0% found this document useful (0 votes)

324 views43 pages

Fortigate Advpn BGP

The document describes a network topology testing connectivity between branch offices and a datacenter using FortiGate firewalls and ADVPN over BGP. The topology includes routers connecting the sites to two ISPs for internet access. FortiGate firewalls establish ADVPN tunnels between sites carrying BGP routing. Cisco IOS images are used in GNS3 to simulate the network devices.

Uploaded by

Laksmana Wirangga

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

324 views43 pages

Fortigate Advpn BGP

Uploaded by

Laksmana Wirangga

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 43

NETWORK TOPOLOGY

Fortigate ADVPN - BGP

Jose Silva
Network Topology

Table of Contents
1 Introduction .......................................................................................................................................... 2
2 Network Diagram .................................................................................................................................. 2
3 Platform and images ............................................................................................................................. 3
4 IP address space .................................................................................................................................... 3
5 Network Equipment Configuration ....................................................................................................... 3
5.1 “Internet” router ........................................................................................................................... 3
5.2 Datacenter ISP1 router ................................................................................................................. 5
5.3 Datacenter ISP2 router ................................................................................................................. 6
5.4 Datacenter distribution switch ..................................................................................................... 7
5.5 Datacenter firewall ....................................................................................................................... 9
5.6 Copenhagen distribution switch ................................................................................................. 17
5.7 Copenhagen aggregation switch................................................................................................. 18
5.8 Setubal ISP1 router ..................................................................................................................... 20
5.9 Setubal ISP2 router ..................................................................................................................... 21
5.10 Setubal distribution switch ......................................................................................................... 22
5.11 Setubal firewall ........................................................................................................................... 23
5.12 Paris ISP1 router.......................................................................................................................... 31
5.13 Paris ISP2 router.......................................................................................................................... 32
5.14 Paris distribution switch.............................................................................................................. 33
5.15 Paris firewall................................................................................................................................ 34

Fortigate ADVPN - BGP |1

Network Topology

1 Introduction
This network laboratory tests the connectivity between branch office and a datacenter
using ADVPN on FortiGate firewalls. Also, the connectivity provided to the internet from
services on a DMZ network on the datacenter. All branch sites and the datacenter are provided
with two ISPs for internet access fault tolerance. All accesses to the internet are implemented
through FortiGate’s SD-WAN rules. The branches have configured two ADVPN connection to
each of the ISPs on the datacenter, and the access on these ones are also implemented using
SD-WAN rules.
All routing is done using BGP over the VPN connections between the branches and the
datacenter.

2 Network Diagram

Fortigate ADVPN - BGP |2

Network Topology

3 Platform and images

This lab was implemented using GNS3 and the table below specifies the images used for
each type of equipment.
All images were downloaded from the official sites respectively. They are only trial
licenses, and all restrictions apply.

Device Image
Internet Cisco IOU router v15.5.2T
dc-fw01 Fortigate 64b VM v7.0.2 build 0234
stb-fw01 Fortigate 64b VM v7.0.2 build 0234
cph-fw01 Fortigate 64b VM v7.0.2 build 0234
dc-sw90 Cisco IOU switch v15.2d
stb-sw90 Cisco IOU switch v15.2d
cph-sw90 Cisco IOU switch v15.2d
dc-sw00 Cisco IOU switch v15.2d
stb-sw00 Cisco IOU switch v15.2d
cph-sw00 Cisco IOU switch v15.2d

4 IP address space
The following table represents the IP address space used on the branches and on the
datacenter.

Datacenter 10.2.0.0./16
Copenhagen 10.8.0.0/16
Setubal 10.4.0.0/16
Paris 10.6.0.0/16
ADVPN 10.255.250.0/24

5 Network Equipment Configuration

5.1 “Internet” router
! ######################################################
! ## Internet
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname internet
ip domain name inet.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!

Fortigate ADVPN - BGP |3

Network Topology

! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = dc-isp1
ip address 192.168.2.1 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
description = dc-isp2
ip address 192.168.2.5 255.255.255.252
no shutdown
exit
!
interface Ethernet0/2
description = stb-isp1
ip address 192.168.4.1 255.255.255.252
no shutdown
exit
!
interface Ethernet0/3
description = stb-isp2
ip address 192.168.4.5 255.255.255.252
no shutdown
exit
!
interface Ethernet1/0
description = par-isp1
ip address 192.168.6.1 255.255.255.252
no shutdown
exit
!
interface Ethernet1/1
description = par-isp2
ip address 192.168.6.5 255.255.255.252
no shutdown
exit
!
interface Ethernet1/2
description = web-clients
ip address 192.168.255.1 255.255.255.0
no shutdown
exit
!
interface Ethernet1/3
description = web-servers
ip address 192.168.250.1 255.255.255.0
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------

Fortigate ADVPN - BGP |4

Network Topology

ip route 0.0.0.0 0.0.0.0 Null0

!
router bgp 65000
bgp log-neighbor-changes
neighbor 192.168.2.2 remote-as 65022
neighbor 192.168.2.6 remote-as 65026
neighbor 192.168.4.2 remote-as 65042
neighbor 192.168.4.6 remote-as 65046
neighbor 192.168.6.2 remote-as 65062
neighbor 192.168.6.6 remote-as 65066
!
address-family ipv4
network 0.0.0.0
neighbor 192.168.2.2 activate
neighbor 192.168.2.2 next-hop-self
neighbor 192.168.2.6 activate
neighbor 192.168.2.6 next-hop-self
neighbor 192.168.4.2 activate
neighbor 192.168.4.2 next-hop-self
neighbor 192.168.4.6 activate
neighbor 192.168.4.6 next-hop-self
neighbor 192.168.6.2 activate
neighbor 192.168.6.2 next-hop-self
neighbor 192.168.6.6 activate
neighbor 192.168.6.6 next-hop-self
exit-address-family
exit
!

5.2 Datacenter ISP1 router

! ######################################################
! ## DC ISP01
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname dc-isp-01
ip domain name dc01.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.2.2 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
shutdown

Fortigate ADVPN - BGP |5

Network Topology

exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-dc
ip address 192.168.20.1 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 192.168.100.0 255.255.255.224 192.168.20.2
!
router bgp 65022
bgp log-neighbor-changes
neighbor 192.168.2.1 remote-as 65000
!
address-family ipv4
network 0.0.0.0
network 192.168.20.0 mask 255.255.255.252
network 192.168.100.0 mask 255.255.255.224
neighbor 192.168.2.1 activate
neighbor 192.168.2.1 next-hop-self
exit-address-family
exit
!

