Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 44
61. Lecture-61: High Availability HA Active-Active Lab.
The more we discuss about the Great Firewall is activity and activity by the world will work, I did not say that both will work for each and every day. No, again, one for one will be is a primary and master. The other will be Slavin’s, the country, but is a second rate, will have the primary one to take it about some station, even though the traffic will still come to primary. He will handle the traffic. What if both are working through how the ah entry, how the marketplaces will work? Both are working.
So, what I will say tell you want me to say, okay, I have been open to this guy. Now this one say I believe you tell me are going to who the hell will deal with me because we know, you know, the concept who disconnect from me. They know the concept how the trailer there is apparently there is making this detail.
So, we discuss also in what is called GDP and we are b we discussed there they are using what will it be and what will make it less so the same they do so this way. If you want to configure both to work on the same time and then separately, it is not possible and activity. And that’s why I do it in real life. You will never find this one is really complicated and very difficult to troubleshoot.
So, what they will do, even the name is activate again. One will be primary and it will be Prem and master. It will take the station and it will pass to leave for the get to you in the process. And then the brigade will come to them and again it will go to the user.
So, this is a victim. Let’s do it the same thing outside and insert there for three and four for we are using five. High visibility is alert to no need of IP security again for three and four for we will use Lempicka using BTP and we are using one dart handed to the Internet IP and one 1302 external van IP. And based on the automotive activity, again, we will give high priority to muster. And 52 Slive and our group name will be the same and hard work will be the same.
So, almost the same concept. But because we already configure these, because we need to find out the management, IP, the logging and changing the name, we are letting them configure the interfaces name when and then LAN and then hitcher one. Enable BHP and the name go and configure DNS, which we are letting them configure a different out which we are already done, and then to win policy to allow their traffic to test the Internet.
So, we already created this policy and then coming to this part.
So, little audio log in to it. Men and women and men and one, two, three. Now the thing is, we already configure it.
So, what we can do this the primary one, so I can edit them and I will say I want to go back to standalone and I’ll get.
So, this far too big to stand alone.
So, if I check here from here through standalone, okay, this one is done, there is a command of it from command, from you can also do it and it me it will not go because it’s changed the behavior now to standalone.
So, let’s see, it’s still in Hitcher unmarked. Okay, so let me go to okay, we removed that one day, remove it, so let’s go to widget and just let us just want to see.
So, this is an active, passive, so motor system won’t do it and disable this one is way to stand alone. If you can make it, you can go back to your standalone status as well. Okay, so let’s see now. Okay, and now let me clarify. We have to properly come out from the active base, it’s cold again, so let’s go to register to see ISIL.
So, it should be here, orchestrated or not. But what about the other firewalled? So, now you can log in to the other for a while now and check the IP gedmin and one, two, three, four. Qestrel interface, questionmark.
So, they have hundreds of them. And this one is also monitored as well.
So, I need to remove the device. Otherwise it is a command to receive the social system interface with questionmark. Either I need to change you one for one IP now. Both are standalone, but they have the same IP because it will become Samite. Do you know which he asked me to configure and is going to be the system interface and one sorry eighty eighty bought one and the IP. I just need to change them to Mordialloc. It’s cheap and they put it in the secret room. Let me see if they can get another thing, because both seem like they would work for us so it would get them all getting the IP yesterday. Yes, get 130 caelum, though.
So, it’s okay. And I want us to come in here and with it.
So, again, we have two separate stand alone for a while. Again, I make them separate again, Lurgan. Let’s see, maybe it’s not in our management complex system interface and it bought one and it now exists, HDTV, HDTV is being tested, etc., and now they will try. Getting really far away from here is very. And let me see, the pipe is correct on our food system interface questionmark. Yes, come on now.
So, let me try it, men, and one, two, three, so this final name is going to be just to name a second rate on what is a standard on file while I give them the name. Only if you don’t like, let me change them this time. System supreme. And let me give them. Second, final one, so this is my second follow on and go to this one system setting and this one is first firewalled. Okay, again, from the Scritch, first we need to check the interfaces, which are already done if the name is Nadya Suleman, is enable HHI one and when. And also this is my management interface. You need to check their DNS, DNS configure, check this Diffa before it always did, and check people to see if the basic policy is the end of the traffic test. But both.
