NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 – FortiGate Firewall V6.4 Part 17
60. Lecture-60:High Availability HA Active-Passive Lab.
Yesterday we discuss evolve ha what is HM and we call them High Availability cluster red and fault tolerance redundancy and all those things. And we discuss theoretically that we need a backup solution. And this backup solution we call them Redundancy or High Availability. And we saw that everywhere you will find a redundancy. See, like even we have redundant power supply, redundant link. We have written array, which we call them hard drive and server.
We have eco channel. We have VSS switches, which we configure for redundancy. We have HSRP VRRP GLBP for redundant gateway. Why we need definitely is the high demand of nowadays. Everybody wants that. We don’t need either. We not require any downtime. So definitely they need high availability. Then we saw that 40 Kate farewell can be deployed in two way and high availability active pace. If where one farwell will play the role of active which we call them master and how we can choose them? Just give them high priority and the highest priority if I mentioned them okay, I did not mention I will show you there in the lab and then give them less priority to other firewalls.
And there will be two link one h a link will be used, the other is just like a backup solution. So we are using two firewall for breakup solution the same, we are using two interfaces as a backup solution and we give high priority to one firewall to make them master the same we can set H a link higher priority to make them that this link will work. This link will not work until this link is available. So we can do this thing as well then activate and I told you, most of the time you will see active pace but in active again it doesn’t mean that both the firewall will work at the same again there will be one master and one slave.
The master will take the traffic and it will distribute to the slaves. Then you also process the traffic and I will also process the traffic and most of the time for TCP base so it means active doesn’t mean that both the firewall will work on the same time for every type of traffic and 40 gate and parallel to yes is possible. Both the firewall will work, but it’s very complicated to deploy them you have to segregate your environment to push the traffic to one firewall and segregate the environment to push the other firewall. That’s why nobody requires this active deployment here only TCP base station will be distributed.
So again one firewall will be master, but the other will also work to help the master firewall and it will process the traffic on the same time as well. But it doesn’t mean that both will be showing active no again one will be master and the other will be Slave. But Slave in this case will work while in active pays. If slave will never do anything, it will just synchronize and whenever the master is down, it will take over and will process the traffic. That’s the only difference. To revise you we discuss about high prerequisite which is need same model, same operating system, same interfaces the only thing can be different is hostname and priority. And everything has to be same. Same license, same everything. Then you can deploy Ha between two for one. Then we discuss about high availability link. So they are using ether type value which we will capture today and I will show you ether type value. They have some special type in Google you will see these are special value for every ether type. If you like a la two, they are using a PPA which I will show you again today in the lab. And you can connect to four wall using cross cable for HL link we call them HL ink. One link will work, the other will just watch out. So when one link is down for some reason, the other will start work.
Just what we discuss about. Then we discuss some terminology. Failure definitely one firewall is not working, the other will call this method failure heartbeat. They are sending the packet. So if one firewall is not replying, so definitely the other will take over. Then you can monitor the link as well. Maybe the device is up, but the vein interface normal cases in real life we normally monitor vein interface if the end vein interface is down, so it will take over again. N priority is a value numerical value which we put to give interface priority. Either the far wall to give priority and override. Definitely we will see override as well. Override is nothing but in powerwall too.
We call them what is the name we call them in Cesco we call them Preemption yes, preemption yes, I forgot the name so preemption so we call them Preemption. So whenever the first firewall come up, for some reason master is down when it’s come up and you say no, make them as a master again then you have to enable override and there we call them Preemption. We will see that when session pickup we will see that to synchronize both the firewall. So in case one firewall is down, the other firewall will take care of TCP session which is already established like a telenet Sshtp, Https all those are using TCP base and UDP doesn’t require any session to be created. So that’s why we don’t care about UDP. Definitely it will be dropped for a while and hard bit definitely they are using hard bit but you can make them unicorn. We will see this option as well. So let’s go to lab first we will do active pace of lab. This topology we will use.