5.3 Datacenter ISP2 router

! ######################################################
! ## DC ISP02
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname dc-isp-02
ip domain name dc02.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.2.6 255.255.255.252
no shutdown

Fortigate ADVPN - BGP |6

Network Topology

exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-dc
ip address 192.168.20.5 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.2.5
!
router bgp 65026
bgp log-neighbor-changes
neighbor 192.168.2.5 remote-as 65000
!
address-family ipv4
network 0.0.0.0
network 192.168.20.4 mask 255.255.255.252
neighbor 192.168.2.5 activate
neighbor 192.168.2.5 next-hop-self
exit-address-family
exit
!

5.4 Datacenter distribution switch

! ######################################################
! ## DC distribution switch
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname dc-sw-00
ip domain name acme.local
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- VTP and VLANs
! ----------------------------------------
vtp domain AcmeDCNet
vtp password AcmeDCNetPass
vtp pruning

Fortigate ADVPN - BGP |7

Network Topology

vtp version 3
vtp mode server
do vtp primary force
!
vlan 5
name Management
exit
!
vlan 10
name Servers
exit
!
vlan 3172
name Dmz
exit
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Vlan5
description = management
ip address 10.2.5.10 255.255.255.0
no shutdown
exit
!
interface Ethernet0/0
description = server
switchport
switchport mode access
switchport access vlan 10
spanning-tree portfast
no shutdown
exit
!
interface Ethernet0/1
description = dmz
switchport
switchport mode access
switchport access vlan 3172
spanning-tree portfast
no shutdown
exit
!
interface Ethernet0/2
description = dc-fw-01-port4
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 5,10,3172
no shutdown
exit
!
interface Ethernet0/3
shutdown
exit

Fortigate ADVPN - BGP |8

Network Topology

!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip default-gateway 10.2.5.1
!

5.5 Datacenter firewall

! ######################################################
! ## DC firewall
! ######################################################
! -- Global configuration
! ----------------------------------------
config system global
set alias "dc-fw-01"
set hostname "dc-fw-01"
set timezone 28
end
!
! ----------------------------------------
! -- DNS
! ----------------------------------------
config system dns
set primary 10.2.10.50
set domain "acme.local"
end
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
config system interface
edit "port1"
set vdom "root"
set mode static
set ip 192.168.20.2 255.255.255.252
set allowaccess ping
set type physical
set alias "isp01"
next
edit "port2"
set vdom "root"
set mode static
set ip 192.168.20.6 255.255.255.252
set allowaccess ping
set type physical
set alias "isp02"
next
edit "port4"
set vdom "root"
set type physical
set alias "dkdc"
set lldp-reception enable
set lldp-transmission enable

Fortigate ADVPN - BGP |9

Network Topology

next
edit "dc-netmgmt"
set vdom "root"
set ip 10.2.5.1 255.255.255.0
set allowaccess ping http
set vlanforward enable
set device-identification enable
set role lan
set interface "port4"
set vlanid 5
next
edit "dc-servers"
set vdom "root"
set ip 10.2.10.1 255.255.255.0
set allowaccess ping
set vlanforward enable
set device-identification enable
set role lan
set interface "port4"
set vlanid 10
next
edit "dc-dmz"
set vdom "root"
set ip 172.16.2.1 255.255.255.224
set allowaccess ping
set vlanforward enable
set device-identification enable
set role lan
set interface "port4"
set vlanid 3172
next
edit "port7"
set vdom "root"
set type physical
set alias "cph"
set lldp-reception enable
set lldp-transmission enable
next
edit "cph-netmgmt"
set vdom "root"
set ip 10.8.5.1 255.255.255.0
set allowaccess ping
set vlanforward enable
set device-identification enable
set role lan
set interface "port7"
set vlanid 5
next
edit "cph-office"
set vdom "root"
set dhcp-relay-service enable
set ip 10.8.16.1 255.255.255.0
set allowaccess ping
set vlanforward enable

Fortigate ADVPN - BGP | 10

Network Topology

set device-identification enable

set role lan
set dhcp-relay-ip "10.2.10.50"
set interface "port7"
set vlanid 16
next
end
!
! ----------------------------------------
! -- Static routing
! ----------------------------------------
config router static
edit 1
set dst 192.168.1.0 255.255.255.0
set gateway 192.168.106.2
set device "port8"
next
edit 2
set dst 10.2.0.0 255.255.0.0
set blackhole enable
next
edit 3
set dst 10.8.0.0 255.255.0.0
set blackhole enable
next
edit 4
set gateway 192.168.20.1
set device "port1"
next
edit 5
set gateway 192.168.20.5
set device "port2"
set distance 15
next
end
!
! ----------------------------------------
! -- Objects addresses
! ----------------------------------------
config firewall address
edit "net-dkdc"
set subnet 10.2.0.0/16
next
edit "net-cphsite"
set subnet 10.8.0.0/16
next
edit "net-stbsite"
set subnet 10.4.0.0/16
next
edit "net-parsite"
set subnet 10.6.0.0/16
next
edit "net-dkdc-netmgmt"
set subnet 10.2.5.0/24

Fortigate ADVPN - BGP | 11

Network Topology

next
edit "net-dkdc-servers"
set subnet 10.2.10.0/24
next
edit "net-dkdc-dmz"
set subnet 172.16.2.0/24
next
edit "net-cph-netmgmt"
set subnet 10.8.5.0 255.255.255.0
next
edit "net-cph-office"
set subnet 10.8.16.0 255.255.255.0
next
edit "net-stb-netmgmt"
set subnet 10.4.5.0 255.255.255.0
next
edit "net-stb-office"
set subnet 10.4.16.0 255.255.255.0
next
edit "net-par-netmgmt"
set subnet 10.6.5.0 255.255.255.0
next
edit "net-par-office"
set subnet 10.6.16.0 255.255.255.0
next
edit "net-10.0.0.0m8"
set subnet 10.0.0.0 255.0.0.0
next
end
!
! ----------------------------------------
! -- SD-WAN
! ----------------------------------------
config system sdwan
set status enable
config zone
edit "sdwan-internet"
next
end
config members
edit 1
set interface "port1"
set zone "sdwan-internet"
set gateway 192.168.20.1
next
edit 2
set interface "port2"
set zone "sdwan-internet"
set gateway 192.168.20.5
next
end
config health-check
edit "sla_internet"
set server "192.168.250.1"

