Pass Fortinet NSE4 Certification Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
Fortinet NSE4 Certification Practice Test Questions and Answers, Fortinet NSE4 Certification Exam Dumps
All Fortinet NSE4 certification exam dumps, study guide, training courses are prepared by industry experts. Fortinet NSE4 certification practice test questions and answers, exam dumps, study guide and training courses help candidates to study and pass hassle-free!
FortiGate Firewall V6.4
26. Lecture-26:MAC Address Based Policy in FortiGate Firewall.
We will create one policy to restrict a user by Mac address. There are so many ways to restrict the policy right now. Everyone has access to Facebook, and I'm not sure which one I'll visit. I have a computer and can access YouTube as well. Both PCs can go at the same time from here. PC one and PC two, and we can see the traffic from the 40-degree view and go to all sessions.
So there will be one and two. This is our two PCs, one and two, and this one and these two PCs are going to DNS first, then Facebook, and so on. And we can see from the sources that there are only two sources: one two and one one, and we can see from the logs reporting traffic that there are only two sources of traffic: one two and one one. Let me clear this filter to show both sources: one two and one one. Because everything is allowed by policy, This is our policy. Let me delete this policy. Let me make the sequences more clear. I don't need length to win right now. I have only one policy, which is to lend to Vent. and allowed everything. That's why both systems can go anywhere. But I'd like to set some constraints using the make address. Ascertain that we have the address for media access control.
We call them physical addresses. We call them hardware addresses. We can refer to them as Nic addresses. We can call them physical addresses. And this address has so many different names. On every system, this 48-bit address has twelve digits and hexadecimal values. They have a Mac address. If you have an interface, you have an address. You can find a make address using ipconfig, either by getting make or getting get, regardless of whether it is a logical interface, physical interface, or whatever. Which command you obey is entirely up to you. If you want to use it, you can see it graphically, and if I say "get make," it will show me all the makers in my system, so I have six interfaces.
What should I do now that I have a maker's physical address, either this one or that one? I want to restrict the policy by making it mandatory. So we'll remove the Mac address from the list and only allow PCs. By make address, I mean PC one, not PC two. So I'm going to do what I need to do. to PC 1. I don't know which one is PC One. So let me close these two and go to the PC to find the Mac address console, all right? And let me go to Terminal and type fconfig because it's a Linux system, so you have to type it, so we call them hardware addresses as well. I just need the hardware address, so I will come here first. I need an address; you know, go to policy and object under policy. There are addresses we will discuss in detail. But right now, I want to create one address, create another address, and give it to them PC.Make an address. Make it whatever colour you want to use. Consider the colour of the icon and the type of address you want to create.
I say, "Here's the address for this one." You can enter a single or multiple addresses in the make address field of this permit. So what is the mailing address? because I cannot copy from here. So that's what I need to do to type it. So that's CE 7833, and I don't think it's. Alternatively, let me try O and F 8764. If we run into any problems, I'll make this O. Either it's one or zero. I am not sure. So I believe this. from which interface? It will come from Lane. Any comments? You can have a PC, Mac, or whatever address you want. Now it's created, and it will show up in the policy. Don't worry, because there was a PC one when I was making it. This one, if I click, says "Show an address list." In this policy, address list means. Now I want to modify this policy. Before, it was allowed for everyone. Now, I'm not saying the source is all the PC one maker dresses we just made and clicked on. Now we restrict the policy by Mac address, so that anyone going to an end source maker from anywhere is this one.
We assigned this address to the creators. It can go anywhere at any time and log the station's services. And this is the only policy we have. There is a "deny" policy. Do you think the PC-2 will now work? Let's start with this one. This one is either working or not. So this one is working. We assigned an IP address to this one because So it can go to Twitter, and it can go to Facebook. Yes. Now let's go on this PC too and go to the console and try anything. Just the previous session. Let me go to Twitter. It will not work because, in our policy, there is no such rule for this guy. As a result, they are unable to access the internet. because it will reach here. It will be destroyed by the second one. From top to bottom, it will check I told you it would check from top to bottom, and first it would check that I'm from Lane.
Yes, I'm going to Lane. Yes. Is my Mac address this one? No. Go to the next policy. The next policy says deny, and that's it. However, when PC One arrives, it checks. Are you from Lane? He says yes. Are you going to win? He says yes. Does your maker make this one? He says yes. Where do you want to go? You can go anywhere. You can go anytime and you can go for any services; you are accepted, you are native, and there is no restriction on you. So this is the mailing address. I limit based on the make address. Now this one can go, but the other PC cannot go. So this is our policy. What we've done We went to policy and object addresses. We create any Mac address, put the Mac address on the PC, and then give them the source of this. When we check, this PC is connecting to the Internet to rest. If any PC cannot be verified, you can check the logs; we have so many where? Go to "Fortify all sessions" and it will show this IP, this one, and also if you go to "Logs" and report forwarding traffic. And when you click on this PC, one is allowed.
