.168.0.1, so it's secure. Maybe the server is not up or something, but the traffic I can show you here Now, this time I will say I don't need HTTP. I need TLS traffic. TLS is basically HTTP. However, if I see follow TLS stream okay, you will notice that nothing means garbage data; it will be encrypted. Maybe my server is, for some reason, down. So, let's see if I can activate the IPHTTP secure server. Okay, so it's already there. By the way, I already have an IP Http authentication local and user. So let me try again now. Okay, advance, and let me go to Edit hephne because it's asking for the certificate admin, which is my user there, and the password that I created. Now I access the server, but this time with Https, not an Http. And when you go here and say, "TLS is okay," try now. Anyhow, we have a lot of traffic now, and why should we follow the TCP stream? For some reason, it's not showing me. Go to another page. So it will be garbage data. It's the main point I want to show you. So let me try again. It's better to use TCP as well. Okay, for some reason it's not showing me. It has to show me. By the way, yeah, it will be like this. It's garbage data. But anyway, I need to see TLS okay; for some reason it's not showing me, but it will be encrypted just like SSH as well. Which encrypted packet? So this is called a countermeasure.

2. Lecture-02: Identify Malware(Malicious Software)

Other terminology identify malware what is Malware? Malware means malicious software any program. Any code we call them malware which harm your system. Your devices. Your network. Your services we call them Malware and normally I give an example to these old students which they already done this by the way in other courses malia is like a bad people in the world you will face two type of people maybe he is a good guy or maybe he's a bad guy he's a bad guy he will damage the society. He will steal the things. He will kill the people maybe he will hit the people whatever he will blast something whatever you say but end of the day he is also human we are also human we are in same nature. Same human but one human is doing something else. The other is doing something else the same as malware same like a program word. Excel. Zoom. Anything browser.PDF. Program. Anything like this one but he is doing bad things it will explore. It will steal your home. It will damage your system services so it's called malware there are so many malware basically malware is an umbrella term many things coming under this malware there is a viruses. Warm. Trojan. Rootkit. Edwar. Square. Logic. Bomb. Botnet so many things coming under this category let me on one server so that I can show you something as well so just give me a minute. Okay? So many things coming under this malware so just go to all these terminology what is this? One by one the first one is Virus what is virus? Basically it's an executable file and it will look like a normal application which I told you cannot understand anyone is a good guy or bad guy when you stay with him either when you deal with him so then you know that is a good guy or bad guy virus is the same thing it's like an executable profile which exists in your system and your services and your network it will not have anything until and unless you activate them either some other application activated so it's like a human bad guy but it will not damage you until you tease them maybe you say what the hell are you? And you say something to him then he is a bad guy otherwise if you are not saying anything to him he will not harm you like a dog when dog is in your door and when you pass away and when you not tease them it will not say anything to you but when you're trying to them to show them something either definitely the dog will be activated so the same thing as a virus is an executable file it will not activate until any other application in your system either you click on it to activate them to damage your system so we call them virus okay. We know virus this is not executed it will not execute until some application activate them either you another one is adware edward means advertising support malware. Malware means malicious software and ad where means advertisement basically whenever you visit any website either on your system it will pop up again and again congratulations you win this you win this like this type of thing and when you click on it they will ask you to pay something either they will activate this application to get your money and something so it will steal your data your credit card data any other thing yeah. We know because we are computer lifted but those they don't know about anything computer and it has come up so definitely they will click on it and they will demit the system so it's called Edwar if I go to a browser may be if I can show usage there is one website if I remember the name Geek Park or something last time I showed them in Palo Alto to these guys so it was in Frank something yeah this one so it is like advertisement like this one it will show you and pop up will come to you when you click and you put your detail either it can damage your system download wire. Assist your system so many things it can do it we call them EdWe another one is rent somewhere rent some money you know rent some in movies and when you kidnapped something and you pay for it so then they will return the person so we call them random money this is called ransomware and where we know malware is taken from the malware mean Malaysia so again this is type of malware which is we call them ransomware and ransomware there are few examples cryptolacrecrypto wall and one cry which was the more famous from Russia wanacrai one which damaged the huge world in 2017 so what is wrong somewhere basically they will ask the money to pay it will lock your device in such way let me show you here if I have some this one so your system will be not every data will be encrypted until you put the key here too and they will ask the money which you cannot trust them you will pay the money and when you pay the money okay they will send you the key it's also not guaranteed that they will send you like when one cry had the many server so they pay them a huge money but some of them they give them the key but some of them they did not give the key because they allegedly took money from someone else to down their server maybe government websites so even they take money from two sides but they never up them so when you put that key they will unlock it and then you can use your system this is called ransomware and wanna cry was one of the famous one yeah you can use your system you can ferment your device and reinstall window any application you can use but the data which is encrypted it will be not again usable neither you can what is called recover them because when the data is encrypted so it's impossible and very difficult to recover it yeah. If it is normal data and it is deleted either something happened you can recover there are so many things to recover so keep in mind maybe you are thinking that I cannot use the system no. You can use it but you have to format the whole hard drive your data is gone and now you can reinstall operating system and can use so this is called run somewhere in other words it's Trojan. Trojan is basically taken from that Yunan and those who are maybe you know Trojan has you remember this story maybe you already know this story of this Trojan what happened when the Roman day attack on them and those days was not like a Tom bomb and those type of like today we have everything to attack someone so what they done basically they have a big wall to protect their city so nobody wants to enter them and attack on them and they have a protection as well from the top so what they do. They make a Trojan like this one and they put army inside a big Trojan and they put their army inside and they gifted to those guys so they opened the door when they took them so at night they opened the door they come out from the Trojan and they attacked in such away they do their job so this has been taken from Trojan Trojan is also a malicious program which appear like a regular application because in that time they don't know they say this is a gifted thing. Let's take them they don't know that inside there is an army so from outside it looks like something else inside there is something else so this taken from Trojan trojan is appeared like a regular application but when you use them it will steal your data it will damage your system it will unauthorized access your system it can do many things you can do in Kali Linux you can create a ProGen later in the course if I remember I will create and will show you practically another one is warm, it is also a malware it's like a virus but there is a small difference between virus and warm basically virus will not activate which I show you I told you until you activate them either any other applications are activated but one will activate and replicate themselves automatically it doesn't require any application to activate them this is the difference and it will down your server it will consume your bandwidth it will cause your network and distribute if one system infected is like a coronavirus it will affect every family member automatically because it's replicated automatically it doesn't require any activation