Fortigate ADVPN - BGP | 12

Network Topology

set members 1 2
next
end
config service
edit 1
set name "rule-internet"
set mode priority
set dst "all"
set src "all"
set health-check "sla_internet"
set priority-members 1 2
set priority-zone "sdwan-internet"
next
end
end
!
! ----------------------------------------
! -- Firewall virtual IPs
! ----------------------------------------
config firewall vip
edit "dkdc-dmz-public-nat"
set extip 192.168.100.10-192.168.100.30
set mappedip "172.16.2.10-172.16.2.30"
set extintf "any"
next
end
!
! ----------------------------------------
! -- Firewall zones
! ----------------------------------------
config system zone
edit "dkdc"
set intrazone allow
set interface "dc-netmgmt" "dc-servers" "dc-dmz"
next
edit "cphsite"
set intrazone allow
set interface "cph-netmgmt" "cph-office"
next
end
!
! ----------------------------------------
! -- Firewall policies
! ----------------------------------------
config firewall policy
edit 1
set name "cphsite-internet-access"
set srcintf "cphsite"
set dstintf "internet-sdwan"
set action accept
set srcaddr "net-cphsite"
set dstaddr "all"
set schedule "always"
set service "ALL_ICMP" "HTTP"

Fortigate ADVPN - BGP | 13

Network Topology

set logtraffic all

set nat enable
next
edit 2
set name "internet-to-dkdc-dmz"
set srcintf "internet-sdwan"
set dstintf "dkdc"
set action accept
set srcaddr "all"
set dstaddr "dkdc-dmz-public-nat"
set schedule "always"
set service "HTTP"
set logtraffic all
next
end
!
! ----------------------------------------
! -- ADVPN-HUB
! ----------------------------------------
config vpn ipsec phase1-interface
edit "AcmeVPN1"
set type dynamic
set interface "port1"
set peertype any
set net-device disable
set add-route disable
set ike-version 2
set proposal des-sha256
set auto-discovery-sender enable
set dpd on-idle
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
next
edit "AcmeVPN2"
set type dynamic
set interface "port2"
set peertype any
set net-device disable
set add-route disable
set ike-version 2
set proposal des-sha256
set auto-discovery-sender enable
set dpd on-idle
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
next
end
config vpn ipsec phase2-interface
edit "AcmeVPN1"
set phase1name "AcmeVPN1"
set proposal des-sha256
next
edit "AcmeVPN2"
set phase1name "AcmeVPN2"

Fortigate ADVPN - BGP | 14

Network Topology

set proposal des-sha256

next
end
! ----------------------------------------
! -- ADVPN interfaces
! ----------------------------------------
config system interface
edit "AcmeVPN1"
set ip 10.255.250.1/32
set allowaccess ping
set remote-ip 10.255.250.254/24
next
edit "AcmeVPN2"
set ip 10.255.250.2/32
set allowaccess ping
set remote-ip 10.255.250.254/24
next
end
!
! ----------------------------------------
! -- Firewall zones
! ----------------------------------------
config system zone
edit "acmevpn"
set intrazone allow
set interface "AcmeVPN1" "AcmeVPN2"
next
end
!
! ----------------------------------------
! -- Firewall policies
! ----------------------------------------
config firewall policy
edit 3
set name "dkdc-to-acmevpn"
set srcintf "dkdc"
set dstintf "acmevpn"
set action accept
set srcaddr "net-dkdc"
set dstaddr "net-10.0.0.0m8"
set schedule "always"
set service "ALL_ICMP"
set logtraffic all
next
edit 4
set name "cphsite-to-acmevpn"
set srcintf "cphsite"
set dstintf "acmevpn"
set action accept
set srcaddr "net-cphsite"
set dstaddr "net-10.0.0.0m8"
set schedule "always"
set service "ALL_ICMP"
set logtraffic all

Fortigate ADVPN - BGP | 15

Network Topology

next
edit 5
set name "acmevpn-to-dkdc"
set srcintf "acmevpn"
set dstintf "dkdc"
set action accept
set srcaddr "net-10.0.0.0m8"
set dstaddr "net-dkdc"
set schedule "always"
set service "ALL_ICMP"
set logtraffic all
next
edit 6
set name "acmevpn-to-cphsite"
set srcintf "acmevpn"
set dstintf "cphsite"
set action accept
set srcaddr "net-10.0.0.0m8"
set dstaddr "net-cphsite"
set schedule "always"
set service "ALL_ICMP"
set logtraffic all
next
edit 7
set name "acmevpn-to-acmevpn"
set srcintf "acmevpn"
set dstintf "acmevpn"
set action accept
set srcaddr "net-10.0.0.0m8"
set dstaddr "net-10.0.0.0m8"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
!
! ----------------------------------------
! -- Routing - BGP
! ----------------------------------------
config system interface
edit "Loopback0"
set vdom "root"
set type loopback
set ip 10.255.255.2/32
set allowaccess ping
next
end
!
config router bgp
set as 65000
set router-id 10.255.255.2
config neighbor-group
edit "AcmeSites"
set remote-as 65000

Fortigate ADVPN - BGP | 16

Network Topology

5.6 Copenhagen distribution switch

! ######################################################
! ## CPH distribution switch
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname dc-cph-00
ip domain name acme.local
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- VTP and VLANs
! ----------------------------------------
vtp domain AcmeCPHNet
vtp password AcmeCPHNetPass
vtp pruning
vtp version 3
vtp mode server
do vtp primary force
!
vlan 5
name Management
exit
!
vlan 16
name Office

Fortigate ADVPN - BGP | 17

Network Topology

exit
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Vlan5
description = management
ip address 10.8.5.10 255.255.255.0
no shutdown
exit
!
interface Ethernet0/0
description = Po10
channel-group 10 mode active
no shutdown
exit
!
interface Ethernet0/1
description = Po10
channel-group 10 mode active
no shutdown
exit
!
interface Ethernet0/2
description = dc-fw-01-port7
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 5,16
no shutdown
exit
!
interface Ethernet0/3
shutdown
exit
!
interface Port-channel10
description = cph-sw-00
switchport trunk encapsulation dot1q
switchport mode trunk
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip default-gateway 10.8.5.1
!

5.7 Copenhagen aggregation switch

! ######################################################
! ## CPH aggregation switch
! ######################################################
! -- Global configuration
! ----------------------------------------

Fortigate ADVPN - BGP | 18

Network Topology

hostname cph-sw-00
ip domain name acme.local
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- VTP and VLANs
! ----------------------------------------
vtp domain AcmeCPHNet
vtp password AcmeCPHNetPass
vtp pruning
vtp version 3
vtp mode client
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Vlan5
description = management
ip address 10.8.5.11 255.255.255.0
no shutdown
exit
!
interface Ethernet0/0
description = Po10
channel-group 10 mode active
no shutdown
exit
!
interface Ethernet0/1
description = Po10
channel-group 10 mode active
no shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = clientpc
switchport mode access
switchport access vlan 16
spanning-tree portfast edge
no shutdown
exit
!
interface Port-channel10
description = dc-cph-00
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown

Fortigate ADVPN - BGP | 19

Network Topology

exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip default-gateway 10.8.5.1
!