We will take two switches. Suppose this is our lane. We already done DHCP. So this time we will use DHCP to provide IP to the system automatically. Why not test it DHCP as well? Port one is our inside and port one will be used for outside and also for management as well. Rather than to attach a new system and create a management, why not use this one for lay purpose and we will use a net cloud for Internet purpose and port three and four we will use for HLM ha one and Ha two. We will give high priority to port three to make them active one and port three as a backup for Tiger firewall we will give them high priority to make them as a master and 40 gate Two we will give them less priority to make them as a secondary firewall either. Slave so this is also the cluster or just the active or vast effective, you can make cluster as well more than too far wall you can make them as a cluster is also possible. But here in the course we will do a practice.
Active and active, but it can be more than two farewell. And that terminology we call them Cluster. More than so this is our IP scheme for Primary firewall. We are using three interfaces. Four interfaces, by the way. Two? Are for Ha and Ha backup. And one is for outside. One is for inside. So this is our IP schema. One we will use inside. And this case, my external is one, one, four. But here is mentioned. One, two, two. The same will be here. Okay. It will inherit everything. And Ha one ha two doesn’t require any IPS because they are using layer two technology to no need of this one PC. They will use DHCP as I told you, you can put directly as well static but it’s better to use DHCP. We already done DHCP DNS. Definitely we will use Google DNS and first we will do active passive so master we will assign them high priority to make them master. And then the slave we will assign them 50 or 60 whatever group name we will give them a group name. It has to be the same on both firewall. So H a group whatever you give them and hardbeat port which is HL link port three and port four. So let’s go to lab and here let’s go to take two firewall. So this is my one firewall and this is second firewall. Now I need two switches so let me take one switch here and one switch this side.
Now I need few clients so let me drag this one to the middle and I need some clients so vectorum which we can use them. One, two, three is enough. These three are enough. Okay. These are my three clients external I need a net cloud for internet purpose. So this is the internet cloud, okay. And let me change the name internet okay then I will connect this to the switch and from switch it will connect to port one and here also to port one. From here it will connect to port two. And here also port two. And I don’t care about these, okay? It should be connected anywhere. These are my inside client representing inside client. So let me start this switch to get the IP by just TTCP and start and start this one and start this one. So it will start. And what we will do, let me make them a bit proper and select and let me align them properly. PC one, PC two, and here let me type port one. So port one is the outside one. Okay? And let me duplicate. And port two is also here. Here we have port two. And here we have also port two. Port three and four we will use for ha one and ha two.
So port three to connect them to port three and port four to port four. These are the two. Okay, it looks like it’s not in order, so let me make them align and let me move them here. Okay? So port two, port one and here port two and port one. And let me put them here. And let me okay, now I need to just hear this is port three, both side and this side we have port four. This is the general configuration. Okay. What else I need? Okay. The IP schema. But before going to IP schema, select these and make them as a DHCP client. Right click select all, go to Edit configuration and enable Auto and auto PC One. And remove this one and this one. PC two and this one. PC three. Done. Now I can start this one. But before starting, let me assign DCP. So we will use DCP and this port two and also DCP and this port two. So it will assign automatically IP. Here what else I need. I need this which will be the primary. So let’s say this is our primary firewall. We decide one and this will be second refer wall. Done. Now I need an IP schema. So for IP schema 109, 216-8124, I will use this one inside and definitely in this side. I don’t have a controller. I will use net cloud one one four range, which is my net cloud range, this one. And here the IPS two. We all know this the gateway two.
Okay. And DNS. We are using Google DNS. Eight, eight. That’s it. That’s the things which we require. Okay, so now let’s start from 48 one, this one, primary one. And let me start this one as well. By the way, they will get IP later on it’s okay, we don’t have DCP yet. So right click on this and go to console. So on port one they already get IP through DHCP. So let’s log in there. So let me go to admin enter one, two, three password. One, two, three, password control queue, clear the screen and show system and question mark. So on first port they get this IP from net cloud this 40 gate one so let me log in there first. Okay. Username is admin password is one, two, three never. And let me give them a name primary FW so this is my primary firewall and let me change the color for a while. I know it will be merge after a while but at least for your understanding let me go to system setting and let me change the theme. So the theme can be changed from where is it should be this one. So let me give them blue so this is my primary firewall because I told you two things can never change one is the name and the other one is priority. So the name is primary firewall I give them and let’s why not go to the other one as well? So right click on this one console and admit no password enter 123123 you can give any other password. This is my what is which password into?