okay. You know now this one now going to spyware spy means to spy something as we know spyware is also a common type of malware which will monitor your activities and will send to another person either any software and normally when you download free application from internet so it's normally there in those applications so you have to be careful about this one so it will spy your data. Your credit card detail. Your bank detail. Your everything even key logger is also coming under this category maybe you download any free application okay. What they will do so whatever you type because maybe you are working on your system suppose you are typing a notepad and you type your credit card number maybe you are buying something from ebay and you type one. Two. Three your credit card number spyware will take your data okay? It will come let me show if it is coming here key logger no this one it will come after a while just to show an implication it will come so I will show you so it's behind the scenes running in your system when you install something it will install automatically the spyware and whenever you are doing something it will send the detail to that guy this is called spyware just by your detail your credit card detail. Your debit card whatever you have your sensitive data another is root kit so root kit is basically a combination of all those above which I told you and also we use rootkit to get root access root basically means in Linux root is like administrator and Linux like when do we have administrators in Linux we call them root so rootkit basically is designed to get root access to your system and if you have suppose an organization nobody like in bank let me give you an example of bank and bank and cash room nobody can go there where the cash is there we know the cash money money is there so not everybody is allowed to reach that one maybe the bank manager can go there either one or two more person but if you get a root excess means administrative excess of the manager excess to reach their care this is called Root kit so you can use any combination spyware. Malware. Anything to reach to that level because if you get a small level like security guard access so you can do nothing because security guard is not allowed to go to cash room they will say why you are going there without the manager permission so it means we need such type of privileges which we can reach to this specific cash room so we call them a rootkit another is keylogger keylogger is also a small application when you install free application it will be activated behind your devices and whenever you type any keys on your system it will be recorded like this one so let me go. I type one I don't know why it's not coming yet let me open notepad again. And I type these things CTRL C. Now let me open a new notepad. Suppose I'm typing something. This I type. So this key logger. Basically I'm showing you here. But it will be behind. You will not know anything about this. There is application running. So whatever I type in the notepad come up here. So when I click here, whatever I type here it is there. I type credit card number EBC something. Yeah here, credit card number Ebay something I type here. And another note that I open. So whatever I type it come up here. Credit card Ebay. And the other one will come later. A bit later. This one as well. Because this application, this is just to show you. And it will be not like this. In the top of the screen, it will be hidden. You don't know anything. When you go to browser and you buy something from Ebay, suppose and you go to Ebay and you type whatever here. Suppose I type Google.com or Ebay, whatever. So this key lagger is behind the scenes. Whatever you are typing it's storing those details which I show you here. And it will send to that guy whatever they are using any method. Even screen recorder as well. Whatever you are doing in this screen capture. And even so, this key whatever I run here is here. And it will mean whatever keystroke you type in your system. It will store those key and it will send them. And then that guy will analyze from that one. The same like this one. So in this file there is nothing. But here I type of credit card visit to Ebay. Then I get your credit card number and I can damage you. This is key logger. This is also type of malware. Another is career as the name suggests, square to scare you. And malware means malicious software. So normally if you are not computer. So a pop up will come to you that there is a virus in your system by the end of ours and running otherwise your system will be down in two minutes or 1 minute or something. So you don't know about the computer. Yeah. Because you are computer engineer. We know that this just affect something. But for those people when they use computer like HR, either salespeople or any other people they don't know in such type of pop up come up. So definitely they will buy, they will click on it, they will say okay, $2 is okay, let me get from my credit card. So when they click on that one, so they scare them and they say my huge data will be lost from Excel and what I will do in organization. When the manager asked me where is those Excel files. So he scared them this one. So this is a scare where this is another technique. Some malware logic bomb as well. Logic bomb will trigger response on event and specific date and time when it's reached. So this is also a type of malware when you fit a time like an old if you remember in XP there was something happened in 2002 or 2004 in XP because there was a logic bump included in their time. So in their time reach automatically their wires or whatever you call it activated malware. So such type of things we call them allergic which require a specific time or date when you reach and it activated on their time entry we call them allergic bomb. Another malware is botnet. Botnet is from two words. Bot means robot and net means network. And robot doing everything whenever you say them. So they will do the same thing for you. Robot we call them. So Botnet is basically when you control some system on the internet, maybe on a Facebook. I will say that I am a girl from UK and I want to review this is my picture. Just click on it. When you click on it so it will control your system. It will control your system which we call them abortnet either Zombia and then what they will do, they will use your system to attack any other services. So at the end when somebody catch you, they will catch you not them because they are using your system to attack someone else because they take your control. This call bought it or Zombia and they are using so many methods like a Facebook chat, chat room and so many things they will say this I am this and this I can give you a money less friendship and those and this thing and when you send it I will show you some other day. I will create a file and will attach here as a small application activity. And also in Kali Linux you can create to attach something. So when I will send a picture, when you click on the picture in the background there will be application run. I will show you, don't worry, just remind me some other day. So this is called botnet. This is also a type of malware to damage the system to services, network, whatever. And last but not the least is Dos denial of Services. Okay, either. DDoS distributed denial of services. What is dos? Denial of services means the services will be deny. Nobody can access the services. So this method we call them let me see if my system is running okay. So that I can show you two, three attacks. So this is called denial of services. To down the services, suppose our website, Facebook.com, Google.com, Youtube.com and you send a huge traffic to make them down. So the legitimate people will not access those services. We call them denial of services. And for Dos and DDoS, what is the difference? First, Dos means you are using one single system to attack on the server. Distributed denial of services you are using so many server to attack on the server to make them down. You are using so many client and for this client maybe you are using botnet. You control many systems, sorry. And from those system you are taking on a server. So this is called distributed denial of services. An example of does attack dear ping of Data take Smart attack, TCP Sync Flooding attack, CDP Flooding Attack, buffer workflow attack, ICMP Flooding. So many things are there. Let me show you one denial of Services attack. Which is TCP Sync flooding a day. TCP Sync Flooding Attack means you will send only sink but not will receive acknowledgement. Suppose if somebody giving you that, suppose you have a shop and somebody come to you that give me that cigarette. And when you move around to give them a cigarette, he'll disappear. Another person came in this way he will make you down. In this way many people are coming and they say give me the cigarette. When you turn down to give them the cigarette, he is not there. So TCP is using three way handshake. But in TCP Sync Flooding you are just sending sync but not receiving any Acknowledgment. And this way the server will be moving around to give them the cigarette box to someone. There is nobody else to receive them and that's where the server will down. You will say what the hell is going on?1000 people came to my