5.8 Setubal ISP1 router

! ######################################################
! ## STB ISP01
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname stb-isp-01
ip domain name stb01.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.4.2 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-stb
ip address 192.168.40.1 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.4.1
!
router bgp 65042
bgp log-neighbor-changes
neighbor 192.168.4.1 remote-as 65000
!

Fortigate ADVPN - BGP | 20

Network Topology

address-family ipv4
network 0.0.0.0
network 192.168.40.0 mask 255.255.255.252
neighbor 192.168.4.1 activate
neighbor 192.168.4.1 next-hop-self
exit-address-family
exit
!

5.9 Setubal ISP2 router

! ######################################################
! ## STB ISP02
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname stb-isp-02
ip domain name stb02.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.4.6 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-stb
ip address 192.168.40.5 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.4.5
!
router bgp 65046
bgp log-neighbor-changes
neighbor 192.168.4.5 remote-as 65000

Fortigate ADVPN - BGP | 21

Network Topology

!
address-family ipv4
network 0.0.0.0
network 192.168.40.4 mask 255.255.255.252
neighbor 192.168.4.5 activate
neighbor 192.168.4.5 next-hop-self
exit-address-family
exit
!

5.10 Setubal distribution switch

! ######################################################
! ## STB distribution switch
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname stb-sw-00
ip domain name acme.local
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- VTP and VLANs
! ----------------------------------------
vtp domain AcmeSTBNet
vtp password AcmeSTBNetPass
vtp pruning
vtp version 3
vtp mode server
do vtp primary force
!
vlan 5
name Management
exit
!
vlan 16
name Office
exit
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Vlan5
description = management
ip address 10.4.5.10 255.255.255.0
no shutdown
exit
!
interface Ethernet0/0
description = stb-fw-01-port7
switchport trunk encapsulation dot1q

Fortigate ADVPN - BGP | 22

Network Topology

switchport mode trunk

switchport trunk allowed vlan 5,16
no shutdown
exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = clientpc
switchport mode access
switchport access vlan 16
spanning-tree portfast edge
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip default-gateway 10.4.5.1
!

5.11 Setubal firewall

! ######################################################
! ## STB firewall
! ######################################################
! -- Global configuration
! ----------------------------------------
config system global
set alias "stb-fw-01"
set hostname "stb-fw-01"
set timezone 28
end
!
! ----------------------------------------
! -- DNS
! ----------------------------------------
config system dns
set primary 10.2.10.50
set domain "acme.local"
end
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
config system interface
edit "port1"
set vdom "root"

Fortigate ADVPN - BGP | 23

Network Topology

set mode static

set ip 192.168.40.2 255.255.255.252
set allowaccess ping
set type physical
set alias "isp01"
next
edit "port2"
set vdom "root"
set mode static
set ip 192.168.40.6 255.255.255.252
set allowaccess ping
set type physical
set alias "isp02"
next
edit "port7"
set vdom "root"
set type physical
set alias "stb"
set lldp-reception enable
set lldp-transmission enable
next
edit "stb-netmgmt"
set vdom "root"
set ip 10.4.5.1 255.255.255.0
set allowaccess ping http
set vlanforward enable
set device-identification enable
set role lan
set interface "port7"
set vlanid 5
next
edit "stb-office"
set vdom "root"
set dhcp-relay-service enable
set ip 10.4.16.1 255.255.255.0
set allowaccess ping
set vlanforward enable
set device-identification enable
set role lan
set dhcp-relay-ip "10.2.10.50"
set interface "port7"
set vlanid 16
next
end
!
! ----------------------------------------
! -- Static routing
! ----------------------------------------
config router static
edit 1
set dst 192.168.1.0 255.255.255.0
set gateway 192.168.106.2
set device "port8"
next

Fortigate ADVPN - BGP | 24

Network Topology

edit 2
set dst 10.4.0.0 255.255.0.0
set blackhole enable
next
edit 3
set gateway 192.168.40.1
set device "port1"
next
edit 4
set gateway 192.168.40.5
set device "port2"
set distance 15
next
end
!
! ----------------------------------------
! -- Objects addresses
! ----------------------------------------
config firewall address
edit "net-dkdc"
set subnet 10.2.0.0/16
next
edit "net-cphsite"
set subnet 10.8.0.0/16
next
edit "net-stbsite"
set subnet 10.4.0.0/16
next
edit "net-parsite"
set subnet 10.6.0.0/16
next
edit "net-dkdc-netmgmt"
set subnet 10.2.5.0/24
next
edit "net-dkdc-servers"
set subnet 10.2.10.0/24
next
edit "net-dkdc-dmz"
set subnet 172.16.2.0/24
next
edit "net-cph-netmgmt"
set subnet 10.8.5.0 255.255.255.0
next
edit "net-cph-office"
set subnet 10.8.16.0 255.255.255.0
next
edit "net-stb-netmgmt"
set subnet 10.4.5.0 255.255.255.0
next
edit "net-stb-office"
set subnet 10.4.16.0 255.255.255.0
next
edit "net-par-netmgmt"
set subnet 10.6.5.0 255.255.255.0

Fortigate ADVPN - BGP | 25

Network Topology

next
edit "net-par-office"
set subnet 10.6.16.0 255.255.255.0
next
edit "net-10.0.0.0m8"
set subnet 10.0.0.0 255.0.0.0
next
end
!
! ----------------------------------------
! -- ADVPN-SPOKE
! ----------------------------------------
config vpn ipsec phase1-interface
edit "AcmeVPN11"
set interface "port1"
set peertype any
set net-device disable
set auto-discovery-receiver enable
set add-route disable
set ike-version 2
set proposal des-sha256
set dpd on-idle
set remote-gw 192.168.20.2
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
next
edit "AcmeVPN21"
set interface "port2"
set peertype any
set net-device disable
set auto-discovery-receiver enable
set add-route disable
set ike-version 2
set proposal des-sha256
set dpd on-idle
set remote-gw 192.168.20.2
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
set monitor "AcmeVPN11"
next
edit "AcmeVPN12"
set interface "port1"
set peertype any
set net-device enable
set auto-discovery-receiver enable
set add-route disable
set ike-version 2
set proposal des-sha256
set dpd on-idle
set remote-gw 192.168.20.6
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
next
edit "AcmeVPN22"