So, it’s there. That’s it. And on the stand alone. How do I know? So, if I were to system and click on Hitcher, so showing me that you are not participating in any high availability.
So, I said this time I want activity do so. I said, let me give them hundert that they already did anyway. April will not here and I think so the password is not the 123456. Let me see. It’s from to 123456 when I want. Okay, I did. I’m sure you do when monitoring but I don’t know. I forgot. If I don’t have an interface again, the other will be coming to you. What did you do is my heartbeat interfaces. We know I give them more pressure to do it. Three each one we just bought three and no priority, no unicast and. Okay, that’s it. This site is done, okay? It will show me that you did this time soon. It’s weird, but I. Again, we can verify as of last week and really Friday is that last weekend, really far from baseball, that which one is going to feel good, if you will, to status and if it is in their wallet, which is in April.
So, this time it will show you that this activity was enabled the last time it was showing it to pursue. Okay, just wait a moment. It takes some time. To enable the vigilance come up now. But only one firewall is participating, which is a must. But now we will have a second one, so we’ll do it again this far. One second. Farahan is not participating.
So, I see it. Do it. Do it. You will. And I will drive. One, two, three, four, five, six. Priority list and the other one station pick up monitor interface interfaces. Which interface will take market share. One and. Okay. And as I saw you from here you will see some messages here. After a while they start thinking with. The other one and the IP will really move is I told you, it will be only one IP and the management IP will be used up first for a while.
So, let’s see, it’s still working. It has to show messages. Here is when you synchronize message. Again, let me go in here in the first part a while anyway. The message will be here and after a while you will join them. How how we can really you from here as well. It’s come up now. Just come up second firewall with the second firewall. And if we want a system, it should.
So, it’s here, but still the innocent lives under priority host Families First World War and second far one, Syria. No. This one is monster. This one a slave. Again, master and slave isn’t even directed to Station 51 in Station 15 and throughput. And you can see and this is it, it’s more simple to see this one, okay, because it’s still processing. Yeah. It’s still so refreshing. It will take some time. Okay, let’s see. And from here, it will be loud and so we can really fight from this board. Let’s move on, still chewing like, you know, it’s saying they’ve not synchronized. Still, it’s not synchronized with the first one. It will pick up all that he did everything he did in phase detailed policy. Did we to name hostname and priority and rest up everything will be sync with the country one.
So, it’s still what we can do. We can refresh them. Hopefully we will soon get started. Now, slave configuration with master, so we start messaging and hopefully after a minute it will be still it’s not fitting and also we can really fire from it. Okay, did you give them a minute, so it will be so what we done, we want to hear how you brought it to you under then put the password monitoring interfaces faces. We give them some pretty hard return to faces our device, but already we know group name has to be anything. It is to be the same on both for one session. We keep our eye on digital so they can distribute decision monitor interface. We will see. Now if I don’t the interface when Interfaces we already discussed and heartbeat interface is priority and you can reserve management interface if you want. Okay, and let me show you this. I mean, this being monitor and these two interfaces heartbeat’s it gives you okay. That said, you know, let’s see. Let me rephrase. Yes, I don’t know.
So, hundred and fifty, what do you think? If I send up traffic from here, Tressler send out. At which point one is hitting, one hundred is going to wonder how I can show you that it’s still using one photo on this one because it’s the primary one, but it will give some station to them. And from here, it will give it to these guys and especially TCP best not able to type.
So, end of the day, there is no we are not achieving any big thing from the victim in the case of 48. But anyway, still this the method to use them. The other thing to really fight okay is very far from here, master and slave, even a directive must have been slave. And we can see from here this activity, it can be seen from here. Is it accurate to ask and figure out what I want to show you? Yeah, the management and the web monitoring interface with a system which we missed last time.
So, rather than to show you here so we can monitor this interface, even if the firewall is up and board one is done.
So, this firewall will take well, I don’t know if it will or not, but I think it should be in both cases.
So, what can I do? Let me delete them. I will be disconnected, but any minute now is disconnected. Let’s see that this 50 priority become it one not.
So, eight men and one, two, three, if I log in to second part, what it means is done looking with priority productivity is become master one. The other one is there is a. Because I don’t them even despite all this up, but if this weird interface is not eligible, it will not the traffic will work. It’s okay. Traffic is moving because automatically the traffic will divert to here and it will go and they do it because it’s done.