shop and everybody said give me that box of cigarettes. When I turn around to give them every one single nobody was here. And this way I become down. I cannot provide the services. So this is called a Denial of services. Let me show you from here, okay? I have a web server running, which is a ZM server, okay? And XP i install and zam server. And this side I have a Kali Linux root and password by default, okay? IP of this XP is Ipconfig one 9216-811-4113 and IP of this Kali Linux is they are on the same network. So hopefully they have the same IP 33.Let me do TCP flooding. Flooding. But before doing that one, let me access the server. I can access it or not. So let me go to 1921-443-1143.I can reach to that XP ZM server. It's not an issue. One, one three. Let me create a sink, floor, fingertips from Linux. Don't worry about it. If you don't know about this one, I just need to show you. So don't need this one, no need of this one. And let me copy that script as a small script. I show these guys as well. And the other courses. This script HP we can use to do this type of text. So let me go to Kali Linux, okay? So the IPS 133 HP I say send with the head with 80 port, flood them, okay? And if I go to XP, let me show you one thing more from Wireshark. If there is a Wireshark so leave it I can show you it will send only sync packet not three way handshake okay and let me do what I can show you okay still I am accessible the server after a while it will down this is called Dasite look it is a bit slow now okay and let me system in a new page it will be not accessible it's low now because the take is going on and after a while it will say it's not reachable if I stop this server after a while it will be available control C okay now it's come up but when I take what's going on basically this Kali Linux is standingsink flooding let me show you if I have Wireshark herego to properties in the server this is still the old packet extending they will send sync sync sync sync no acknowledgement now we need acknowledgement yeah three way handshake as we know if I just send this one there will be TCP three-way handshake sync acknowledgement and acknowledgement let me show you I sent so this is the normal behavior now I will show you the other one so this is the acknowledgement okay this is sync this is sync acknowledgement and this is acknowledgement these are the three way handshake now let's do a take what is the difference between this one? Okay and let me do a take I know the server will be down but you will see sync picket only EI stop now that is a huge attack so let me stop it and let me show you here you will see sync sync fully before we are receiving sync and sync acknowledgement and acknowledgement three type of packet it’s hanged by the way otherwise you will see if it is a good server so you will see here only sync sync sync so this is TCP sync flooding we call them and this will be down the server it was not accessible to the proper people user so this is called Dossier tape either another way to do it let me attach here let me do another one so let me go to here in cloud where my colleague Linux is attached let me see it is net or don't worry about this setup okay this is just to show you how it is working okay let me right click on the cloud go to configuration and show special internet and VM net is basically net okay so let me attach this server 20 one okay and now let me go to server because I'm connected here let me assign IP so the simplest way is interface one IP address DHCP it will get automatically from net cloud so when it's good then I will do a tape okay so let me show you the IP or not okay till I didn't get the IP let's wait one no shutdown I think so I forgot this one okay it's still not getting did I connect to the proper net cloud. Yeah, just 1 minute. Okay, let me take another cloud. If this cloud is not working, you can take net cloud directly as well. It's the same thing. Either do it by that way or this way. Okay? Okay, now let's see. I just need to wait for the IP so that I can show you another attack. Okay, let me assign statically. For some reason it's not getting IP192, 168 and what is our range? If config so our range is one one four okay, so let me go to give them suppose 200, 255-255-2550 no shutdown and let me pin can I pin the Kali Linux or not? Then we will do a deck 192, 168 one one 4134one one 4135 so for some reason not reachable, okay? No issue. So it means there is some issues. So let me do it here quickly in my system, okay? And let me start Kali Linux and make them net only you can use any interface just to show you what is the state. There are so many methods. Not only this, there is a ping of data tape, okay? You can use that method to send a huge data on ping by default it's not allowed on any firewall. Suppose if I ping from here, suppose I'm pinging eight, so it's okay, it's responding me okay, but if I send a huge data l which is length, okay? And sorry l if I send thousand packets so it will not reply google, it will say why you are sending a huge data. You just want to check that I'm reachable or not. So you can test them by 32bytes, why you are sending 10,000 packets? So in every firewall this is by default behavior. I show them these guys as well in Palo Alto, Firewall and Dossier take protection profile few of these guys, remember. So you cannot put a huge file size here. Because this become like a flooding attack pingup data ICMP flooding attack so it's not acceptable. So you can use that method as well to hide the CPU and Ram and make down the server same as buffer. Buffer is a small memory where you can use to store that one. And you can CDP flooding either make flooding so many things, so do it. So let me show you if it is on, let me take any switch or router from here. So I take this router and let me connect to net cloud. Okay? By the way, let me show you two together. Let me take one switch as well. And let me connect this net cloud to the switch and from switch to router. And on this one let me go that Kali Linux is on or not? So this is Kali Linux with root and tour is the password. Okay? And till that time what I can do, I can assign IP to this router interface by DHCP because there is DCP already enable on net okay. So just give me a minute quickly. Config interface shut down. Okay. So IP interface is brief. It will get the IP from thereafter a while which is something. So let's wait. Yeah. Get the IP now. Okay. So now it's ready for the update. So let me come here. Okay. And if config what is the IP of this one? So now let me go to here. And there are so many utilities. One of them is this is a utility where you can create so many attack like DCP flooding attacks so many DTP. But this time I will say CDP CDPs they are running too. If I say show CDP neighbor. So I have only one neighbor which is switch. And also if I say show CDP traffic I have only one packet. Now you will see in the CPU. Show process CPU. So my CPU is 0% using. Let's see now. Let me do a tank from launch attack and flooding CDP. Okay. Now you will see this router CPU. First check the CPU. It will increase if it is hitting. Let me see that shows CDP. Okay. So this attack is not directly on the router. It's going to the switch. So let me go to switch instead of router. Because this is connected directly. I thought it will come here but it's not coming too. So let me go to switch. Show CDP Niber look at so many Niber. It will come more as well. Let me stop that. Kali Linux sending so many client and it will down the so let me stop it. Control c and show CDP traffic. Huge traffic came now 18 this one. Let me clear them and show you again. Clear. CDP. Counter. Show. CDP. Nothing is input. Let me now do a tech from Kali Linux. Launch a tag. Let me show you CPU as well. Process CPU.CPU is used only 0% in 1 minute night. Because our tech was done before in last five minutes. So let's do it again and now go to switch again. Now it's stuck. So let me stop list now and let me access the switch now still. Yeah. It's come up now. So the CPU is 100% utilized. And if I see here even is stuck in two minutes. So it's like a doser tech. We call it show CDP. So by the way it has to show me so many traffic as well. Let me send yeah. It's not from traffic. It will be show CDP Niber. You will see so many nibbler. Look at this is generated by CNA which we had used the tool. So this is CDP flooding attack to down the switch and server in two second switch. Other router there is same method. Another one is show make address table. How many make addresses. Let me clear this one. Clear. Make address make address table dynamic. Let me clear them and show make address table. There is nothing. Yeah. There is the same way we have another attack which we call them let me attack from CMD makeovers makeup guys. Make of our makeup okay it's not install in this one this utility is not installer card that is installed so in new Linux they remove it by the way. I thought to show you make flooding at as well but unfortunately that activities that is not available here so leave it make of utility when you type and enter it will flood the database table sorry. The make address table and so many others as well just to show you a few examples so let me stop this one so this is called Denial of services to down the server the terminologies.