Fortigate ADVPN - BGP | 26

Network Topology

set interface "port2"

set peertype any
set net-device enable
set auto-discovery-receiver enable
set add-route disable
set ike-version 2
set proposal des-sha256
set dpd on-idle
set remote-gw 192.168.20.6
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
set monitor "AcmeVPN12"
next
end
config vpn ipsec phase2-interface
edit "AcmeVPN11"
set phase1name "AcmeVPN11"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN21"
set phase1name "AcmeVPN21"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN12"
set phase1name "AcmeVPN12"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN22"
set phase1name "AcmeVPN22"
set proposal des-sha256
set auto-negotiate enable
next
end
!
! ----------------------------------------
! -- ADVPN interfaces
! ----------------------------------------
config system interface
edit "AcmeVPN11"
set ip 10.255.250.4/32
set allowaccess ping
set remote-ip 10.255.250.1/24
next
edit "AcmeVPN21"
set ip 10.255.250.204/32
set allowaccess ping
set remote-ip 10.255.250.1/24
next
edit "AcmeVPN12"
set ip 10.255.250.5/32
set allowaccess ping

Fortigate ADVPN - BGP | 27

Network Topology

set remote-ip 10.255.250.2/24

next
edit "AcmeVPN22"
set ip 10.255.250.205/32
set allowaccess ping
set remote-ip 10.255.250.2/24
next
end
!
! ----------------------------------------
! -- Firewall zones
! ----------------------------------------
config system zone
edit "stbsite"
set intrazone allow
set interface "stb-netmgmt" "stb-office"
next
end
!
! ----------------------------------------
! -- SD-WAN
! ----------------------------------------
config system sdwan
set status enable
config zone
edit "sdwan-acmevpn"
next
edit "sdwan-internet"
next
end
config members
edit 1
set interface "port1"
set zone "sdwan-internet"
set gateway 192.168.40.1
next
edit 2
set interface "port2"
set zone "sdwan-internet"
set gateway 192.168.40.5
next
edit 3
set interface "AcmeVPN11"
set zone "sdwan-acmevpn"
set gateway 10.255.250.1
next
edit 4
set interface "AcmeVPN21"
set zone "sdwan-acmevpn"
set gateway 10.255.250.1
next
edit 5
set interface "AcmeVPN12"
set zone "sdwan-acmevpn"

Fortigate ADVPN - BGP | 28

Network Topology

set gateway 10.255.250.2

next
edit 6
set interface "AcmeVPN22"
set zone "sdwan-acmevpn"
set gateway 10.255.250.2
next
end
config health-check
edit "sla_internet"
set server "192.168.250.1"
set members 1 2
next
edit "sla_acmevpn"
set server "10.2.10.1"
set members 3 4 5 6
next
end
config service
edit 1
set name "rule-acmevpn"
set mode priority
set dst "net-10.0.0.0m8"
set src "net-10.0.0.0m8"
set health-check "sla_acmevpn"
set priority-members 3 4 5 6
next
edit 2
set name "rule-internet"
set mode priority
set dst "all"
set src "net-stbsite"
set health-check "sla_internet"
set priority-members 1 2
next
end
end
!
! ----------------------------------------
! -- Firewall policies
! ----------------------------------------
config firewall policy
edit 1
set name "stbsite-internet-access"
set srcintf "stbsite"
set dstintf "sdwan-internet"
set action accept
set srcaddr "net-stbsite"
set dstaddr "all"
set schedule "always"
set service "ALL_ICMP" "HTTP"
set logtraffic all
set nat enable
next

Fortigate ADVPN - BGP | 29

Network Topology

edit 2
set name "stbsite-to-acmevpn"
set srcintf "stbsite"
set dstintf "sdwan-acmevpn"
set action accept
set srcaddr "net-stbsite"
set dstaddr "net-10.0.0.0m8"
set schedule "always"
set service "ALL"
set logtraffic all
next
edit 3
set name "acmevpn-to-stbsite"
set srcintf "sdwan-acmevpn"
set dstintf "stbsite"
set action accept
set srcaddr "net-10.0.0.0m8"
set dstaddr "net-stbsite"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
!
! ----------------------------------------
! -- Routing - BGP
! ----------------------------------------
config system interface
edit "Loopback0"
set vdom "root"
set type loopback
set ip 10.255.255.4/32
set allowaccess ping
next
end
!
config router bgp
set as 65000
set router-id 10.255.255.4
config neighbor
edit "10.255.250.1"
set remote-as 65000
set advertisement-interval 1
set link-down-failover enable
next
edit "10.255.250.2"
set remote-as 65000
set advertisement-interval 1
set link-down-failover enable
next
end
config network
edit 1
set prefix 10.4.0.0/16

Fortigate ADVPN - BGP | 30

Network Topology

next
edit 2
set prefix 10.255.255.4/32
next
end
end
!

5.12 Paris ISP1 router

! ######################################################
! ## PAR ISP01
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname par-isp-01
ip domain name par01.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.6.2 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-par
ip address 192.168.60.1 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.6.1
!
router bgp 65062
bgp log-neighbor-changes
neighbor 192.168.6.1 remote-as 65000
!

Fortigate ADVPN - BGP | 31

Network Topology

address-family ipv4
network 0.0.0.0
network 192.168.60.0 mask 255.255.255.252
neighbor 192.168.6.1 activate
neighbor 192.168.6.1 next-hop-self
exit-address-family
exit
!

5.13 Paris ISP2 router

! ######################################################
! ## PAR ISP02
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname par-isp-02
ip domain name par02.com
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Ethernet0/0
description = internet
ip address 192.168.6.6 255.255.255.252
no shutdown
exit
!
interface Ethernet0/1
shutdown
exit
!
interface Ethernet0/2
shutdown
exit
!
interface Ethernet0/3
description = acme-stb
ip address 192.168.60.5 255.255.255.252
no shutdown
exit
!
! ----------------------------------------
! -- Routing
! ----------------------------------------
ip route 0.0.0.0 0.0.0.0 192.168.6.5
!
router bgp 65066
bgp log-neighbor-changes
neighbor 192.168.6.5 remote-as 65000

Fortigate ADVPN - BGP | 32

Network Topology

!
address-family ipv4
network 0.0.0.0
network 192.168.60.4 mask 255.255.255.252
neighbor 192.168.6.5 activate
neighbor 192.168.6.5 next-hop-self
exit-address-family
exit
!

