SHARIFUL's TECH BLOG

In last blog we have looked at how to configure SSL VPN in fortigate firewall with username/password authentication. Now we will replicate the same setup but with certificate authentication. Our setup will use user-certificate ; not machine-certificate authentication. Our topology looks like below - 01 - Network Topology The topology is very simple as our goal is to look at the SSL VPN implementation in Fortigate firewalls. The firewall has one internal network (10.10.1.0/24) where we have one windows server (Srv-Win-Ad-01 - 10.10.1.25/24) which is running AD domain and certification services and one linux server (Srv-Lin-01 - 10.10.1.26/24) . Also the external network (192.168.199.0/24) which provides internet connectivity. And a domain joined client (Clt-Win-01) which will run the VPN client to get access to the internal network. Basic IP connectivity setup The basic IP configuration of fortigate firewall is given below - config system interface     edit "port1"      

Today we will look at how to configure and troubleshoot SSL VPN in Fortigate firewalls with LDAP authentication . In another blog post we will implement the same thing with but with certificate authentication . Our topology looks like below - 01 - Network Topology The topology is very simple as our goal is to look at the SSL VPN implementation in Fortigate firewalls. The firewall has one internal network (10.10.1.0/24) where we have one windows server (Srv-Win-Ad-01 - 10.10.1.25/24) which is running AD domain and certification services and one linux server ( Srv-Lin-01 - 10.10.1.26/24) . Also the external network (192.168.199.0/24) which provides internet connectivity. And a domain joined client (Clt-Win-01) which will run the VPN client to get access to the internal network. Basic IP connectivity setup The basic IP configuration of fortigate firewall is given below - config system interface     edit "port1"         set vdom "root"         !!! Configure IP adr

In this blog I will configure MLAG (multi chassis link aggregation) for Dell OS10 switches. As every other vendor choses a fancy name of their implementation of MLAG; Dell is no exception to this. Dell calls their implementation VLT - Virtual Link Trunking . Let's look at our network topology - Two Dell OS10 switches will run peering between them and will run VLT/MLAG between them. Two Debian 10 linux machine will be connected with LACP bonding with both switches. They will simulate the client connection. Our topology looks like below - 01 - Dell OS10 VLT Topology Let's look at some terminology before configuration - VLT peer – The two switches participating in VLT are peer to each other. In a VLT domain a maximum of two switches are allowed. VLT interconnect (VLTi) – VLTi synchronizes state information between VLT peers. It synchronizes layer 2 and layer 3 control-plane information. These state/control-plane information includes MAC table, ARP table, IPv6 neighbors etc. VLT