• No se han encontrado resultados

BLOQUE 2: TRANSFORMACIÓN DIGITAL E INNOVACIÓN DE LA ECONOMÍA

8. RESULTADOS DEL PANEL DE AGENTES DE INTERÉS

8.2. BLOQUE 2: TRANSFORMACIÓN DIGITAL E INNOVACIÓN DE LA ECONOMÍA

You will now create a dial-up VPN between a FortiGate and FortiClient.

Prerequisites

Before beginning, you must restore the initial configuration files to the Local-FortiGate and Remote- FortiGate.

To restore the Remote-FortiGate configuration file

1. From the Local-Windows VM, open a browser and log in as admin to the Remote-FortiGate GUI at 10.200.3.1.

2. Go to Dashboard, and from the System Information widget click Restore.

3. Select to restore from Local PC and click Upload.

4. Browse to Desktop > Resources > FortiGate-II > Advanced-IPsec and select remote- advanced-ipsec.conf.

5. Click OK.

6. Click OK to reboot.

To restore the Local-FortiGate configuration file

1. From the Local-Windows VM, open a browser and log in as admin to the Local-FortiGate GUI at 10.0.1.254.

2. Go to Dashboard, and from the System Information widget click Restore.

© FORTINET

3. Select to restore from Local PC and click Upload.

4. Browse to Desktop > Resources > FortiGate-II > Advanced-IPsec and select local- advanced-ipsec.conf.

5. Click OK.

6. Click OK to reboot.

Creating a Dialup VPN

You will create the dialup VPN in the Local-FortiGate.

To create the dialup VPN

1. From the Local-Windows VM, open a browser and log in as admin to the Local-FortiGate GUI at 10.0.1.254.

2. Go to VPN > IPsec Tunnels and click Create New. 3. In the Name field, enter FClient.

4. From Template Type, select the template Remote Access.

5. From Remote Device Type, select FortiClient VPN for OS X, WIndows, and Android.

6. Click Next.

LAB 5–Advanced IPsec VPN

Field Value

Incoming Interface port1

Authenticated Method Pre-shared Key

Pre-Shared Key fortinet

User Group training

8. Click Next.

9. Configure these other settings in the next wizard step:

Field Value

Local Interface port3

Local Address LOCAL_SUBNET

Client Address Range 172.20.1.1-172.20.1.5

Subnet 255.255.255.0

DNS Server Use System DNS

Enable IPv4 Split Tunnel Enabled Allow Endpoint Registration Disabled 10. Click Next.

11. Verify that Save Password is enabled.

12. Click Create. The VPN wizard creates not only IPsec phases 1 and 2, but also two firewall

addresses and one firewall policy that allows incoming traffic from the VPN to the internal subnet. Note: Although you have created a route-based IPsec tunnel, you do not need to add a static route because it is a dial-up VPN. FortiGate will dynamically add or remove appropriate routes to each dial-up peer, each time their VPNs are established or disconnected.

Configuring FortiClient for Dialup VPN

You will configure the FortiClient IPsec client to connect to the Local-FortiGate. You will use the FortiClient installed in the Remote-Windows VM.

To configure FortiClient for dialup VPN

1. Go to the Remote-Windows VM and double-click the FortiClient icon to start that application.

© FORTINET

2. Click the Configure VPN link. 3. Select IPsec VPN:

4. Configure these settings:

Field Value

Connection Name FC_VPN

Remote Gateway 10.200.1.1

Authentication Method Preshared Key with the password fortinet Authentication (XAuth) Save Login

Username student

5. Click Apply. 6. Click Close.

Connecting to the Dialup VPN

You will use FortiClient to connect to the dialup VPN created in the Local-FortiGate.

To connect to the dialup VPN

1. On the FortiClient application running on Remote-Windows, enter the password fortinet. 2. Click Connect.

3. Wait a few seconds.

LAB 5–Advanced IPsec VPN

Checking the IP Address and Route Added to the

Remote-Windows VM

While the dialup VPN is up, the Remote-Windows VM receives an IP address within the 172.20.1.1 - 172.20.1.5 range. The FortiGate also installs a route to the subnet 10.0.1.0/24.

To check the IP address and route added to the Remote-Windows VM

1. Open a command prompt window in Remote-Windows and enter this command:

ipconfig /all

2. Analyze the output. You should observe an interface with an IP address in the 172.20.1.1 - 172.20.1.5 range.

3. Enter this other command to display the routing table information: route print

4. Locate the 10.0.1.0/24 network entry in the output.

Testing the Dialup VPN

You will test the dialup VPN by sending traffic from the Remote-Windows VM to the Local-Windows VM.

To test the dialup VPN

1. Still from the command prompt on the Remote-Windows VM, try to ping the Local-Windows VM (10.0.1.10). The ping will succeed, confirming that the tunnel is working.

2. From a browser on the Local-Windows VM, go back to the Local-FortiGate GUI and go to Monitor > Routing Monitor.

3. Find the static route that was dynamically added to the FortiGate:

© FORTINET

4. Go to Monitor > IPsec Monitor.

5. View the details of the FClient_0 VPN connection. Notice the Remote Gateway IP address.

Disconnecting the Dialup VPN

To finish this lab, disconnect the Remote-Windows VM from the dialup VPN.

To disconnect the dialup VPN

1. Go to the Remote-Windows VM and open FortiClient. 2. Click Disconnect.

LAB 6–Intrusion Prevention System (IPS)

LAB 6–Intrusion Prevention

System (IPS)

In this lab, you will set up IPS profiles and denial of service (DoS) policies. You will also use a vulnerability scanner and packet crafting software to attempt to flood the FortiGates.

Objectives

 Protect your network against known attacks using IPS signatures.  Mitigate and block network anomalies and DoS attacks.

 Write custom IPS signatures.

Time to Complete

Estimated: 40 minutes

Prerequisites

Before beginning this lab, you must restore a configuration file to the Local-FortiGate.

To restore the FortiGate configuration file

1. From the Local-Windows VM, open a browser and log in as admin to the Local-FortiGate GUI at 10.0.1.254.

2. Go to Dashboard, and from the System Information widget click Restore.

© FORTINET

3. Select to restore from Local PC and click Upload.

4. Browse to Desktop > FortiGate-I > Introduction and select local-initial.conf. 5. Click OK.

LAB 6–Intrusion Prevention System (IPS)