5.14 Paris distribution switch

! ######################################################
! ## PAR distribution switch
! ######################################################
! -- Global configuration
! ----------------------------------------
hostname par-sw-00
ip domain name acme.local
no ip domain lookup
no logg console
logg buffered 131072 debug
service password-encryption
!
! ----------------------------------------
! -- VTP and VLANs
! ----------------------------------------
vtp domain AcmePARNet
vtp password AcmePARNetPass
vtp pruning
vtp version 3
vtp mode server
do vtp primary force
!
vlan 5
name Management
exit
!
vlan 16
name Office
exit
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
interface Vlan5
description = management
ip address 10.6.5.10 255.255.255.0
no shutdown
exit
!
interface Ethernet0/0
description = par-fw-01-port7
switchport trunk encapsulation dot1q

Fortigate ADVPN - BGP | 33

Network Topology

switchport mode trunk

5.15 Paris firewall

! ######################################################
! ## PAR firewall
! ######################################################
! -- Global configuration
! ----------------------------------------
config system global
set alias "par-fw-01"
set hostname "par-fw-01"
set timezone 28
end
!
! ----------------------------------------
! -- DNS
! ----------------------------------------
config system dns
set primary 10.2.10.50
set domain "acme.local"
end
!
! ----------------------------------------
! -- Interfaces
! ----------------------------------------
config system interface
edit "port1"
set vdom "root"

Fortigate ADVPN - BGP | 34

Network Topology

set mode static

set ip 192.168.60.2 255.255.255.252
set allowaccess ping
set type physical
set alias "isp01"
next
edit "port2"
set vdom "root"
set mode static
set ip 192.168.60.6 255.255.255.252
set allowaccess ping
set type physical
set alias "isp02"
next
edit "port7"
set vdom "root"
set type physical
set alias "par"
set lldp-reception enable
set lldp-transmission enable
next
edit "par-netmgmt"
set vdom "root"
set ip 10.6.5.1 255.255.255.0
set allowaccess ping http
set vlanforward enable
set device-identification enable
set role lan
set interface "port7"
set vlanid 5
next
edit "par-office"
set vdom "root"
set dhcp-relay-service enable
set ip 10.6.16.1 255.255.255.0
set allowaccess ping
set vlanforward enable
set device-identification enable
set role lan
set dhcp-relay-ip "10.2.10.50"
set interface "port7"
set vlanid 16
next
end
!
! ----------------------------------------
! -- Static routing
! ----------------------------------------
config router static
edit 1
set dst 192.168.1.0 255.255.255.0
set gateway 192.168.106.2
set device "port8"
next

Fortigate ADVPN - BGP | 35

Network Topology

edit 2
set dst 10.6.0.0 255.255.0.0
set blackhole enable
next
edit 3
set gateway 192.168.60.1
set device "port1"
next
edit 4
set gateway 192.168.60.5
set device "port2"
set distance 15
next
end
!
! ----------------------------------------
! -- Objects addresses
! ----------------------------------------
config firewall address
edit "net-dkdc"
set subnet 10.2.0.0/16
next
edit "net-cphsite"
set subnet 10.8.0.0/16
next
edit "net-stbsite"
set subnet 10.4.0.0/16
next
edit "net-parsite"
set subnet 10.6.0.0/16
next
edit "net-dkdc-netmgmt"
set subnet 10.2.5.0/24
next
edit "net-dkdc-servers"
set subnet 10.2.10.0/24
next
edit "net-dkdc-dmz"
set subnet 172.16.2.0/24
next
edit "net-cph-netmgmt"
set subnet 10.8.5.0 255.255.255.0
next
edit "net-cph-office"
set subnet 10.8.16.0 255.255.255.0
next
edit "net-stb-netmgmt"
set subnet 10.4.5.0 255.255.255.0
next
edit "net-stb-office"
set subnet 10.4.16.0 255.255.255.0
next
edit "net-par-netmgmt"
set subnet 10.6.5.0 255.255.255.0

Fortigate ADVPN - BGP | 36

Network Topology

Fortigate ADVPN - BGP | 37

Network Topology

set interface "port2"

set peertype any
set net-device enable
set auto-discovery-receiver enable
set add-route disable
set ike-version 2
set proposal des-sha256
set dpd on-idle
set remote-gw 192.168.20.6
set psksecret AcmeADVPNTunnel
set dpd-retryinterval 5
set monitor "AcmeVPN12"
next
end
config vpn ipsec phase2-interface
edit "AcmeVPN11"
set phase1name "AcmeVPN11"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN21"
set phase1name "AcmeVPN21"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN12"
set phase1name "AcmeVPN12"
set proposal des-sha256
set auto-negotiate enable
next
edit "AcmeVPN22"
set phase1name "AcmeVPN22"
set proposal des-sha256
set auto-negotiate enable
next
end
!
! ----------------------------------------
! -- ADVPN interfaces
! ----------------------------------------
config system interface
edit "AcmeVPN11"
set ip 10.255.250.6/32
set allowaccess ping
set remote-ip 10.255.250.1/24
next
edit "AcmeVPN21"
set ip 10.255.250.206/32
set allowaccess ping
set remote-ip 10.255.250.1/24
next
edit "AcmeVPN12"
set ip 10.255.250.7/32
set allowaccess ping

Fortigate ADVPN - BGP | 38

Network Topology

set remote-ip 10.255.250.2/24

next
edit "AcmeVPN22"
set ip 10.255.250.207/32
set allowaccess ping
set remote-ip 10.255.250.2/24
next
end
!
! ----------------------------------------
! -- Firewall zones
! ----------------------------------------
config system zone
edit "parsite"
set intrazone allow
set interface "par-netmgmt" "par-office"
next
end
!
! ----------------------------------------
! -- SD-WAN
! ----------------------------------------
config system sdwan
set status enable
config zone
edit "sdwan-acmevpn"
next
edit "sdwan-internet"
next
end
config members
edit 1
set interface "port1"
set zone "sdwan-internet"
set gateway 192.168.60.1
next
edit 2
set interface "port2"
set zone "sdwan-internet"
set gateway 192.168.60.5
next
edit 3
set interface "AcmeVPN11"
set zone "sdwan-acmevpn"
next
edit 4
set interface "AcmeVPN21"
set zone "sdwan-acmevpn"
next
edit 5
set interface "AcmeVPN12"
set zone "sdwan-acmevpn"
next
edit 6

Fortigate ADVPN - BGP | 39

Network Topology

set interface "AcmeVPN22"

set zone "sdwan-acmevpn"
next
end
config health-check
edit "sla_internet"
set server "192.168.250.1"
set members 1 2
next
edit "sla_acmevpn"
set server "10.2.10.1"
set members 3 4 5 6
next
end
config service
edit 1
set name "rule-acmevpn"
set mode priority
set src "net-10.0.0.0m8"
set dst "net-10.0.0.0m8"
set health-check "sla_acmevpn"
set priority-members 3 4 5 6
next
edit 2
set name "rule-internet"
set mode priority
set dst "all"
set src "net-stbsite"
set health-check "sla_internet"
set priority-members 1 2
next
end
end
!
! ----------------------------------------
! -- Firewall policies
! ----------------------------------------
config firewall policy
edit 1
set name "parsite-internet-access"
set srcintf "parsite"
set dstintf "sdwan-internet"
set action accept
set srcaddr "net-parsite"
set dstaddr "all"
set schedule "always"
set service "ALL_ICMP" "HTTP"
set logtraffic all
set nat enable
next
edit 2
set name "parsite-to-acmevpn"
set srcintf "parsite"
set dstintf "sdwan-acmevpn"