Sorry show system n okay sorry it’s KFC login on question mark and this is 137. Let me log in this firewall as well. Okay so this will be green okay the one which is C country edmund and one, two, three network and begin and here I will say country underscore firewall okay so the green one is secundry and right now the blue one is primary. So what we need to do I don’t need to touch right now the secretary one everything I need to do first and primary fire one. So what you can do first go to interface is we do normally startup so what I need the basic thing I need port two to enable DSCP and assign any IP from this range 100 which we normally do. So I will assign 100 here IP address and in the same thing it will take automatically 100 here on this side anyway and let’s assign 100 here this side as well. So what I need to do port one is my management as well and also when so better to use them as a when I give them the name when and make them manual and let me assign them 100 why not 100 so http and everything is enabled.
Because I’m using the vein port as a management for a test purpose so don’t be confused yourself. Okay now it will disconnect now I will log in instead of 136 ie have to type now 100 and log in again admin one, two, three so I change one interface name and the IPI make them static port one port two is my lane interface. I’m still in primary firewall watch out for the first firewall okay and give them lane static IPV decide 192, 168, 124 just allow ping no need of management access on len but enable DHCP server let them assign let remove this one either. No need, it just only three systems so from one to 99 because 100 is here what will be the net mask? Yes, default gateway. It will be the same as an interface 100 and DNS will be the system interface. So it’s okay, no need to do anything. It’s enough. We already know all these details. So my lane interface is done, but I’m using two more interfaces, three and four. So click on third number interface and give them the name HF One. No need of IP, no need of ping given anything. Just give them the name and Ha One is enough.
And go to port four, which is this one, and assign them Ha two and okay, so I’m still in the primary firewall, which is blue color. I just change the name so that it can be easily understand. That’s the only thing I need. So then I configure DCP and an assigned 100 when I make them static IP, that’s it. And I give them two name ha One ha Two which is connected between two farewell. We call them H a link. High availability link one and High availability link two. Now I need to configure DNS the basic thing which we always do a eight and the other one is one one and apply next thing I need to do static route so that my traffic can go out. So I say anything. Give it to 192-16-8114 dot two, which is my next for this one 1114 two on the venue interface n okay, this is also done. Now I need one single policy to allow the inside traffic. So go to IP for policy by default everything is denied. So I choose from here land to where you can give them any name lane I am going to win. Source can be anything. Now we know this address is yesterday we discussed destination can be anything and services can be anything flow based we know netted we know, we know.
And I don’t need security profile and all session I want and okay, that’s the basic stuff I configure. Now let’s come to Ha. So go to system. There is ha High Availability which we are just revived. Click on H. Estimar tends to control firewall. Okay, I’m still here. If you don’t like this color, let me give them another color. Any other theme? So blue there is this one. Yeah, this is a bit better, more visible. So click on hang primary firewall, which I give them the name primary Firewall. By default every firewall is in standalone mode, means standalone. I click here in system and Ha click here. We will do first active passive. Click on active passive. That’s the priority. I told you so. In the lay we say we will give high priority to 100. Which device? The master one. So let me give them 100. You can put any of our video, you can put one two as well. But we decide to give them so that anything happens. So we can watch our file. So, group name. We decide sha group again.
You can give any name and put the password 123456. Let me see 123456. I set this password again. You can set any password. You can set any but it says to be same. On the other, firewall and priority can be one, two, it can be 15, it can be 1020, it can be one has to be the primary one, which you want to make them primary, give them high priority. That’s the only thing. Session pickup. I just revised and yesterday we discussed in detail enable session pickup. That whenever you have some session related to TCP, give it to your friend. Then monitor interfaces which I just revised them and what is my monitor? I’m in this firewall, this interface is very important for me.