So, that’s why monitoring is also important. And it’s also important to as well because they link monitoring here and you want to squeeze it even in the checkpoint another far. All of us want to have the same concern, which is really important even with the B, B, we are we are to do the same thing. We applied to command maybe Genden. Remember, we monitor the interface with the Dragoman that if the wind interface is done, so that would is a HSP Francheska so that they all have the similar concept.
So, I just think logically then you will understand everything that these terminologies are everywhere and every when they are using the same techniques. And also part of the purpose not only ask you sometimes you don’t have to be there, you have to know everything, but you have to think logically. The idea in Cisco, such things are different. In for the will be you will see a similar like a Cisco you or something.
So, when one interface you’ve done, the other will.
So, if you don’t know anything about Checkpoint and they ask you to tell them, yes, it’s the same technology, like a four digit give it up on a forty year anyway. But it what this story and last but not least, even if I done this interface it will get what about when this come up. It will not never be in primary again and I need to configure what I do. Then it will be primary which I the last to. No need to repeat the same thing I what is. Okay, that’s it. Yeah. Let me go dude. If I missed something otherwise we will get here. Yeah, this thing what I do here is, again, the same thing, if you want to stay it in the region, the cluster, and become active and become primary.
So, Masters or you can enabled by this to command only and there is no graphical way to enable this pre-emption command. And also you can configure it, which we will discuss in detail later in the course we will get one class on the command from basic to advanced level. We will discuss command as well and also troubleshowing command for the better to leave them in the end.
62. Lecture-62: FortiGate Authentication with AD & Lab Setup.
Straight up is for digit authentication with active directory. How we how we can integrate four digits five to one with active directory, actually, do we know and do not all of these and every organization you will find this integration. This is a common method not only in Baltimore, but in other firewalls when you have to integrate it directly to your firewall so that they can get the user beaten because we say this is a Next-Generation Firewall.
So, Next-Generation Firewall do policy based on use at it, which we call them user I.D.
So, definitely if you want to achieve user I.D., which is the next generation firewall, one best feature.
So, we have to integrate with them. We already done the local user. If you remember, we created one local user and then we authenticate them. But this time we want to do through active directory centralized location. Firewall will send the data to act to directly. They will attend, declared the user. Two different method we can use, which we will discuss.
So, this is a category directory authentication to that we can use to integrate for the Great Firewall with EC2, that one is active authentication. Active authentication means the user will be prompt to put the user name and password credential like this one. Whenever they plug the system to your organization, LAN and they try to access any services they will from them like this that please input your data and you can change that from your logo, your detail. But anyway, there is not difficult task. The task is nobody has to be allowed without user authentication. They will ask them, put your username and password. If they put the user username and password and click continue button, then they can access the resources. In our case, we will access Internet, but they can be any resources, BMC resources, software, whatever for active authentication we can use in their previous local and take X plus. We are already the local one. They ask them the user name and password. You remember this time we will do all in the same method can be applied to use radiuses and take X plus. These are also two more method one is the Cisco one and the other one is the open standard radius. And this is called active authentication. Why it is you do it with prompt you every time. Another method is basic authentication. They will never ask you to put username and password. Neither they will prompt you to put the username and password. But what are you what the system is already integrated to a two degree, like a normal organization. Sam is mine one and every organization you are busy is joining men like this one. They are legion, the doorman. Every busy, so active authentication is basically for those which is not joining the doormen. But if you are busy and the system is already joining the domain organization Active Directory, then then don’t need whenever you plug them, they will take your log in to the window like indited and they will allow you, they will think the same window login detail to the system to to you. The firewall will send them in. They will ask them to check if this guy is the correct one. They will say yes, because this species is under domain and they are using the same credential. It’s okay.
So, this is called passive authentication. And mostly you will see this type of authentication and real work, this type of indication, we call them in every single sign, if it’s all for doing a single sign on. Means you have to one time log in and you will be logging forever. But for active authentication, every time you have to log in, okay, to method is done. This is a direct integration. We will use such type of topology. We will create our own. We have it to do, we will use windows, you can use Windows Server 2003, Windows 2000, etc. 2012 said were 2000 16 instead of 2019. It’s up to you which one you want to use. Forty directory. Either you can use Linux ended up as well. And then we need for this purpose few users. We will use Windows XP out of their windows. Then it’s up to you when to expire in 2010.