Fortigate ADVPN - BGP | 40

Network Topology

set action accept

set srcaddr "net-parsite"
set dstaddr "net-10.0.0.0m8"
set schedule "always"
set service "ALL"
set logtraffic all
next
edit 3
set name "acmevpn-to-parsite"
set srcintf "sdwan-acmevpn"
set dstintf "parsite"
set action accept
set srcaddr "net-10.0.0.0m8"
set dstaddr "net-parsite"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
!
! ----------------------------------------
! -- Routing - BGP
! ----------------------------------------
config system interface
edit "Loopback0"
set vdom "root"
set type loopback
set ip 10.255.255.6/32
set allowaccess ping
next
end
!
config router bgp
set as 65000
set router-id 10.255.255.6
config neighbor
edit "10.255.250.1"
set remote-as 65000
set advertisement-interval 1
set link-down-failover enable
next
edit "10.255.250.2"
set remote-as 65000
set advertisement-interval 1
set link-down-failover enable
next
end
config network
edit 1
set prefix 10.6.0.0/16
next
edit 2
set prefix 10.255.255.6/32
next

Fortigate ADVPN - BGP | 41

Network Topology

end
end
!

Fortigate ADVPN - BGP | 42

Kemal Haydar YILDIRIM (28337914 - Totaljobs)
No ratings yet
Kemal Haydar YILDIRIM (28337914 - Totaljobs)
4 pages
Solution - Session (NETWORK) From 2010-1-To 2018-2 - BT3 Information Technology
No ratings yet
Solution - Session (NETWORK) From 2010-1-To 2018-2 - BT3 Information Technology
64 pages
20 - Troubleshooting IP Routing Protocols (CCIE Professional Development Series) (Aziz, Liu, Martey, Shamim, IsBN 1587050196)
No ratings yet
20 - Troubleshooting IP Routing Protocols (CCIE Professional Development Series) (Aziz, Liu, Martey, Shamim, IsBN 1587050196)
1,145 pages
Spoto Ccie Lab Rs v5.0 h3 Diag Version 1.1
No ratings yet
Spoto Ccie Lab Rs v5.0 h3 Diag Version 1.1
3 pages
7.4.3.5 Lab - Configuring Basic EIGRP For IPv6 - ILM PDF
97% (31)
7.4.3.5 Lab - Configuring Basic EIGRP For IPv6 - ILM PDF
17 pages
NSE7
No ratings yet
NSE7
7 pages
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
EPON OLT Series Datasheet
No ratings yet
EPON OLT Series Datasheet
7 pages
13.1.2 Lab - Implement BGP Communities PDF
100% (1)
13.1.2 Lab - Implement BGP Communities PDF
15 pages
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
From Everand
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
Mamta Devi
No ratings yet
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
From Everand
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
Alcatel-Lucent
No ratings yet
FFT - SD-WAN Fast Track Lab Guide v6.2 - r1
No ratings yet
FFT - SD-WAN Fast Track Lab Guide v6.2 - r1
52 pages
BGP Policy Lab: Remember, All The Above Applies To Both Ipv4 and Ipv6
No ratings yet
BGP Policy Lab: Remember, All The Above Applies To Both Ipv4 and Ipv6
22 pages
Cisco NX-OS IOS BGP (Advanced) Comparison
No ratings yet
Cisco NX-OS IOS BGP (Advanced) Comparison
6 pages
Configuring BGP On Cisco Routers Lab Guide 3.2
67% (3)
Configuring BGP On Cisco Routers Lab Guide 3.2
106 pages
WLAN Solution Deployment ADU LLD Final
No ratings yet
WLAN Solution Deployment ADU LLD Final
46 pages
f5 LTM
No ratings yet
f5 LTM
16 pages
BGP Route Reflectors and Route Filters
No ratings yet
BGP Route Reflectors and Route Filters
12 pages
Versa Training Lab Guide: Groups 1 - 2
No ratings yet
Versa Training Lab Guide: Groups 1 - 2
20 pages
Hosting More Than One Fortios Instance On A Single Fortigate Unit Using Vdoms and Vlans
No ratings yet
Hosting More Than One Fortios Instance On A Single Fortigate Unit Using Vdoms and Vlans
35 pages
Implementing OSPF Routing
No ratings yet
Implementing OSPF Routing
20 pages
Configuring Security Features
No ratings yet
Configuring Security Features
8 pages
Network ID With ADVPN PDF
No ratings yet
Network ID With ADVPN PDF
3 pages
Implement MP-BGP EVPN VXLAN Control Plane Lab v2
No ratings yet
Implement MP-BGP EVPN VXLAN Control Plane Lab v2
74 pages
Cisco IOS IP SLAs Configuration Guide
No ratings yet
Cisco IOS IP SLAs Configuration Guide
332 pages
FGT2 12 Virtual Domains
No ratings yet
FGT2 12 Virtual Domains
31 pages
VRF-Aware IPsec Using Crypto Maps and Custom FVRF
No ratings yet
VRF-Aware IPsec Using Crypto Maps and Custom FVRF
4 pages
4 - Spedge 1.0 - Lab Guide
No ratings yet
4 - Spedge 1.0 - Lab Guide
112 pages
CISCO DATA CENTER NETWORK Lab PDF
No ratings yet
CISCO DATA CENTER NETWORK Lab PDF
198 pages
Cisco Live - Overview of Troubleshooting Tools in Cisco Switches and Routers - BRKARC-2011 PDF
No ratings yet
Cisco Live - Overview of Troubleshooting Tools in Cisco Switches and Routers - BRKARC-2011 PDF
95 pages
9.BGP Neighbor Adjacency States
No ratings yet
9.BGP Neighbor Adjacency States
8 pages
Technical Note - How To Use BGP and SD-WAN For Advertising Routes and Path Selection in FortiGate
No ratings yet
Technical Note - How To Use BGP and SD-WAN For Advertising Routes and Path Selection in FortiGate
13 pages
Nse5 Faz-6.4
No ratings yet
Nse5 Faz-6.4
33 pages
PCCSE
No ratings yet
PCCSE
33 pages
Cisco CCIE Lab Study Guide
No ratings yet
Cisco CCIE Lab Study Guide
7 pages
Ipsec With Cisco Asa
No ratings yet
Ipsec With Cisco Asa
10 pages
CCNP Route Dumps
No ratings yet
CCNP Route Dumps
239 pages
CCNP Enterprise Workbook - Lab Topology Diagrams - Lab Startup BGP Neighborship
No ratings yet
CCNP Enterprise Workbook - Lab Topology Diagrams - Lab Startup BGP Neighborship
2 pages
DC1
No ratings yet
DC1
4 pages
SPADVROUTE101LG
No ratings yet
SPADVROUTE101LG