I want to monitor port one. I don’t want to disconnect from internet. Maybe this firewall is on so the Haling will tell to this firewall that yes, he is alive, but the link is down. So definitely the traffic will come here and will drop, drop, drop because there the link is not there is an issue with the Vend link. So this is very important. So what I do, I say that monitor port one as well whenever this is down, even if the firewall is not down, take over so the traffic will divert and it will come on this way and it will go out. So this is called port monitoring either interface monitoring so which interface I am interested which is my way in port one interface, this one port that’s why I give them the name. So can I easily identify? So monitor interface is done, another is hardbeat interfaces I will be I just revised them. What is heartbeat? Hardbeat is nothing the hello packet which they are sending and receiving to check their availability these two interfaces is heartbeat port three and four. So I will say here that ha one, ha two these are the heartbeat interfaces.
So now they say give them priority. I told you that only one interface will work and I told you about the priority can be for the far one and priority can be set for per interface as well. They are asking me which interface is your primary one. The other one is like a backup so that I can send the hello and hard beat. So I save 300 the maximum 512 and pod three let me give them anything. Suppose 200 205 is okay, even if you cannot again it’s the secondary one now when I go down they mentioned management interface reservation I told you two things can never be changed. One is your name, second is your priority because these two things can identify you between one or more than more than two firewall as a cluster if you have high priority then you will be identified by that priority and name will be identified. These two things will never be changed. Rest of everything will be marked with each other. But now the question is I have a management IP 11140.
But my next firewall is management IP 109 216-811-4137 which is a vein as well. But anyway so what you can do, you can management interface reservation like a hotel reservation. You can reserve the interface show them. Because we are using when as a management. But your management will be show some enter phase. Choose that one. Suppose five suppose this is your management. And put the gateway and IPV six if you have and put and reserve them. So that interface will be also distinguished like a name and priority. But anyhow we don’t care about that one. So I say I don’t need management interface reservation. And the last thing which I just revived. In normal cases in real data center your deployment will be like this. Your both four wire will be in the same brake. Either in different rake. And you will be connected through cross cable.
Two R will go plug here and two R will be here. That’s it. So no need of any multicast unicast. Because you are directly connected. You don’t care no security needed. Because in the same data center and both the firewall is in same brake even sometime it is up and down with each other. So then why they are asking me unicorn heartbeat. But when you are deploying these firewall in virtual environment not a physical devices physical appliances. Then in VMware you know the VMware they have many product virtualization. Then it’s very difficult to allow broadcast. So then you can use unicast heartbeat. That because you are not in data center to send and receive broadcast traffic. I will show you when I enable them. When I was shocked here you will see broadcast picket will go on this one ether type. So you can enable unicast hardbeat. But this is only in the case of virtualization environment. Not in real world. You will never see this one. But anyway I don’t need unicast as well. And these are the things to enable high availability. And click OK. It’s the password. Don’t worry.
There’s another thing. So it’s showing me ha master. And it’s come up like this way. If you check the interface there is an Ie. This is the link monitor to watch out. Watch out for this interface. And yes, port one is our way in interface. So I told to them that watch out for this one. If this interface is down again you have to take one and then three and four interface three and four there is a heart. It means heartbeat. On these two interfaces they are sending hard beat three and four. That’s why I mentioned and rest of interfaces we are not using. Two are we are using because there is nothing. This is our lane. This is our venue. So I here. And these are hard bit ha hardbeat interface and ha hardbeat interfaces. So this is tonight. They say only one firewall with 100 period. Hostname is primary firewall. Serial number of the firewall role is Master.
Uptime is 16 minutes, session is 20 and throughput is this one and you can put in the list as well and you can face plate like a flase plate like you know the number plate of car you can show like this one and you can list and you can all and you can refresh. So my primary firewall is done. That’s it now going to the other Farwell secretary don’t do anything, everything will be done automatically. Just go to system no need to change a static IP because this IP will be no more. Only one IP will be used the primary IP management 11140 no need to give them the interface name which I done here no need to configure DNS, no need to configure static route, no need to create a policy which I done everything in primary it will be inherited here, it will be sync here. Just go to in the second firewall system click on AHA and make from secondary to active passive give them priority less than 100 which they have but less than give them the same name. This is important.