3. Lecture-03: Introduction to Firewall Technologies

The thing is firewall technology. What is a firewall? Basically a Firewall is a system device, a hardware, a software, a combination of these to put between the trusted and untrusted boundary network. We call them a "firewall," which protects your data, your assets, your traffic, your things, and your checking. We call them a firewall. The definition of firewall is too small to tell you that firewalls nowadays do many things that you cannot describe in a single sentence. What is a firewall? It can do netting, routing, and device protection for you, as well as IPS and IBS. It can do so many things to monitor, to check the traffic, incoming, outgoing, everything. It can serve as a "firewall," the next generation of which is capable of protecting your data and assets. And a firewall can be software, it can be hardware, it can be cloud-based, it can be virtual, or it can be a combination of all these. So it's not physically one thing to tell you that this is a Firewall. There is a virtual firewall as well. cloud-based firewalls as well as hardware firewalls and software-based based firewall as well. So it's basically packet filtering. And they are using so many techniques to protect your data. Firewalls have been divided into three main generations. First generation firewall, second generation firewall, and third generation firewall As in humans, we say that this guy is of an older generation; he knows nothing. As we normally say to our parents and elders, they are unaware of this new technology; they are unaware that everything has changed, and they are thinking of old-mind people and conservative people. In such thing we use this word normal word. The same is in firewall. First-generation firewalls are the old method. People with a conservative mindset have their own way of thinking. So in first generation firewall is called picket filtering firewall we will discuss about picket filter The firewall in the second generation was the application layer firewall. And the third generation, which we are now using, is called a stateful firewall. Either next generation Firewall which do inspection properly. We will discuss all three a bit later. But this is called a firewall. We built a firewall to keep you safe on the inside. So nobody can go and come without your permission. Which identify good data and bad data. good people and bad people. Just a few words. Otherwise, I told you, it's not possible to explain Firewall. There are so many firewalls. Top of them is Palo Alto firewall. Then 48 firewalls Then as juniper. We have so many checkpoints and so many top-ten ten Firewall.I will tell you about those as well. But on the top, there is a Palo Alto. And the second one is we are using 14 at Firewall. and why we are using it, I will tell you about that one as well. So the first one is a stateful firewall. What is stateful? Actually stateful firewall keeping record state table there is a connection table either state table so whenever somebody go out from home and when they are coming back to home so security guard will not stop them because security guard will say this guy just left the home I know him. He belonged to this home, so the return will be allowed automatically because he put a note in the registry that this guy went out, so he has come back. He can go back anytime. So this type of firewall we call them stateful firewall basically stateful firewall when you initiate traffic from a secure zone and when you go out and when the traffic is baked so it will check the connection table If you see English from your side interface, it will check the first existing connection, I believe. Is there any significance to the fact that the guy went out? Yes. So it will allow you directly because you initiate traffic from inside and you go back to return traffic is allowed because they are keeping record such type of firewall we call them straightforward firewall in any next generation firewall have this capability. Let me show you from here if I can run it because my server has become slow. This is the firewall. It can be in any firewall; it can be an ASFR wallet; FortiGate; it can follow to; Checkpoint; any firewall; they all have the same capability. So this is outside, R 2, and R 1 is inside. So, let me start a traffic from my inside to R-2 and ping R-2, okay? And this is R2, R2, IPS Let me go here, let me run R two as well, and let me run SFR as well. Okay, for some reason, let me off the system so that we have some resources. For some reason the system is very slow. Okay, this is R two I'll make in the middle this one. Okay, let me ping 168, 232, and repeat this one 1000 times. Okay, where is the topology? This one is okay; definitely I can ping; let me go to Sfrwal, and here I will show the connection table that I told you connection table. So let me just put a stop to this one. Let me regenerate or more data either I can do tablet as well. So let me generate it and quickly come here. Here is a connection. I say ICMP, and the net control message protocol is outside 23 dots, and this idle timeout has been sent from inside twelve dots, and this is a flag. This is the connection table. So that's why when this person is sending traffic, they are receiving it as well. Because when the return traffic is coming so it says the connection is already there is the connection but let me do from R two because from R one I can ping Rtwo Definitely the ping reply is coming back, and there is an eco reply, so if the eco is coming, then definitely R2 can also ping. This is what we're thinking, so ping 192.168.1.1, which one can I ping? No, but when I'm pinging from Rone to R-3, it's pinging. I can receive traffic from R 2, but when I'm generating traffic directly from R 2 to R 1, it is not going. Why? Because from R one when I hit the server so that traffic came back and I receive it so why not? If I initiated directly why is stopping me? because of a connection table. Assume I leave the house to get some bread or milk, and when I return, the security guard lets me in because he recognises me. This guy just left the home and is coming back; there is already a connection established, but when somebody comes directly from outside and comes to my home, the security guard will stop them due to a stateful firewall until you get permission; this is another story I'm not saying that's why he is not allowed. There are so many methods we have to create a policy for him; he has to show the security god some identity to allow them, but that is a different story. A stateful firewall is one of them. keeping record and I show you show connection and see another one is stateless firewall stateless they are not keeping any recursive so this is an issue even if you go out from inside what was now I don't need this one we saw this one this was the state full firewall let me show you stateless firewall now I have a stateless firewall which is a router and I configure here excess list and even I allowed PC one to go outside PC two but return is not allowed so the PC is not coming. Let me close in on this one again so let me put this one in the middle and PC one is here now the same story like this one but we will see SR one is reachable to PC two if it is not so then why? And if it is, why? So let's see that story so then you will get theidea about stateless firewall it means for stateless firewall it's not keeping records if you go out from the building when you come back so you need to take permission again like in previous case that was my home security guard know me because he is working with me from last ten years so when I go out for a bread when I come back he didn't tell me anything and he allowed me but when I go to some other suppose office and I have a permission card once when I visit suppose marry a hotel or something suppose but when I'm going next time they will stop me again even if you say no I went out for cigarette and I'm