There is a detail button. You will win if you apply click pressure. And all of this is mentioned here. Which policy has been affected? And so many other details can be found in the Monetization section; all of this in detail, what is this? Okay. And we can see which policies have been affected in greater detail from the source, among other things. There are many ways to get there because we have a forwarding log we can check from the source, which is the one you can see from here because the other piece is not permitted. You can check the destination; we are at a wind destination. Okay, you can also see which policies have been affected. We have only one policy land to end in all sessions that we can check, and we can also verify from the dashboard, from top, land, and DMZ, and it will show me the top. Source. The top source is the one that is here, this one. Because there were many sources here at the time. And the most common destination is Google, so we can confirm from here.
27. Lecture-27:Local User Based Policy in FortiGate Firewall.
We will create a policy for local users. Because we haven't yet completed the FortiGate integration with Active Directory, which we will do later in the course. Right now, I'd like to show you what you can do if you want to allow someone by user in the policy, but that user will be created locally in the 40 gate. Later, I'll show you how to integrate the 40-Gate firewall with AAA or Active Directory. So, first and foremost, we must create a user locally.
And if you need a group, you can create one as well. This is the way to create a local user. When your user has completed the required actions, you must implement the policy, and when they login, they must inform the user that they must log in to access the internet or resources. So, first and foremost, you must create a user and a device. Don't worry; we'll go over everything again. But it's connected to our policy. So that's why we are going to go to user definition and create one local user. So there are so many ways, which we will discuss in detail later. Readers, tickets, a directory, and so much more I'm currently performing local usernext and assigning the mini name. What will the password be for user one?
One, two, three. The next email address If you want, type them in for two-factor authentication; we'll go over this in more detail later. I don't need anything. Do you want this account to be enabled? Yes. Do you want to be a part of the group? No, I only require one user for testing purposes. That's it. Now go to policy and object to our main topic. Okay. And let me delete this one. It means PC-2 will no longer travel. PC One and PC Two are permitted due to their IP addresses. This is the PC's second IP address. If I go to the first PC, this will not be allowed anymore. No, he cannot go now on this PC. Why? Because before we allowed them, I made and deleted that policy. Now I want it by user. It's not going yet. Clear?
This one is going just because of the basis of the address; yeah, but the PCOne policy is being deleted; it's not there. This time, let me create a policy by user. As a result, when going to the source, PC one user incoming is always. This time, the source is the user, not the addresses going to the second term. And what is the user name? User. However, it generates some errors for me. This is the user, but which PC will this user be coming from? So I say this user can come from any PC inside a PC. It can log in from anywhere inside the lane, but it will be user one. So you must include both the entire list and the destination. It can go anywhere and use any services; it will be native, and our session will be recorded and okay. This time, I'm going to create a policy by user PC. PC 2 can be turned on one at a time by the user. This is just to show you. So now if I go to PC 2, it's already asking for a network login. It's asking, so let's click on this one. It will ask for a username. So what is the username? You cannot do anything until you enter the username. So user one and password are one, two, three, and continue.
You can now log in; by the way, why is it asking again? Let me repeat: there will be a continue button. Okay, let me do it again. It's requesting a reason error. Let me click on anything. It will ask you for the username and password. And it's going now because I entered the username and password. By the way, how do we know? Let's go back there. First things first, this policy will hit the user policy. So let's do it. If the policy has been hit, there is a traffic bias. The second thing I can verify is that I went to the monitor. There is a monitor, and there is a firewall user. This one is using this traffic, and it says user one is logged in. Allow me to disconnect and deauthenticate them so I can show you again. Now if I go back and click again, it will ask for the username again. Okay, it is to us, by the way; let me click again. Yeah, click on advance, add a safe continue, add sectional continue, and it's the user name. So I say "user one" because I created only one user and want to create the password when I click "continue." They can now use the website and everything until the power goes out here. If I refresh the page, one will appear once more.
where I can find it under monitor firewall user monitor and say it's logging from one IP and that it's correct and that traffic is being sent 1.5 And the method is "firewall," which means it's a local user if there is no group because we did not create any group. And you can just go to Dear Nature, which we will do later on anyway in detail when we go to the user. But anyway, you can right-click and you can deauthenticate to reverify, and you can also see the traffic from so many places. So that's how it works, and the user put the user, and as you can see, let me reauthenticate to show you some logs. I forgot to show you the logs. So it has already been reauthenticated. I think so. No, this one is the user. I believe the PC One is the one I'm looking for. So let me click on anything. It's going, which means I am authenticated. No. Then one of them is PC 2. I'm not sure which one I made.
Oh my goodness, I think it's this one or this one. Which one is it? I just need to show you some logs. As a result, if we go to source now, it will display both the username and the IP address. This is the difference. That's why I was reauthenticated to show you. So I'm showing user one now, but not in this one, and if you go to logs and report forwarding traffic here, it will also show user one; you know the IP address with one dot two; there is nothing from here to here, but when one starts, it shows user one. Now it's showing the user one as well. That's the only thing I have to show you. So, if you want to restrict someone by user, and you can see the report from forwarding that I show you, and you can reaffirm it or disable it from here, go to the monitor firewall rule and deactivate them to do it again, go to the monitor firewall rule and deactivate them to do it again.