So our name was I think so HLG and it should be the same password 123456 enable session pickup monitor interface is port one which is our exit and heartbeat. We have three and four and priority I sit here this one and the other one is nothing. No need of management anything and just press. OK. Now if you come here and log in here admin one, two three. You will see some messages. It will start to synchronize each other. And let me come here. One, two, three right now there is nothing yet primary firewall and secondary. We give them these name so it will start sending sync with Master. It started slave external file are not in sync with Master. They say I’m trying to sync with the Master firewall because I’m connected directly through two interfaces which you say these are the ha link. Okay, so they are trying slave external fire and not sync with the Master. They are trying to sync with the Master one whatever we configure and the Master one it will sync here automatically. So mostly you will see the messages on the secondary one. And after a while you will see the color will change. And that’s when there will be another firewall. Still I cannot see.
Yes, come up. But with grass. Let’s say we have another firewall with the name Secretary Firewall, because a 2d name will never change with this serial. My serial is J-E-B and his serial is J two F. His role is Slave I am. A master and almost we uptime is similar session is 48 and there is 27 and this is the throughput and they are using the same interfaces and everything again still not sync because until there is a tick mark green. So it means the process is still going on. Yes, it’s showing here and also waiting for cluster data. So everything will be here after a while. And it’s showing here Ha. And also you can verify to go to dashboard status. You remember there was one widgets with the Hate which is not showing so we can add Ha. You remember we can add widgets from here on. First picture we discuss there is HS status. Click on that and close there will be HS so let me make them here. And it’s better to resize than the full so we can see in more detail. This one you say mode is active as if we are using active group name is HHG master one is the primary firewall is the name of the firewall. It can be something else. It doesn’t mean that the primary means it has to be primary all the time. And slave means Secretary firewall. So Secretary is still not synchronized with showing in the message. So we are still waiting. Let’s see it’s still sinking and let me refresh this one and maybe it’s now done or not. It takes some time so let’s wait if it is still there.
So it’s still there and let’s go back to system and Ha to verify from there as well. So it’s still in process. So let’s wait for another one and two minute is done I think. So let me refresh now it’s done now. So it’s joined with 500. So that’s why he is Master and this one is Slave. And also now go back to the dashboard status. Now you will see that there is country is Secretary Firewall. It doesn’t mean secretary. Slave name is Secretary Firewall and this is Preemptive. And here it will be not any more available on this one, no more this IP because it has become cluster. So don’t care about that one, only one firewall now like a one firewall. So this is everything but they will give every session to the other firewall. So let me generate some traffic from here. If I get IP from DCP or not, let me see now I can go to Facebook from here and let me go to this one as well. And let me go from here to Amazon. So the my traffic will go like this way, it’s the primary and it will go to Facebook.
The same list will go like this way but they will give a session to this. And also there will be layer two connectivity and detail. Let me show you that which I told you. So start capture because I give port three as a primary one link, you remember? So if I go there, you will see ether type which I show you here. If I go to this one, ether type will use eight 80. So let’s see if it is started then you will see a lot of broadcast traffic. Look at. Broadcast eight 8908-890-8891 and 8893 and you can see 8890-8893 and 8892 and it’s ethernet. And if you check on this one, any packet you can see, okay, the IPI will show you from the other place because it’s ethernet type. And these are the broadcast package which I told you for virtual environment you can make them unicorn. So they are sending and sending and receiving the heartbeat using we are connected with cross cable and they are using this ether type of value to exchange the Ha information with each other. I will show this IP. They are using this IP. I know this layer tooling, but still they will get this IP and the interface. Let me go to primary Firewall to verify something admin and one, two, three I’m in the primary firewall and get system HS status.