coming back he will say no and the last bitch I give them example of the state full firewall and you can normally go to any club so they put something on your hand on your call what is this call? I'm not sure what they'll put on your hand, but I'll say they'll put a stand so that when you go inside your club and come out for a cigarette or whatever, when you return, they'll check on the touch of your hand and if the stamp is there, they'll let you in. This is called a state-full firewall because they say yes. They got a stamp. He was inside. Then he came back out. Then he can go inside but when somebody came directly to enter the club either pub so the security guard they will stop them that they don't have a stamp It means this is your first time and you have to get permission to pay something, but instead of being like this, there is no stem. No nothing so if I ping from PC one to PC three the same like I done in the previous case 123 two is not allowing me do you think the picket is not going? No. The picket is reaching let me type debug IPIC and let me send the packet again he is receiving let me see the packet now after a while you will see the picket here the picket is reaching here after a while you will see because the system is slow for some reason so it showed me after a while you will see that because I ping here 23 it says that source 23 two destinations twelve112 one is this guy he says somebody sent me the packet but administratively prohibited unreachable receive because there is a rule IPX list I say allowed twelve one which is allowed from inside to go to 23 ten matches but I said deny any and on the interface of outside show running interface one there is a rule that nobody is allowed for inside and nobody is allowed from nobody needs it because they're not keeping any record so twelve go out but twelve is not allowed to come back not like this one you got my point. It's the same story: Why is there not enough? Because this is a stateless entity that does not keep records, there is no way to keep track of the fact that yes, if twelve dot one goes out to 23, then 23 are allowed to compare to twelve if the record is no. There is no such record for this one so this is called stateless firewall and normally we are using ACL which I show you I configure ACL there so you need two rule either two. Three. Whatever the rule you need for inside and outside to allow but this is not in this case the third firewall is packet filter firewall the same which I show you this is we call them packet filter for one as well when we configure SEL excess. Tended excess less name. SEL infrastructure. ACL. Time base ACL. Dynamic ACL. Extended ACL all those things. When we configure them, we call them packet filter firewalls. It's keeping record like a source destination, source code destination, the same which I configure here. This is ACA. This time, I say IP. You can use the port number as well. 80, 84, 43, whatever you can say So this type of firewall, we call them packet filter firewall, old firewall. Another is a proxy firewall proxy. Basically, firewalls are in the middle. They are receiving the traffic on behalf of the client. They give them to the server, and when it returns traffic, they give it to the client back. So he stored the detail everything behalf of the client, he is doing everything. But this is a single point of failure. If this device is down, your whole Internet network will not be reachable from outside. So for this type of firewall, we call them proxy firewalls. Another is an application firewall. Now it's good. This is a second generation firewall. Now it will check not only the source and destination but also by application. like a DNS, SMTP, HTTPS, or SSL, whatever. So this type of firewall, we call them application firewall. It's checking by application layer, not by port number. Okay? And another one is a personal firewall. What is a personal firewall? The firewall that is installed in your system We have so many firewalls installed here, like this one. And when do we have a built-in firewall as well? this one, which protects your firewall. Okay. And we can install our personal firewall. There are so many, like Kaspersky and many other firewalls, that you can install. This is a software-based firewall, which protects your end device. So we call them professional firewalls. Another type of firewall is a transparent firewall. Transparent means it is working like a second layer, like a switch. You can assign the same subnet IP. Normally, firewalls work like a router. So you cannot assign the same range to the router interfaces. It will give you a lap error. Like suppose if I go to that one, suppose I have show IP interface brief two different I range. Yeah, let me assign go to e one and assign from the same range IP even different IP. Suppose 101-25-5255, do you think it will accept? No, sorry, IP address. It will give error to me. You are? I think so. "Made in the head" in routed means that every interface has a different subnet IP and a different network. Then you need a switch if you are using the same subnet. But in the case of a transparent firewall, you can assign the same range of IP addresses and it will work on the basis of the names, not the IP addresses. And we call them transparent firewalls. the same technology. This is a transparent firewall. In Cisco, we call them virtual wire firewalls, but in Palo Alto, we call them virtual wire firewalls. You can use the same network; you can connect like a switch; we call them virtual wires; and the same technology will be used in 40-gate as well, which means we go into detail. Another is the traditional network firewall, like a normal packet filter firewall (we call them "traditional firewalls" as well), which operates on the basis of IP address and port number blocking, which anybody can bypass. Anyone can change their IP to bypass the traffic. So we call them traditional network firewalls. Then we have a zone-based firewall. Zone-based firewall You can make a firewall from the router's router; you can create a zone and make it a firewall. So, with a Cisco iOS router, you can configure it to function as a firewall, but only if the router supports that feature. It is not done in the same manner as ACL. Another type of firewall is a cloud-based firewall. When you deploy your firewall in the cloud—because everything is moving to the cloud, like a firewall as a service and security as a service—those are two examples of a cloud-based firewall. Same like software as a service we have a firewall as the services, same we have infrastructure as a services In the cloud, we have a firewall as a service, and last but not least is a workflow firewall. When you deploy your firewall work fully inVMware, either in GNS three, either in Evange, either in Exi and everywhere virtually in virtual environments we call them a virtual firewall and every firewall has virtual edition as well nowadays. Now, for the final section, this is UTM. UTM means unified thread Management UTM in most interview they will ask you what is the difference between UTM and next generation firewall? This is the most widely asked question when they ask you in the interview, "What is the difference between UTM and the next generation firewall?" So let's discuss: What is UTM? Basically, UTM means unified thread management. It combines packet filter proxy IDs, IPS protection, and web proxy, as well as many other features: quality of service, antivirus URLs, data leaf prevention, and so on. Ipsids all of these things, but it will deal with each packet individually. Assume you go to the bank or somewhere, okay? In first place security guard check you then he gave it to another person go to the counter. Counter gives you what is called a token. Then you go to another counter, and they sign your documents. Then you go to another counter, and they check your file. Then you go to another counter and you will say, "What the hell is