Scribd Logo
Upload

Welcome to Scribd!

  • 03 - Administrators, Interface Types

    Uploaded by

    Ahmed Marzouq
    5 views3 pages
    Administrator profiles define administrator access levels and what functions they can perform. The default admin account uses the super_admin profile, which has full access. Interface types include aggregated interfaces which combine bandwidth of multiple physical interfaces, redundant interfaces which provide failover, loopback interfaces that are not dependent on physical links, VLAN interfaces for virtual subnets, and software switches that simplify communication between interfaces virtually.

    Original Description:

    Original Title

    03_Administrators, Interface types

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Administrator profiles define administrator access levels and what functions they can perform. The default admin account uses the super_admin profile, which has full access. Interface types include aggregated interfaces which combine bandwidth of multiple physical interfaces, redundant interfaces which provide failover, loopback interfaces that are not dependent on physical links, VLAN interfaces for virtual subnets, and software switches that simplify communication between interfaces virtually.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    03 - Administrators, Interface Types

    Uploaded by

    Ahmed Marzouq
    Administrator profiles define administrator access levels and what functions they can perform. The default admin account uses the super_admin profile, which has full access. Interface types include aggregated interfaces which combine bandwidth of multiple physical interfaces, redundant interfaces which provide failover, loopback interfaces that are not dependent on physical links, VLAN interfaces for virtual subnets, and software switches that simplify communication between interfaces virtually.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    _Administrators, Interface types

    Administrator profiles
    Administrator profiles define what the administrator can do when logged into the FortiGate.
    Assigned to an administrator account, which dictates what the administrator sees.
    By default, the FortiGate has an admin administrator account that uses the super_admin profile.

    Super_admin profile
    This profile has access to all components of FortiOS, including the ability to add and remove other system administrators.
    For certain administrative functions, such as backing up and restoring the configuration, super_admin access is required.
    To ensure that there is always a method to administer the FortiGate, the super_admin profile can't be deleted or modified.
    The super_admin profile is used by the default admin account.
    It is recommended that you add a password and rename this account once you have set up your FortiGate.
    In order to rename the default account, a second admin account is required.

    Note
    Lower level administrator profiles can't backup or restore the FortiOS configuration.

    To configure admin profiles.


    System, Admin profiles
    To simplify guest account creation, you can create an admin account that is only used for guest user management.
    Enable Restrict admin to guest account provisioning only and select Guest Group

    Restrict login to trusted hosts


    You can configure an administrative account to be accessible only to someone who is using a trusted host.
    You can set a specific IP address for the trusted host or use a subnet.

    Firewalls Page
    Interfaces.
    To configure interfaces.
    Network, interfaces
    Interface types:
    Aggregate Interfaces
    - Link aggregation (IEEE ad) enables you to bind two or more physical interfaces to form an aggregated (combined) link.
    - This new link has the bandwidth of all the links combined.
    - If a link in the group fails, traffic is transferred automatically to the remaining interfaces with the only noticeable effect being a reduced
    bandwidth.
    - Support of the IEEE standard ad for link aggregation is available on some models.
    - An interface is available to be an aggregate interface if:
    it is a physical interface, not a VLAN interface or sub-interface
    it is not already part of an aggregate or redundant interface
    it is in the same VDOM as the aggregated interface. Aggregate ports cannot span multiple VDOMs
    it does not have an IP address and is not configured for DHCP or PPPoE
    it is not referenced in any security policy, VIP, IP Pool or multicast policy
    it is not an HA heartbeat interface.

    Redundant interfaces
    - Traffic is only going over one interface at any time.
    - This differs from an aggregated interface where traffic is going over all interfaces for distribution of increased bandwidth.
    - An interface is available to be in a redundant interface if:
    it is a physical interface, not a VLAN interface
    it is not already part of an aggregated or redundant interface
    it is in the same VDOM as the redundant interface
    it has no defined IP address
    is not configured for DHCP or PPPoE
    it has no DHCP server or relay configured on it
    it does not have any VLAN subinterfaces
    it is not referenced in any security policy, VIP, or multicast policy
    it is not monitored by HA

    Loopback interfaces.
    - A logical interface that is always up (no physical link dependency).
    - The attached subnet is always present in the routing table.

    • VLAN interface (Sub-interface)


    - To configure a sub-interface.
    - Network, interfaces, Create New, Interface
    Name: Guest
    Type: VLAN
    VLAN ID:
    IP: Manual, /

    Firewalls Page
    IP: Manual, /
    PING
    ok
    - Switch interface connected to the firewall must be trunk and configured with dot .q

    Software Switch.
    - A virtual switch that is implemented at the software, or firmware level, rather than the hardware level.
    - Can be used to simplify communication between devices connected to different FortiGate interfaces.
    - Similar to a hardware switch, a software switch functions like a single interface.
    - A software switch has one IP address; all of the interfaces in the software switch are on the same subnet.
    - Traffic between devices connected to each interface are not regulated by security policies.
    - To create a software switch interface
    System > Network > Interface and select Create New.
    Type: Software Switch.
    In the Physical Interface Members option, select the interfaces to include.
    Configure the remaining interface settings
    Select OK.

    Firewalls Page

    You might also like