28. Lecture-28:IP Address Based Policy in FortiGate Firewall.
We will continue with the same lab. But this time, I want PC to use the source IP address rather than the source make address to determine its address. Is it possible? Yes.
So we can go to Policy and Object, and then IP for address addresses. However, creating addresses before developing a policy is preferable. Addresses can be anything that we will go over in detail. There are so many by default as well. And when we created a last name by making an address, we clicked on "Create." We want to create an address and give them a PC2 IP. What will the colour be? It's up to you which colour you want to give them. And then select the subnet type and enter the IP 10921681; with 32 subnets, only one IP can exist. We want to allow this one, and it can come from any business.
You can type Lane and it will appear in the list. Do you want to configure a static route for this? You know, we already have a route, and if you want to put the comments in, that's okay. Okay. Now let's go to IP Four and create a new policy. This time, PC 2 knows when to go and where it will come from; when they want to go, they know where to go. Give them this PC 2, IP 1, and unlimited access to wherever they want. And the services can be anything. And I want all sessions to be recorded, which we check from two or three places. Okay? So this time I made a policy just for PC Two, which is in the bottom row. But anyway, first it will check this policy, then it will go here. So definitely, it will hit. So let's go to PC 2.
Previously, it was not going to Twitter, and now it will go yes every time. And PC One, which we've already tested, is on its way. So this one uses Mac Address. And this policy is created by IP addresses. And we can see the Fortnite logs by Souls. You should now see two IPS, one two and one one. You can see which policies we had two of. PC Two to the end and land to the end. This is the main address policy. This one is the source IP address, and you can see all the session records where they went the first time they went to DNS. And you can check from here as well, moving forward in traffic. And you can see all of the details that we will go over. To limit the policy, we created two policies based on Mac address and IP address.
29. Lecture-29:Services and Schedule Based Policy in FortiGate.
Let's do it again and talk about policy. need a switch. Sone. Let me change this one. itch this one. Let me dithered. Let me connect this one to the switch, and then from the switch to here. because I want to place another device here and turn it on Okay? e abasically? So basically let way; do it this same thing, the something only I need to put another router here. Okay? I can either put a web server toolbox, a toolbox that is a web server, an FTP server, or a TFTP server, or I can put two more devices on the van side. the van side.
I only stated that anyone from start to finish, with any source and any destination, can only use HTTP. Allow ICMP "pink" and ICMP "ping" before it arrived. Where is this one? It's not working yet. When I enable this policy, it will start pinging. Okay, it began because I now say limit the policy by services. Last but not least, there is a timetable for these services. always means all the time. It is allowed if you create a policy. Okay, you can create two types of policies: one-time and recurring. Assume you always know what colour you want to give? Tuesday day. Today means Monday, Tuesday, Wednesday, Thursday, and Friday, regardless of the day. not Saturday and Sunday. Okay, from 12:00 a.m. to 12:00 a.m. in another stop. Anyway, now I have restrictions. Sorry, always and forever. Do you think it will work?
Where is this policy? Sorry, let me remove this one. It will stop working. CTRL and down no, even HTTP, which was previously allowed, is no longer working. No, both are not working. Why? Because we now respect them according to the scheduled time. If I go to edit and go to this policy, I can edit this policy and allow it for Saturday and Sunday because today is Saturday. Actually, the time should be checked now that it is operational and another has appeared. So it's been proven that you have so many things to check the policy, allow the policy, and restrict the policy by source address, source user, and Internet services that are predefined that you can use directly. You can restrict based on destination addresses.
Go to Gmail only. There will be so many possibilities. I cannot show you all the possibilities, but I can give you the idea. Also, Internet services are time-limited, as I demonstrate in two types of time, and you can purchase services. So many services are there. http://www.ftp.org/ftp/tftp/smtp/ntp/ So, when creating policies in real life, you must limit them as soon as possible and not devote all of your time to one thing. You have to be more specific in this way.
So you can use source, destination, schedule, and services to make them more restrictive, and you can also restrict them by user, Macaddresses, and IP addresses. Here are a few examples of what I mean by policy and policy. This is an example of action and denial. You can also deny for the same reason. Now deny is being selected. So anything that hits this thing, along with the rest of it, will be denied. Whatever your next policy is, it will be checked, and the logs for this policy will be available whenever it is created. So we go over everything in this manner to see how the policies look and what we can see. I can view, purchase the sequence number, and search. So this was all about policy.
NSE4 certification practice test questions and answers, training course, study guide are uploaded in ETE files format by real users. Study and pass Fortinet NSE4 certification exam dumps & practice test questions and answers are the best available resource to help students pass at the first attempt.