So, we will create two zone, one is DMZ zone, where we will put two users and we will create one land zone and the land we will take to directly as. Normally you will see a 220 separate zone maybe in DMZ, but we are just testing. It can be put here. I don’t hear the same thing either. You can put them in separately, like inside narwhals in the Antarctic to directly.
So, lame is nothing but inside, so instead we will use subunit one and outside Asadi and Demsey, we will use Sabaneta and then the first board, which we will use for management as well, and also for Internet purposes.
So, this interface will work for two things for us in the lab.
So, this is our technology which we will use, which will enable the ATP to get out the system, DCB all the detail automatically because we are larger than the ATP.
So, why not utilize them but to directly we will assign them static IP. As you know, these are what normally we assign them static IP. This is our topology.
So, initial configuration we will do we will assign interface IP. Wondered this are to that on this side. Whatever our range ranges we will assign 100 or 200 and we will enable the ATP here, we will enable the ATP here and we will take to system and switch to our database the simple topology to create. And then we will configure one to directory a lot of stuff to do, by the way. And real what you don’t need to configure to directly. This is system side job. But in this lab we will do configure it to directory as well.
So, let’s do and do the basic configuration of this lab, so here I am, and if you can use Jenness three, you can use Peanut Hleb, you can use Klowden, you can use it. It’s up to you with simulation you want to use. And of the day almost, the configuration is similar.
So, I need one window, Sawad. Okay, so let me type Windows Server, I just put only one server, by the way, I have other images for 16 and 19 as well. If you need, I can share what they know. I’m using Windows Server two thousand or two and here I will choose RTP. B is better to use B and C is also okay. And this myself. Okay, and so this is my area if you want to change the namespace. But let me put them into this to do that actually. Now we need for this purpose fuel system.
So, let me go to Windows and what we have Windows seven. We.
So, let me take three Windows seven and put them as a RTP. Okay, so this is window, okay? This, too, should be come here and one has to be inland, okay, so this is done. Now I need two switches to connect these.
So, let me go to IOL. And from here, let’s take this one. I need two switches. Let me give them S.W. and change the icon to switch, okay? And we’ll need to do anything more, okay, to create a new one. Let me put it another one. As with. And another switch and change the icon to switch left to the left, it’s up to you.
So, this is insert switch and let me select and make them here so more space. Now I need one fired one.
So, let me take firewalled 48, 49, 48 here. They give them the name, so he held so many for a while. Anyway, let’s take any of this what is similar and no need to do anything.
So, this is a follow up. Now, I need an Internet cloud, so choose a network and let me drive Internet. And my guess and your guess, most probably you will use management for the Internet. But then my guess is cloud one.
So, this is our Internet and also for management as well. Now let’s do basic connectivity.
So, this is connected to any port. We don’t care which borders to be connected. It’s not. And also connect this window. And this one. And let me go in Sport, which is DHP in their Billboard one, which is a management board as well, and now cutting board to here inside Lane and this board will to Demsey.
So, my topology is ready now. Okay. There is a way to make them. Uh. Yeah, it’s not okay. Okay. Look, at least in line. Okay, let me run and until it’s on, what we will do. Only one is enough right now. Take their time, let me put some pics, so 190 to 168, one zero twenty four, and let me change the color because we are waiting to the Falcon Wood and other stuff.
So, it’s better to do some thing here, this site.
So, this is this subnet and let me create another subnet, this site and make them to. Done. And let me duplicate this one, too, directly. We will assign static IP, it’s up to which IP you want to assign them 100 to 160 years of posting.
So, this is the IP address of actual directory and rest to be able to think they will get IP through the ATP. Either you can make this to retrieve the DTP, which we’ve done it, but in this case we will make these interfaces and let me type, Hunter pondered Hunter with some other color, like a blue or something. Anyway, they didn’t done it, so it’s okay.