this?" I pass so many counters. In the end, you say no, it's not acceptable. The same thing is done by UTM. The packet will come, it will check for URL filtering, then it will pass to the other one. Then data leak prevention, then it will go to antivirus then it will go to IPS, then it will go to policy, then it will go to quality of services and so many things it will go there so it's slow process it's doing the next generation firewall job but very slow process. But the next generation firewall has three main things user ID and Content ID. These three things make the next generation firewall different from UTM and any other firewall; otherwise, the next generation firewall has all the things that make a traditional firewall Whatever we study, like traditional firewall packet filtering, Stateful firewall. Stateless firewall. Whatever we study, all of those things are already included in next generation firewall, but there are three differences between other firewalls and next generation firewall: app ID. User ID and content ID mean next-generation firewalls. not doing things by port or services is doing by application like Facebook's application like Facebook chat room is another application content is another application YouTube is a different application YouTube video is a different application; they will check this way. So this is called the next generation. Another consideration is user ID. It will not check only by source IP but it can check the user by username. So this is another good thing because the IP anybody can spoof their IP but user you cannot because you need a username and password to log in then if you then definitely you can bypass and the last thing is content ID. Content means anything mentioned here is called contents to check the antivirus, to check IPS, to check the proxy, quality of service IDs so many things which we will discuss later in the course all these things to check the data for any maybe hidden leader is something. And the fourth thing this next generation firewall do a deep pocket inspection it's like a DNA test which none of the firewall will do DNA tests and DNA tests can never be false because DNA keep all your detail. Your corona test can be negative and later on it can be positive. It can be wrong. It can be anything. Any test can be a blood test or anything else, but the what is called a "deep pocket inspection" -- I forgot the name, okay, so this is called a "deep pocket inspection." This thing only do by next generation for a while now coming to the last part, what is the the difference between UTM and next generation? Because he is also doing URL and he is also doing URL. He's also doing DLP and also doing quality of service the same IPS ideas and solving so then what is the difference between next generation and so the difference between is they are doing by one shot and they are doing by part they will do like I'll give an example of go to this counter. This contradicts the content that the next generation will accept. They were only checked by security. Just come; that's it. We will do everything for you in 1 minute. Your file will be ready and go away. That's it. So next generation doing in one way and by one shot and they will do it by slowly process to make you tired. Okay. Last thing related to firewall the question is normally they will ask you an interview where the heck to deploy firewall? Do you recommend where to deploy a firewall? You will say no, there is no such thing to supply firewall. You can deploy a firewall inside. You can deploy firewall on edge. You can deploy in parameters. You can deploy on your edge. You can reply inside your data center. You can distinguish two different department to put a firewall. So there is no such way either. No rule to deploy a firewall only externally. No, it can be anywhere in your "anyone network" depending on your needs. So you can deploy a firewall inside, outside, in data centre and HR parameter.

4. Lecture-04: Introduction About Fortinet FortiGate

How much is 40 net? Because you will have heard two words: 40 G and 40 net. So you will say what the hell is 48 and 40 G? You will say this firewall is fortunate or 40. Then you'll think I'm mispronouncing it, that I'm mistaken, that it's called a 40-network firewall. But we are talking about a ForiGate firewall. So let me clear you. 49 is the name of the multinational company, which is based in America. Most companies are based in California, like Forte, Palo Alto, Cisco, and LTM, as well. All these companies are normally based in California. So Fortinet is the multinational company whose headquarters are in California, and it's a USA-based company. And this company develops and markets cybersecurity software, appliances, and services. Okay. They also sell firewall, antivirus intrusion prevention, endpoint security, and antivirus products. So this is the main product of this company, Fortunate. Fortunate was founded in 2000. It means it's only a 20-year-old company run by two brothers, Ken and Michael. These two brothers founded this company in 2000 under the name Fortunate. So their first product was four ticket by the name of four ticket firewall. This is the first product. In 2002, they introduced this product by the name "FortiGate Firewall." And those times, it was only anti-spam and anti-spyware. Such type of only not like a firewall today. But in 2000, there was no big competitor. So this far wall they hit the international market in two years and this company become multinational company in two years only they raise over 90 million funds and only in two years by this only small product by FortiGate firewall. So after ten years, they introduced their certification as well. just like Cisco and any other vendor. Their certification name is by the name network security Expert, which we call them NSE. And they have eight levels of certification. That's it, which we will discuss a bit later. One, two, and three are free. You can get this certification for free. So that means the main certificate starts at NSE 4. So this is a company which by the name of Fortinet and based in USA in California. Now the question, which I told you about, is whether Fortunate and Palo Alto firewalls are the two next-generation firewalls, which we already know are the next-generation next generation firewall. And they have almost similar features like IDs, antivirus URL filtering, sandboxing, so both are doing the same filtering entity spam, vulnerability, zone protection, dash protection, if anything do by Paul Alto. Everything is due by ForitGate as well. Both companies are considered top companies. So then what is the difference if you send a generation? Both are doing user ID and users; both are doing container ID; both are doing application ID; both have UIs; both have command-line interfaces. But let me tell you, because these two are the most widely deployed. Hello. Yes, any question. So, basically, we were discussing the difference between Paul's 2-firewall and his 48-firewall. Palo Alto Networks Corporation and 40 Net Corporation Both are based in USA, both are USA based company. Both for all are doing the same similar job. Both are doing IDs, IPS, antivirus URL filtering, sandboxing, and anything else we're filtering. Whatever one firewall does, the other does as well. Both are next-generation firewalls; both are doing app ID, user ID, and content ID; both are stateful full firewalls. So both have a graphical user interface, both have a command line interface, and if you check the top ten firewalls, you will find Paul at the top, and they are the leaders. And the second, you will see "40 Net Firewall" and then "Checkpoint." Now the question is, which one is the better one? To be honest, the best one is 1. The second one is 40 G. Why are people preferring it, and on the second position, why a FortiGate firewall? The reason is it's not expensive as compared to Palo to Firewall palatable to Firewall is very expensive