Protocolos de Roteamento

Introduo
O que um firewall ?
Gateway x Router;
Stateless (no mais utilizado);
Stateful.
Conceito de UTM.
Gerncia Unificada contra Ameaas

O que um Appliance?
Jederson Silva FCNSA/FCNSP
Interfaces
Fsica
Interfaces
Virtual
Loopback;
VLAN
Aggregate
Hardware Switch
Software Switch
Redundant
Wifi SSID
Interfaces
Laboratrio
Dadas as redes abaixo:
LAN
WAN
192.168.10.0/24 FG 1
172.16.0.1 FG 1
192.168.20.0/24 FG 2
172.16.0.2 FG 2
192.168.30.0/24 FG3
172.16.0.3 FG3
192.168.40.0/24 FG
172.16.0.4 FG
192.168.50.0/24 FG5
172.16.0.5 FG5
192.168.60.0/24 FG6
172.16.0.6 FG6
192.168.70.0/24 FG7
172.16.0.17 FG7
192.168.80.0/24 FG8
172.16.0.8 FG8
192.168.90.0/24 FG9
172.16.0.9 FG9
192.168.100.0/24 FG10
172.16.0.1 0FG10
Interligao WAN dos fortigates.
1) Configurar endereo IP na interface WAN, habilitar em administrative access as opes ping e https e ssh;
2) Pelo CLI, realizar teste de conectividade entre seu fortigate e os demais e tentar acess-los via ssh;
3) Realizar acesso ssh, por intermdio do CLI, aos demais fortigates . Comando cli: execute ssh user@<IP Fortigate remoto>.
4) A partir de sua LAN tentar pingar a rede remota e acessar a qualquer um dos fortigates remotos via https.
Router
Roteamento Esttico
Roteamento
Dinmico
RIP
(Obsoleto)
OSPF
BGP
IS-IS
Laboratrio
Roteamento esttico
O objetivo deste LAB realizar a
configurao de roteamento esttico,
obedecendo a figura ao lado, de modo a
promover a comunicao entres todas as
redes envolvidas no cenrio.
WAN
172.16.0.1 FG 1
172.16.0.2 FG 2
172.16.0.3 FG3
172.16.0.4 FG
172.16.0.5 FG5
172.16.0.6 FG6
172.16.0.17 FG7
172.16.0.8 FG8
172.16.0.9 FG9
172.16.0.1 0FG10
OSPF
Caractersticas:
Hierrquico
Estado de Enlace (Link State)
IGP
RFC 2328
IP 89
Multicast (T4 e T5) (224.0.0.5 ou
224.0.0.6)
Tipos de pacotes:
Hello
DD (Database Description)
LSR(Link State Request)
LSU (Link State Update)
LSAck (link State Acknowledge)
OSPF
Tipos de LSAs:
LSA type 1
LSA type 2
LSA type 3
LSA type 4
LSA type 5
LSA type 6
LSA type 7
OSPF
OSPF
Laboratrio 1
configurao do OSPF, obedecendo a figura
ao lado, de modo a promover a comunicao
entres todas as redes envolvidas no cenrio.
WAN
172.16.0.1 FG 1
172.16.0.2 FG 2
172.16.0.3 FG3
172.16.0.4 FG
172.16.0.5 FG5
172.16.0.6 FG6
172.16.0.17 FG7
172.16.0.8 FG8
172.16.0.9 FG9
172.16.0.1 0FG10
OSPF
Laboratrio 2
configurao do OSPF, obedecendo a
figura ao lado, de modo a promover a
comunicao entres todas as redes
envolvidas no cenrio.
OSPF
Laboratrio 3
configurao do OSPF, obedecendo a