So, this interface will IP, will be Hunter, Sam, this interface and Simbo interface, it’s up to you. Okay, and now let me make them a smaller now. Okay, this is the basic configuration. First, let’s go to firewalled, can we them double click and open secured CRT. And let’s check the I.P. address. It’s the IP address on the issue as well, because I’m using server, not my own system.
So, time last time, which we get issue, but hopefully so. And when there is no password, enter new password. One, two, three. One, two, three. Control queue for system interface. Questionmark.
So, it’s good. Luckily we get the 700 800. Otherwise I was able to change them.
So, let me access the firewall. The same issue, I believe, now we are getting okay and it has to be is TB because this is without license.
So, I hope so. If this one is accessible, then our issue will be is it now. Okay, so Edman and one, two, three.
So, this is my management, as well and Venezuela. What is the reason I b because I’m using the actual interface.
So, I believe this place is one. Let me type them 190 to 160, 231 get the okay and basically. This one, so let me put this together, and 100, 200 is management. Okay, so what to do first? Let’s configure the firewall first. Basic stuff. I don’t need this one. Now, let me close this one.
So, I need to configure these two interfaces, one 100 to 200 if you want to give them the name.
So, let me give them the name BMC. This is like our Demsey. Okay, and let me make them the other one inside. Okay, let me go in. Site.
So, this is inside and this is Demsey, either then it’s up to whatever name you want to give them.
So, let’s do the basic configuration of this place.
So, begin and change the name. It’s better to change the name if you otherwise they will ask every time to change. Okay, so now let’s see the interfaces. Two is the plan, three is Demsey and one is when first thing first, which we always do, go to network. Go to interfaces, ok. First interface. Okay, this is just give them when you want, though, it is also management as well. This way management is okay now go through to support to is our plan.
So, let me give them land and a loud bang so that we can test them and reach out. We will decide 190 to 168. One hundred and twenty four is the subnet mask being is allowed. But we want to enable BHP. as well is decide no need of second range because we have only one system.
So, this is enough before the gateway will be the interface and business will be the same and no need to do anything. And this done.
So, my plan is enabled now and also I put the IP and I enable the ATP for three, four, three years, basically this one, which is DMZ. Okay, so let me give them the name DMZ and IP should be two hundred which will decide being will be allowed and we enable BHP on this one. No need of second range and Sam, B.A. and Sam everything and okay, so these two can get IP automatically through the ATP and also this side, but we will assign static from this range one to ten. Okay, so this is also the. Or for we are not using this to leverage our interfaces is the next step, we always do business configure DNS to go out. We need one airport A and be honest. And second, my after dark one. And that one is my wife, wired daughter. This done, it’s also, by the way, mentioned here is when it took in, so I will use the NSD to another thing I need is static road.
So, did my old traffic and go through all this traffic and this topic has to go out on this interface. And next, Torbay’s 101, which is my routing to create new and here anything I would say, give it two hundred. Dart one. This the next hour we told you and interface to when? Administrative assistant, we already discussed these.
So, this was also done. These are the basic requirements done from firewalled site DCB, configure everything. If I go to EXPE, it has to be automatically, I believe.
So, let me go to EXPE. And. Not expe, but blind, so I believe it will get automatically through the ATP from here, lets you test in one piece and then we will go so badly before our name is. I think so. Best and best. One, two, three are. One, two, three. I think so. User interest. One, two, three is the user name Biodegrade and even yeah. It will come to me is the correct one user and password is capital test. One, two, three. If you want to use the same image and you are if by the way all of them is like this.
So, this is my Bamsey clone. I just want to test that is getting IP automatically or not.
So, let’s go to it should be one or two IP because we assign to the interface and BTP ranges from one to 99.
So, this is my interface and it’s good to that one is correct and the gateway to DNS and other DNS.
So, it means or DCP is working.
So, let me minimize this one. Okay, and hopefully it will get this back, will also get automatically, if this one is good, that means it’s correct now coming to the difficult part, which is out of school, but we are doing and that is to configure active directory.
So, click on it to directory. Okay. And we will do the more destructive to directress or two thousand eight, why it’s not going let me move this B.S. right now. No need right now.
So, let me do. What else to do, it has to do with. For some reason, let me take this one. Refresh. Okay, LachIan, sorry, so inlaw and. Let me know Friday what is blocking this browser. Okay, now, so let’s see. We can do right now, I’m not the turn this time eye opening.