and you need so many licenses are cheaper as compared to this one. So every company they say let's see, let's checkout 40 gate first, we don't have a budget, so the mid company and maybe big company as well, I'm not saying like this one. As a result, they prefer a 40-gate per wall to a per wall. Otherwise they're both if you said so, there is a difference between 1890, maybe not a huge difference between these two for one, but again, it depends on the requirement. But in the leader definitely is Palo Alto far one now coming to as I already told you, it's been founded this company. In 2000 and 2002, they introduced 40 operating systems. (40 OS means 14 operating systems). Juniper has your junior operating system, like Cisco's iOS, and so many others, so they introduced the separating system. Then in 2003 there 14 minutes we will talk about this. like to manage firewalls from one centralised location, then they change it to a 40-year-old operating system, an updated operating system, and so on. In 2006, they introduced 40 WiFi everything, and now they are starting with 40. Okay, this is the 49th thing. Everything when they introduce them start 40, FortiGate, 40 manager, 40 OS, 40 something. In 2009 there is a latest version and so on 40AP they introduce and then they introduce a very high prices. Up to now 2017 they have so many products and high CPU and farewell. So for us, six days to the USA operating system, with which you can do so many things—SDWAN certification, connecting 40 guards and 40 agents, and so many other things—whatever you can do with your system, you can take from this one. So, like any other firewall, this 40-bit operating system has many features, such as antivirus, anti-war, anti-spam, intrusion prevention, intrusion detection data, leak prevention, flow-based inspection, filtering, application control, endpoint network access control, venturability management, monitoring, logging, reporting, VM, Optimizer, and SDWAN. We will learn so many things from this one. So this operating system has all the features of any other operating system. They have called it the PanOS operating system. This is for POS. These are the certification one, two three is free. Certification one, two, three is open for anyone. NSE one NSP two NSP three. If you want, I can send you the link align. They have an exam. Just copy paste from internet and put the answer and you will get NSE one, NS e two and NSE Three certificate directly on your email and download as a PDF as well. So these three certificates are open for anyone. By the way, not these three. One two is free, three is for the if your organization is their customer register with the four tickets. Suppose you install four tickets in your organization, then you can do the NSE Three exam as well. And the one which we are doing and we will do and we will cover all the details is NSE Four which you manage day to day configuration, monitoring and operation the thing which you do normally. and that's what we require. What about the NSE 4-hour exam? The name is "40 Network Security Expert." They are now changing six and two. They will be written six two. The new one is the operating system. Exam number is NSE Four. The exam price is 400 USD. But as I told you, I can provide you a voucher for 215. So you can save some money and write the exam. The duration of the exam is 120 extra minutes. if English is not your first language. This is the old exam. Now they change them, you will get 75questions and passing score is very easy. You can easily pass, and you can register your exam with Pearson VUE, which is very easy. You can write the exam directly from home. You don't need to go to any centre to book the exam; you just need a webcam and a mic on your laptop. Just take a picture up right, left, front, end, big and sent those pictures. And then you can book the exam by scanning a copy of your passport or any other identity card. And you can write the exam directly from your home.

5. Lecture-05: Install FortiGate Firewall On VMWare

First and foremost, we will learn how to configure a FortiGate Firewall in a VMware workstation. Okay, if you don't have VMware Workstation, you can download a trial version, and I will provide you the key to register it so you can go to Google. If you don't have VMware Workstation Download and type it into Google, you should go to the first or second link, okay, and from here, version 15, you should click on this one and you can download for Windows. If you are using makeup rating system then there is also a version of VMware which is called VMware fusion I think so VMware Fusion? Yeah, this one is for both, and I have the key. If you're using make, you can use a fusion to download, and I'll give you the key if you don't need anything else. Second, we will need the image. The image can be downloaded from supportfort.com website which I mentioned here but you can type in Google support 40.Net it will take you to this website. Let me type in Google as well for you. If you type Google Support and type either 40 or the company name or your firewall name, you can come here and create your own account. Okay, it's very simple; it only takes two steps to create your own account, and you can log in and download okay, so you don't need a support contract to log in and create and download images. It's okay, anybody can do it; you just need to create an account and download the images. So let me go there to show you. Okay, so here is the download. Okay, so if I say from where images come, it will ask for my username to log in. Okay, so create your own account and login with that one. I'm already logged in, by the way; if it is not, then it will ask you, so just create a new account; it will show you here, and when you create a new account, you can come to download images from where And here is the product select product. As a result, they have four team managers, 40 analyzer-purchase loans, and 14 managers to manage a large number of devices. but the one for which we need a four-ticket, which we discussed yesterday, is the platform you need. So, for the time being, I require VMware in order for VMware to be visible. this one under this one VMware ESI click on that one. OK, so it will show you the latest image, 6.41, 6.24, and an earlier version, which is the old version. The one I need is stable. One is 6.24. Okay, now there are two types. One is to upgrade from a previous version, and this one is a new deployment of 40 gates. So keep in mind, you need this one because we want to deploy a new one. The other we will use later in the course. So I say new deployment and this one is the name VMware because I choose here VMware station and download. Click on this one, and it will download 58 MB. So just click on that, it will download, and we will go further. So I downloaded this one new deployment. I select 48 new deployments from this list. this one because the slide is old. So in that time, I do six, two, two. But now we have four to this one. So it's downloaded. Okay, so when it's downloaded, you have to unzip because I'm using IDM, so it will download to my compressed folder. But in your case, it should be in the download folder. So let's go to the download folder. So this one is okay anyway, but I only download and rename it so that we know which one is the OVF. Okay. OVF means Open Virtualization Format, which is for VMware. Just unzip it. You can use any unzipper. The one which is savings if I'm using is a free version. So I will say "extract" with the same folder name. So it will extract it. So it's here now. Okay, so these are OVF, open virtualization, format the file, which I need to open, and VMware workstation. I already opened VMware Workstation, which I told you if you don't have, you can install by clicking Next. Next. Click on open. Okay, go to the download folder, which is compressed in my case, and select the OVF permit with the number VMXNET 3 OVF so it will open and accept the