figura ao lado, de modo a promover a
comunicao entres todas as redes
envolvidas no cenrio.
BGP
Caractersticas:
EGP;
Path Vector;
Autonomous Systems (AS);
Peering;
Porta TCP 179;
Sem descoberta automtica de vizinhos;
BGP Speakers;
Tipos de mensagens:
Open;
Update;
Notification;
Keepalive.
BGP
Atributos BGP:
Classificao dos Atributos :
AS-Path;
Well-Known Mandatory;
BGP next-hop;
Local Preference;
MED;
Origin;
Communities;
Diferenas entre eBGP e iBGP.
Well-Known Discretionary;
Optional Transitive;
Optional non-transitive.
BGP
BGP
BGP
Laboratrio 1
configurao do BGP para cada um dos AS,
DADOS:
AS 65001
LAN 192.168.1.1
WAN1 172.16.1.1
WAN2 172.16.1.2
AS 65002
LAN 192.168.2.1
WAN1 172.16.1.3
WAN2 172.16.1.4
AS 65003
LAN 192.168.3.1
WAN1 172.16.1.5
WAN2 172.16.1.6
AS 65004
LAN 192.168.4.1
WAN1 172.16.1.7
WAN2 172.16.1.8
AS 65005
LAN 192.168.5.1
WAN1 172.16.1.9
WAN2 172.16.1.10
AS 65006
LAN 192.168.6.1
WAN1 172.16.1.11
WAN2 172.16.1.12
AS 65007
LAN 192.168.7.1
WAN1 172.16.0.13
WAN2 172.16.1.14
AS 65008
LAN 192.168.8.1
WAN1 172.16.1.15
WAN2 172.16.1.16
BGP
Laboratrio 2
DADOS:
AS 65001
LAN 192.168.1.1
WAN1 172.16.1.1
WAN2 172.16.2.1
AS 65002
LAN 192.168.2.1
WAN1 172.16.2.2
WAN2 172.16.3.1
AS 65003
LAN 192.168.3.1
WAN1 172.16.3.2
WAN2 172.16.4.1
AS 65004
LAN 192.168.4.1
WAN1 172.16.4.2
WAN2 172.16.5.1
AS 65005
LAN 192.168.5.1
WAN1 172.16.5.2
WAN2 172.16.6.1
AS 65006
LAN 192.168.6.1
WAN1 172.16.6.2
WAN2 172.16.7.1
AS 65007
LAN 192.168.7.1
WAN1 172.16.7.2
WAN2 172.16.8.1
AS 65008
LAN 192.168.8.1
WAN1 172.16.8.2
WAN2 172.16.1.2
BGP
Laboratrio 3
DADOS:
AS 65001
R1
LAN 192.168.1.1
WAN1 172.16.1.1
WAN2 172.16.2.1
R2
LAN 192.168.2.1
WAN1 172.16.2.2
WAN2 172.16.3.1
AS 65002
R3
LAN 192.168.3.1
WAN1 172.16.3.2
WAN2 172.16.4.1
R4
LAN 192.168.4.1
WAN1 172.16.4.2
WAN2 172.16.5.1
AS 65006
R5
LAN 192.168.5.1
WAN1 172.16.5.2
WAN2 172.16.6.1
R6
LAN 192.168.6.1
WAN1 172.16.6.2
WAN2 172.16.7.1
R7
LAN 192.168.7.1
WAN1 172.16.7.2
WAN2 172.16.8.1
R8
LAN 192.168.8.1
WAN1 172.16.8.2
WAN2 172.16.1.2

Protocolos de Roteamento

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Protocolos de Roteamento

Transféré par

Droits d'auteur :

Formats disponibles

Introduo

Gerncia Unificada contra Ameaas

Jederson Silva FCNSA/FCNSP

Jederson Silva FCNSA/FCNSP

Jederson Silva FCNSA/FCNSP

Interligao WAN dos fortigates.

Jederson Silva FCNSA/FCNSP

Jederson Silva FCNSA/FCNSP

Jederson Silva FCNSA/FCNSP

Classificao dos Atributos :

Vous aimerez peut-être aussi