So, now I want to go to a to director to make the best configuration. Okay. By far, the user name is the administrator, administrator and password is traced to one, two, three. This one is user interface. One, two, three. And this one is. Let me show your test. One, two, three. In case you want to use this anymore, if these are the default credentials, we’ll share all the username and password, whatever image you want to use. There is a list also available on Internet.
So, now I’m an active directory, so let’s go to and assign them stratigraphy first. We can assign from many place from here. Control panel from here. Anyway, let’s check them first here to assign this the first step to creating.
So, why is not showing me here to is better to go to control panel and go to Network Sharing Center and change it up, researching maybe get automatically. Yeah it’s good one. That one automatically.
So, let’s give them the same one that one might be by the way either then it’s up to no new IPV six. Disable this one and one nine to one 168 one dart. One don’t support, let me give them two hundred and 192, 168, one dark hundred is the gateway. You remember that the firewall IP and not it not it is DNS and 192 168 eight dark one is another DNS. But I think so instead of it, we will use this or what is necessary, 190, 192, 168, one or 200 and okay, so I changed my mind and assigned them 200 IP to the server and it’s required a static IP, just the first step, static IP is configured. Now go to you can click from here to there from here.
So, this is one two hundred. Okay, by the way, there is an IP has to be enabled. If you refresh it will go anywhere. If I close we can click from here. Okay, so Aissami is the name one that hundreds more disturbers enable. We don’t need do not show this again. Now what you need to do. I just need one brought before it to directory to click on a roll. Okay, click next. And there is a directory domain services. The security services has to be installed before configurator to directory and install.
So, until they time let me check this out, we are not confused. I changed my mind because Dennis coming under the abusive people, so rather than to make some issue, is better to assign IP, which is otoscope IP.
So, I assign them to Hunter. Okay. And now. This service is required for it to directly to configure it to directly. Also, we will need DNS install.
So, let’s wait for this one, active directory domain services. It is basically a centralized location where we create user group and so many other things, systems and all. And from there we can attempt to get to the centralized location. Mostly organization of using Microsoft, and nowadays you will see server 2016, most of them, and maybe some organizations switch over to the server 2019 as well. But end of the day, concept are almost similar. Only the you know, the graphical will be different, like a Window XP and seven and eight.
So, there is a big difference. The same is in Server and 2019. They give them like window 10 type display.
So, we need this one for us to. Okay, let’s go to do what thing? okay, so this is my Demsey, it’s a and this should get also an IP, which we can verify from firewalled as well. By the way, Erdmann, one, two, three, which we’ve done, and BTP, we go to Firewall and go to monitor and there is a DCP monitor. They will show you the IP in LAN. They assigned one IP and Demsey they assign one IP.
So, it’s true and it’s correct. Okay, now let’s go back to Susan Stull, okay? When the automatic update is not available, it’s okay if there was some error. Now they say if you want to logic that a either Dybek promo either click here, so why not click here is better. Otherwise you can Dibia, DC Bromo.
So, this plant will come next. Next, we are using the create new domain. This is the first time we are creating and let me give them name based dark local, any name you can give them to start local either to start living up to you. Let me get make them more simple bastardly. This my domain name. Fully qualified domain name based Dakhla. Okay. They will check that maybe this name is already there unarmed, so let’s see the. Okay, so what we’ve done, we give them the name Elias Membrane interface with Configure, when we configure LAN interface, we enable ATP, we configure DNS and then we configure default mode to push all the traffic there. And we enable and BHP, Serwotka, as well and then. Well. Okay, now this part we will do after this to directory.
So, they say which ones are say Windows Server 2000 are to either 2000. It’s up to you whatever you want to choose. Domain functional. Okay, now we did not install the necessary quarter DNS, by the way, active directory have some prerequisite. One of them somewhere has to be static IP. Second one there should be a DNS. Okay, so maybe they will install automatically active directory DNS, Istiklal DNS rediscuss. I believe you remember.
So, yes, when Installed DNS because it’s required.
So, next okay. And yes, they will install DNS. Either you can install business from abroad in advance. Okay, it’s up to you, but it requires what it will do now they’re installing. Do you want to continue? Yes.