132 pages
Mastering ASA Firewall: Narbik Kocharians CCIE #12410 R&S, Security, SP Piotr Matusiak CCIE #19860 R&S, Security
100% (1)
Mastering ASA Firewall: Narbik Kocharians CCIE #12410 R&S, Security, SP Piotr Matusiak CCIE #19860 R&S, Security
33 pages
CCNP Switching - AAAdot1x Lab With Explanation - Sysnet Notes
No ratings yet
CCNP Switching - AAAdot1x Lab With Explanation - Sysnet Notes
8 pages
Figure1: Physical Topology
No ratings yet
Figure1: Physical Topology
25 pages
Lab 3: Basic EIGRP Configuration Lab: Topology Diagram
No ratings yet
Lab 3: Basic EIGRP Configuration Lab: Topology Diagram
4 pages
Palo Alto Networks in The Datacenter PDF
No ratings yet
Palo Alto Networks in The Datacenter PDF
9 pages
Vxlan Bgp-Evpn: Vinit Jain Twitter - @vinugenie
No ratings yet
Vxlan Bgp-Evpn: Vinit Jain Twitter - @vinugenie
25 pages
Jncis-Sp & Jncip-Sp Blueprint
No ratings yet
Jncis-Sp & Jncip-Sp Blueprint
4 pages
CCIE Security v5-KB WB PDF
No ratings yet
CCIE Security v5-KB WB PDF
404 pages
Day One - Junos For IOS Engineers
100% (1)
Day One - Junos For IOS Engineers
78 pages
CCNA Security Lab Manual by Yasir Imran
100% (4)
CCNA Security Lab Manual by Yasir Imran
178 pages
SolarWinds Server & Application Monitor : Deployment and Administration
From Everand
SolarWinds Server & Application Monitor : Deployment and Administration
Justin M. Brant
No ratings yet
Border Gateway Protocol Second Edition
From Everand
Border Gateway Protocol Second Edition
Gerardus Blokdyk
No ratings yet
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassoulii
No ratings yet
Alcatel-Lucent Service Routing Architect (SRA) Self-Study Guide: Preparing for the BGP, VPRN and Multicast Exams
From Everand
Alcatel-Lucent Service Routing Architect (SRA) Self-Study Guide: Preparing for the BGP, VPRN and Multicast Exams
Glenn Warnock
No ratings yet
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
From Everand
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
Marius Sandbu
No ratings yet
Getting Started with FortiGate
From Everand
Getting Started with FortiGate
Fabrizio Volpe
No ratings yet
Implementing NetScaler VPX™ - Second Edition
From Everand
Implementing NetScaler VPX™ - Second Edition
Sandbu Marius
No ratings yet
CCIE Security The Ultimate Step-By-Step Guide
From Everand
CCIE Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
VMware NSX Network Essentials
From Everand
VMware NSX Network Essentials
Sreejith.C
No ratings yet
Troubleshooting NetScaler
From Everand
Troubleshooting NetScaler
Raghu Varma Tirumalaraju
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
BGP Guide
No ratings yet
BGP Guide
2 pages
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
From Everand
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
Mulayam Singh
No ratings yet
Cisco: Questions & Answers
No ratings yet
Cisco: Questions & Answers
7 pages
Iway
No ratings yet
Iway
35 pages
Element Management System User Manual - V1.7
No ratings yet
Element Management System User Manual - V1.7
217 pages
IT3131 CNLab Manual 2024
No ratings yet
IT3131 CNLab Manual 2024
99 pages
Palo AltoTroubleshooting Decision Tree Guide PDF
100% (3)
Palo AltoTroubleshooting Decision Tree Guide PDF
22 pages
Direction Based Routing Strategy To Reduce Broadcast Storm in MANET
No ratings yet
Direction Based Routing Strategy To Reduce Broadcast Storm in MANET
6 pages
Key Focus Areas and Enabling Technologies For 6G
No ratings yet
Key Focus Areas and Enabling Technologies For 6G
8 pages
Computer Networks - Iii - I - Cse - Unit - I Notes
No ratings yet
Computer Networks - Iii - I - Cse - Unit - I Notes
4 pages
Lec 1
No ratings yet
Lec 1
18 pages
200-301 Cisco Certified Network Associate: (Version 3.0)
No ratings yet
200-301 Cisco Certified Network Associate: (Version 3.0)
151 pages
Wireless Mobile Network 22622 Msbte
No ratings yet
Wireless Mobile Network 22622 Msbte
26 pages
ATM Switch Network Configuration Manual
No ratings yet
ATM Switch Network Configuration Manual
462 pages
Setting Up Site-To-site VPN R80.x
No ratings yet
Setting Up Site-To-site VPN R80.x
16 pages
BBU Interconnection (SRAN15.1 02)
No ratings yet
BBU Interconnection (SRAN15.1 02)
49 pages
BIT3204 NETWORK MANAGEMENT Notes
No ratings yet
BIT3204 NETWORK MANAGEMENT Notes
40 pages
Alcatel-Lucent L2 VPN and L3 VPN Services - Part 3 (Network Preparation)
No ratings yet
Alcatel-Lucent L2 VPN and L3 VPN Services - Part 3 (Network Preparation)
7 pages
630 Series: DNP3 Communication Protocol Manual
No ratings yet
630 Series: DNP3 Communication Protocol Manual
48 pages
Citrix Netscaler Clustering Guide v2
No ratings yet
Citrix Netscaler Clustering Guide v2
67 pages
Huawei NE9000 Product Brochure 2 25
No ratings yet
Huawei NE9000 Product Brochure 2 25
8 pages
E7 GPON Coursebook Web
No ratings yet
E7 GPON Coursebook Web
142 pages
03-05 - System Connections
No ratings yet
03-05 - System Connections
69 pages
Job Sheet Networking Ok
No ratings yet
Job Sheet Networking Ok
4 pages
Bhvya Acn MP Fin
No ratings yet
Bhvya Acn MP Fin
17 pages
SOP For Cisco Router Troubleshoot
100% (2)
SOP For Cisco Router Troubleshoot
13 pages
Cisco ASR 1002-HX Router Hardware Installation Guide: Americas Headquarters
No ratings yet
Cisco ASR 1002-HX Router Hardware Installation Guide: Americas Headquarters
124 pages
LTG
No ratings yet
LTG
51 pages
Osi Model
No ratings yet
Osi Model
44 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.