license; then, okay, give the many names. Suppose I will say 48 six. Suppose you give them the location. In my case, I will give them the D location because I don't have space for the C location and I have a VM folder. So I will create a new folder with the name "FortiGate six," okay, because its six-version number is 6124. But anyway, so I gave them this name. Anyway, I gave them a wrong name. So let me go back to D and go to VM, and let me rename it. Okay, so click on the Import button. It will take maybe one or two minutes to import it. It depends on your system, so it's come up now; don't change the memory because by default it's limited memory. You don't have a full license. So you can use only one GB memory processor. Also you cannot change them and also the hard drive. But they have so many interfaces. We don't need such interfaces. You can click on Edit either way. You can click on any interface. Okay, it will show the details for all these interfaces. So for the first one we will use for management purposes, just keeping it as a bridge is okay. You can either net them or not. Second one we will use for net means for internet. So make them netted. The third one we will use for land. So let me make them as a land segment. Okay? And the fourth one let's create them as a DMG so I make them host only and I don't need these interface just remove it remove remove remove you can add later on as well if you need it The first is to remember that this is my management interface, and the second is that even though you can use the first one for management and also for the van, you can use the first one for management and also for the lane, but I say this one is management, and the second is the internet one-way interface, and this will play a role for my land, and this will play a role by the DMZ suppose if we need it later on in the course okay, and for any other purpose we can second thing in VMware specially you have to go to option and there is a VMware tool time sync is off you have to enable this one synchronise guest time with host host is my system so it will synchronise the timing with this device you have to enable this one and press power either from here anywhere you can and from here as well it's up to you okay so till it started so what we done we import this file then we accept the license then we give them the name and put the detail okay then we remove the interfaces we just put the interfaces the first one is the and also we sank and the time with options and then we are this one by default username is Edmund and there is no password but you have to reset first time the password the password is blank okay which we will come now so let's see it will take some more time and we are where there is a small issue when you come first time it will not give you the licence so we have to reset them with execute factory reset command so anyway let them start so we will add them and then we can use this command either by we can see get system status so if it is get the license then it's okay 14 day trial licence okay that's it and then we can check our interface by command system interface either diagnosed system IP both command we can use we can set the static IP but forget about static IP we will do later on okay and then we can ping them suppose if it is pingable or not from my device we will see that one and then we will type the same IP by default on first interface DHCP is enabled, so it will get an IP automatically from my bridge, okay, the one that I bridge; you can make them net, so it will get a net cloud IP; we will type that IP and the username, which is admin, and the password, which we set the first time, and you can log in. So it will ask you to change the username. Anyway, it's come up here. So it started username is admin and enter. There is no password to enter. Now it's asking new password. So I say and confirm password one, two, three now it's come up, it says welcome and now I'm logged in to 48 VM 64 is written control a to clear the screen just to see. How do I know that the IPS gets how system interface in question mark first interface DHCP is enabled but not the other? Keep that in mind; that's why I say the first interface is my management one. So where is IP address 100 192 from on port one? I get the IP from my bridge interface. Because I shortened the first interface, you can make them net as well. And bridge interface is how I make my WiFi bridge interface. Look at this WiFi. And my WiFi is using the same range, the 100 range. In your case, it can be different. So don't follow my IP. It can be different. So if I come here and see that 100 is the range and there is DHCP enabled, it will provide the IP first port. Okay, so what is IP? 100 192. So the best way is to ping it. Whether it is pinging a ball or not. So go to the command prompt and type 192 168 192. So it's pingable, which means we can accept it. So 100 and 192 go to any browser. Keep in mind, you have to use HTTP. HTTPS is not allowed. You don't have a license. When you click, it will say "Secure connection failed." If you get the license, it will show you. But because you don't have a license, this is the second disadvantage to making them HTTP, and it will come up. So the username was Edmund, and the password reset the first time you logged in. Okay, so what do you say? evaluation licence is expired. We didn't even get an evaluation license, and it says it expired. So NVM is the only problem and nothing else. We will see it in GNS three as well. So what you need to do, you have to come back here again and execute system. What was the command? I forgot. System execute store I think something in my mind was factory reset. Sorry. So you have to type "execute victory" and "reset" again, then "enter." Yes. Press while you are okay, and it will reboot and this target will work. So this is only the way in VMware workstations. Okay? So don't worry if you are not using VMware or another one; you don't need to repeat this process. The only issue is with VMware. So just wait for a while, it will boot again and again. Because I reset to victory, So what will happen? It will ask me again to reset the password. It's just like I opened it again. So this is the way to handle the VMware image to install. So it's come up now. So my username is admin. There is no password. Enter new password. One, two, three. New password: confirm one, two, three. and now I can check by getting the system status. This time, I have a license. You can see expiry the system status. Okay. And every detail is here extended to these 14 days only. So we can see. So if I refresh this one, it either removes it or returns the same IP address. So enter admin once more, and the password is one, two, three. This time it will log in. It will not ask for the UK. It's not asking this time, but this time it's asking you do you want to change the password and do you want to set the host name? Okay, so if you say yes, begin. If you want to say later, you can click later. Suppose yes. So let me change the name to FG. I gave them the names host name" device name." This FortiGate VM 64 is now the device's name. I changed to FG means 40 gate. Allow me to make them one. Okay, now I'm logging and if you see enter. So the name has changed. Now, basically, it was asking for the hostname from 40 GM 2 FG 1. and it's showing here as well. Okay, FG one. So this was the method for installation. Okay, now, basically, I have a 14-day license. This is the end of your merry evaluation license. So it will give you two days 26. So it's almost 14 days of free licence to do anything. After 14 days, you can import a new one and start up. Simply bring a backup entry store. Okay, if I miss something, let me go. There no need to put a static IP. We will discuss this one. We pay them, and we go to our browser and login. We'll change the name if you want. Okay? And that's it. That was the way to install a FortiGate Firewall workstation.

Hide