So, they will stored their database. This is A.D.s okay in here and just log all the policy will be stored here in this location. Now you need a complicated password. Absher that had one, two, three, four, five, a, b, c, one, two, three, four, five. And confirm them if you want to export all your data and you can export anyway we don’t need and we just want to install it to directly. Okay, so they are writing all the detail, whatever we do directly and in DNS configuration, after a while they will complete the configuration. Then next step we will configure or DNS, which we study, by the way. Now we will see how we are configuring VNS, which is must end required for it to directory. It has to be properly configured and by default it’s not configured to. We will see how we can configure them and how we can test them, their DNA is properly working on our.
So, let’s see, they are still working on it. It will take a bit, maybe one more to minute, and then we will configure readiness properly.
So, I think the director will be ready after this one, we will create user incertitude directly, which is requiring for user authentication.
So, we will create some group, then we will put some user, and then we will attempt to get them those user through. Species, which we have windows and also we will call that group, insert our policies, but before that we will integrate our actual directory to form the Great Firewall. This these are stupid. We want to achieve. Okay, so still. Maybe they required a reboot as well, time when you install it to directory and do everything so they will ask you to reboot the system. Okay, before the name was ESADE, we know it will be dark local, you remember, it was only showing we go to property. Are we still? It’s not yet. It will show the full name here. Okay, Dauman is here now, but it should be sorted out to start local up to the word. Okay, so you know when it’s done. Increased time, you know, is always a disconnect, Julia.
So, let me go to systems sitting station out the need to increase the station out, this decision out, idle time out. We know what I’m coming out the time. Five minutes to the last one is four eight zero.
So, now it will be not logged again and again, okay? okay, let’s go big. Okay, it’s done and finished. Unfortunately, you said you have to restart the tutoring to to work, so restart now and our two directory will be ready after reporting this somewhat. Okay.
So, we need to wait for a while, okay? And it’s better to stop them here.
So, our basic configuration is done up to this point already. BTB is working system is getting IP or interfaces is configured for interface. DXP is enabled and we have one, two, three, three, which we configure. But by the way, there is our business as well.
So, let me read. I thought let me close the video, but we need to configure DNS is well then or everything will be ready.
So, let me try again if we can access them.
So, let me do RTP again. Because it’s rebooting Zormat in their time, it will not take order, BP, we have to wait.
So, maybe it will disconnect, then we will try again. Because we are not sure distributed yet. Okay.
So, let me type here, the user name is administrator. And pass today’s test, one, two, three, this is Active Directory one or to any server which you are using.
So, this is the user name, okay? And this system username and password is. Okay, let me change this one to use it. This would be part of the name and password, so it’s not working because the system was not on, so my position was disconnected. Let me do it again and hopefully this time it will be. Okay, so it’s come up, administrator, not this one use different, not the common, I think so. Our one is administrator of the Road Test Dart live and pass today’s test. One, two, three. Okay.
So, it’s showing us that they’re going to apply all the suffering which we to directly. Will take some time to apply the policy, then we will configure DNS. Okay, now they said change the password it required.
So, what was the old password? Test one, two, three and let me A, B, C or the one, two, three, four, five and change. It does not matter. Every password is the first test. One, two, three. New password is A, B, C, or the third. One, two, three, four, five. And repeat a, b, c one, two, three, four, five. And now change it.
So, far, suggestion that we can log in. The last thing which we need here to configure or DNS and to create some users. Okay.
So, it’s come up now. Click on this one. Okay.
So, it’s come up, we hear some Rolling Stone now, okay, but if we go to roll and click on business, either you can go from here as well. Okay, from it will show here is, well, administrative tools and there should be DNF when you click on DNF either from here. Bring me here.
So, this is always my system. Name the lookup. You know, I told you Indianness.
So, to start local AISSAMI and one that print is there, but reverse lookup zone is not there.
So, it’s not configured how. I know if you click on Essawi and click Longinus Lookup, there will be this. The error we need to remove this error, then VNS will be configured this the Sharkawi way.
So, first thing first our forwarding lookup is their businesses translating domain name to open IP to domain remember. Right click. It was lookup zone. Next primaries on next IP for.
So, what is our network. How do you want to do 168 Daquan. Next end finish.
