Skip to main content
HashnodeNickson-Infraestructure

Command Palette

Search for a command to run...

Enterprise simulation NFGW CLI Foundation Lab

Updated
5 min read
N
nickson diaz
Part of seriesCisco Infraestructure

Topology Overview

ISP Configuration

Commands

# Initial configuration

ISP(config)#Hostname ISP
ISP(config)#line console 0
ISP(config-line)#password cisco 
ISP(config-line)#login
ISP(config-line)#exit
ISP(config)#enable password cisco123
ISP(config)#enable secret cisco123!
ISP(config)#service password-encryption 
ISP(config)#ip domain name nickson.com
ISP(config)#ip name-server 200.1.2.1
ISP(config)#no ip domain lookup 
ISP(config)#banner motd #Only authoirized user!# 


# Internet configuration

Interface f0/1

ISP(config)#interface f0/1
ISP(config-if)#ip address dhcp
ISP(config-if)#no shutdown
ISP(config-if)#do wr
ISP(config-if)#exit

Interface f0/0
ISP(config)#interface f0/0
ISP(config-if)#ip address 200.1.2.1 255.255.255.252
ISP(config-if)#no shu
ISP(config-if)#no shutdown 
ISP(config-if)#do wr 



# Nat


! Interfaz hacia el FortiGate  
interface FastEthernet0/0  
description Conexion hacia FortiGate WAN  
ip address 200.1.2.1 255.255.255.252  
ip nat inside  
no shutdown  
exit  
  
! Interfaz hacia proveedor / GNS3 NAT / Internet  
interface FastEthernet0/1  
description Conexion hacia proveedor 192.168.122.1  
ip address dhcp  
ip nat outside  
no shutdown  
exit  
  
! Ruta por defecto hacia el proveedor  
ip route 0.0.0.0 0.0.0.0 192.168.122.1  
  
! Permitir que el trafico proveniente del FortiGate salga por NAT  
access-list 1 permit 200.1.2.0 0.0.0.3  
  
! NAT overload / PAT hacia Internet  
ip nat inside source list 1 interface FastEthernet0/1 overload  
  
end  
write memory

Default Route Fortigate

config router static  
	edit 1  
	set gateway 200.1.2.1  
	set device "port1"  
	next  
end

Testing

FortiGate-VM64-KVM # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=117 time=39.0 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=37.4 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 37.4/38.2/39.0 ms

FortiGate-VM64-KVM #

Fortigate Configuration:

# Initial configuration and  addressing


config router static  
	edit 1  
	set gateway 200.1.2.1  
	set device "port1"  
	next  
end

    edit "port2"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set allowaccess ping https ssh http
        set type physical
        set alias "Administrator"
        set snmp-index 2
    next
end

config system interface
    edit "port3"
        set vdom "root"
        set ip 10.20.20.1 255.255.255.0
        set type physical
        set alias "LAN"
        set snmp-index 3
    next
end
	

#DCHP configuration

# Administrator
config system dhcp server
edit 1
        set ntp-service local
        set default-gateway 10.10.10.1
        set netmask 255.255.255.0
        set interface "port2"
        config ip-range
            edit 1
                set start-ip 10.10.10.2
                set end-ip 10.10.10.254
            next
        end
        set dns-server1 200.1.2.1
        set dns-server2 8.8.8.8
    next
end


# LAN 

config system dhcp server
    edit 2
        set ntp-service local
        set default-gateway 10.20.20.1
        set netmask 255.255.255.0
        set interface "port3"
        config ip-range
            edit 1
                set start-ip 10.20.20.2
                set end-ip 10.20.20.254
            next
        end
        set dns-server1 200.1.2.1
        set dns-server2 8.8.8.8
    next
end

System and Network Settings

# Hostname Configuration

FortiGate-VM64-KVM (global) # show 
config system global
    set alias "FortiGate-VM64-KVM"
    set hostname "FG1"
    set timezone 04
end

# DNS Configuration 

FortiGate-VM64-KVM (global) # show 
FG1 (dns) # show 
config system dns
    set primary 8.8.8.8
    set secondary 8.8.4.4
end

# NTP Configuration

FG1 (ntp) # show
config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "fortilink"
end

Routing

# Static Routing  configuration.

FG1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 200.1.2.1, port1, [1/0]
C       10.10.10.0/24 is directly connected, port2
C       10.20.20.0/24 is directly connected, port3
C       200.1.2.0/30 is directly connected, port1

# test conectivity

FG1 # execute ping 200.1.2.1
PING 200.1.2.1 (200.1.2.1): 56 data bytes
64 bytes from 200.1.2.1: icmp_seq=0 ttl=255 time=10.9 ms
64 bytes from 200.1.2.1: icmp_seq=1 ttl=255 time=12.5 ms
^C
--- 200.1.2.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 10.9/11.7/12.5 ms

# Test to remote server 

FG1 # execute ping google.com
PING google.com (142.251.34.142): 56 data bytes
64 bytes from 142.251.34.142: icmp_seq=0 ttl=116 time=39.7 ms
64 bytes from 142.251.34.142: icmp_seq=1 ttl=116 time=36.8 ms
64 bytes from 142.251.34.142: icmp_seq=2 ttl=116 time=34.4 ms
64 bytes from 142.251.34.142: icmp_seq=3 ttl=116 time=32.3 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 32.3/35.8/39.7 ms

Policies


# PC-Administrativa to internet Access.
config firewall policy
    edit 1
        set name "Internet_Access"
        set uuid 7153ea70-4d54-51f1-9c18-f5775478b417
        set srcintf "port2"
        set dstintf "port1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end


config firewall policy
    edit 2
        set name "Lan_to_Internet"
        set uuid 6329ea70-4d55-51f1-eff8-a10e6b1b1dc5
        set srcintf "port3"
        set dstintf "port1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end

At the moment I only need to policies to give access to the internet to our subnets so now we que pass to the follow steps to test our policies.

TEST

Administrative-PC

[Pasted image 20260511122733.png]

LAN-PC

[Pasted image 20260511122814.png]

As you can see we Got internet connection in each subnets.

Create a Local User and Group



config user local
    edit "Nickson_diaz"
        set type password
        set passwd ENC jZeIPhW4F5ZPq4MSwjTSXOPv7jm57GHtg4NlC9+DaDq5uEhHVZ0WQVyQXYr0Woxs1xnydwV/0RswnjExNFxNIng2FgO5KYSNQwUH4QcphwqIcn/2j4N3mFYYNf3cyrKL9q85g7vm3FrcBrujhaImgPeUv+21Wdlu2PSIsALK52vVkC++uiv8JjLn8eqGfNNT4C1FTA==
    next
end


# Group.

edit "LAN-Group"
        set member "Nickson_diaz"
    next
end 


# Getting a captive portal 

FG1 # config system interface 
FG1 (interface) # edit port3
FG1 (port3) # set security-mode captive-portal 
FG1 (port3) # set security-groups LAN-Group 
FG1 (port3) # next

Comments

Join the discussion

No comments yet. Be the first to comment.

Cisco Infraestructure

Part 15 of 15
Start from the beginning

1.4.7-packet-tracer-configure-router-interfaces_es-XL | Cisco packet tracer

El dia de hoy nos encontraremos este lab en la plataforma de cisco packet tracer donde configuraremos una small red, este laboratorio se encuentra en la fase inicial de una serie de ejercicios las cuales serviran para practicar la certificacion de CC...

More from this blog

Nickson-Infraestructure

20 posts