So, my idea was to look up as there, but again, there will be an error if I click Longinus, look up. Still, there is some error. Why I don’t have any reportedly was to create a pointer. And two hundred is the Asabi Sudworth click on it.
So, we forwarding it server and ok and now let’s try again for the last time. Okay, so it’s still giving me error. Why I told you we need to disable IPV six so let’s go through it. Creating issue. Go to control panel. What to network and sharing center gingered after searching.
So, I think I remove from this but not from the other one.
So, I P6 is disable here so maybe this one is creating issue. There is another one. Disable this one. By default, this is a six year portfolio to get that one.
So, now let’s go to our business. Okay. Okay, just talk for a while, so let’s see. Control are indeed.
So, we are big. Now let me Gensen and let’s go to the NSA again, administered to tool to the NSA and let’s use right. Either because we disable IPV six now. And click on server, right, click Longinus, look up.
So, now it’s all different.
So, what is esade. We’ll take that live. And this is our domain and if you type Essawi it will show you the IP and if you type IP one or two hundred it will show you the hostname. This is what we do here, this VNS do, because in DNS we have only one entry. We don’t have any user. Otherwise if you type one, it will give you one IP. But we don’t have any mightiness is okay and how you can verify it. Right. Click luncheonettes lookup. It will show you a server name and IP. That’s it.
So, forwarding lookup zone was already there. I created a reverse lookup zone and I put the entry BTR which we discussed. Now, NSA is really the last thing before this basic setup is to create and use it an active directory.
So, go to a Category three. There is to a use it in computer. We will need some best user.
So, this is a test that limits my domain, there is user. Why not create a separate or you create new organization unit? We call them all you and call them supposed firewall.
So, I create a separate oryu for my only purpose. And here I need to create user now to create user suppose user one. I suppose we already and said or either H.R. one is the user name and it requires a complicated password.
So, let me do more complicated password sitting.
So, if I go to administrative tool, there is one group policy management so that I can give them simple password. Otherwise I will need a complicated password to set.
So, group policy. Policy next. No, there is one way administer to truly need to remove the. Oh, it is good policy. I think it’s good policy and this one, yes, this should be here. Well, it’s not you cannot create maybe I’m in the wrong place, you are Mansori Domain Test. And there is a far liberal policy. Okay. And let me add, I just want to put a simple username and password so far. But I’m here to create a user base. I think so. Either the system base, I can’t remember. It’s been ages. I used it. But anyway, let me come to administer, too. And there is some security, I think. And when do you remember something? okay, so let me go to window. Okay. And there is security and security, there is the local policy and economic policy, this department policy, they say, at least has to be, say, one character.
So, I certainly would say one character, one character, and that’s it should be complicated personality, disabled, complicated password. And that’s it. Okay, but for this one, if it is to work, I need to apply the policy so there is a command g.p of dead slash or something. I hope it will work. Let’s see now I want to create some user, so user let me create a chart of one user name is each one. Next, I want to put one, two, three, one, two, three. User cannot change by Australian password and they would expire and finish.
So, each one is created. Let me make a copy of this one.
Sorry, I disable them in their barleycorn. There is to copy your copy and each other to each other to next. One, two, three and one, two, three. And finish to user is enough and let me create two more user in another one and another. Maybe I one either to sell one. Still one instead one, one, two, three, and one, two, three user cannot change the password password now it expired and okay and okay. And let me get Gobbi them. And two and two, next to one, two, three, one, two, three, and finish now I need to create two groups to support them. That’s the beauty of active directory so that we can apply the rule group best.
So, one group is each other. Okay, next. And another group is let me go back to New and we have this group here said. And okay, now go to H.R., you know, the let me make them bigger from where we can make them, there is an option. I forgot there is something to this one.
Something was to show, you know, this, too. This is group and this is one person is looking, this is user, okay? So, in nature, no one is there.
So, let me add those two user here.
So, no, I will say it to one check name and apply and each are to each other to check name and okay.
So, to use that has been added. Either you can sit still and add to group which group will check name and ok and now said right click it to groups will check name and ok so if I come to send there to user will be able to leave the area said one cell to okay and if I go to each other one to two members each are one and two. That’s a distinct purpose. We need to create an order to directory. Is it now really everything is done and the basic configuration is done. Now we will go move to our main topic.
So, let me stop this.