You will see the IP that the cluster work on 169, 254, two IP 169, 2540 IP. So it’s already yes, it’s already there. What else to verify? Yeah, okay, so now every session is passing to the first file while this one and we can see the session to go to 40 view and all session. So we went to Facebook, we went to Google, we went to all the traffic is here one two and one three PC. These are our one two and one three. They get IP automatically through DHCP and every gate when everything so they visit there. And because you are using native one IP 11140 was translated every IP these sessions will be there as well and the other firewall. So suppose if I’m doing a ten net or SSH and down the main link, so what I need to do, I need a ten net somewhere here. So let me take one router here on the outside, let me take router to connect outside. Suppose I have a system like Google or anything and because if I take Http, it will be destroyed after a while. So I need Http either SSH, either telnet which using TCP and connected all the time so their practice can be done through telnet either SSH. So let me go to this router first, okay? And make them as an external one router interface e zero slash zero IP address t Hcp note shut down, it will get IP automatically and also it will get the gateway.
Let’s see which IP they are taking and why not give them our own gateway? And until this line with y zero to four transport input all and password one, two, three and what is curlougin? So it’s get 1114 233 IP show IP interface that’s the outside IP telenet is there. Let me go from inside to outside and do a TenneT. This is a TCP station. Yeah, we know tenet is working on and I paste okay, so it’s not possible. 192, 168 one, one, four what was the IP? 231213 let me take a telnet and I’m in the router log into the router and I can see from here. Who. So it says 192, 168, 114 because it’s showing native IP. This IP 100. This outside IP it’s okay, but I take session from inside. And let me do a continued ping from this PC as well. I know TCP only session is, but anyway, let’s try this one as well. A continue ping. And now let’s go to down this firewall. Okay, the primary fire village is primary firewall. This one is the primary firewall. And execute shutdown. Yes, yes. Do you think my telenet station will be disconnected or not? Because my traffic was going through the primary firewall and for every firewall is not anymore. So it’s down. Now let’s go to my session is still connected and let me enable on the router enable so that I can run some command as well. Enable password.
One, two, three firewall is down and I’m taking enable. Yes, and let me type the IP and I’m in the router show IP interface brief. Yes, everything I can do, I’m still in the router. I have a TCP session and the router which I’m using firewall is down, is red, but it never disconnect me because the traffic was doing update firewall. So if they are non disconnect me, it means the session is being picked up by the other firewall. And if I log into the same firewall, it’s log out. Okay, this will be the same IP. But now this time it will be a second refer one. It will be written on the top secretary look at I say the name will never be changed, but secretary become now the primary firewall. If I go to system and check ha. So it’s showing me that with 50 priority I am in the master because nobody is here. Sir, IP will not get changed. No, IP will never change. Yes, if I told you the management IP can be changed if you want. When I was configuring, I told you you can reserve the management IP. But this IP will be the same. Yeah, they will use only one IP, the primary firewall IP. Okay? Yeah.
So now I am mastered with 50 and I’m taking care about the session. Now, whatever session was existing, it is already here automatically in my session table and they are taking care about this one. That’s why I never disconnected it’s. Okay, now my telegraph is already here. This isation I established before when the error firewall was up and this one was a secondary one. And still I’m connected there. And also Ping will be continuing. I know Ping will not command the TCP because it’s another protocol just to show you that you understand the concept. I know TCP. I may need to show you TCP based rather than to ICMP based, but anyway, you get idea from here. Now the question is if the far wall came back this one primary start again for some reason, we make them down for maintain its purpose or for some other purpose either temporary is down. Now the firewall came back. What do you think? It will be primary again other because they have a higher priority.
I think you have not enabled override, so it will not. Yes, excellent. Yes. My session will be disconnected and let’s see it will be remain. Yes, because the other will never take work again. So let’s go to system and go to Ha and let’s see. Okay, the power is still not up. So let me refresh. After a while the priority with higher one will come back again. Let’s see. So it will take some time. I think so it’s booting so far. Well, okay, it’s come up now. Admin one, two, three and let’s see now is the refresh. Okay, it’s come up now look at with the highest priority still a slave. So one thing is proof that even if a firewall is a primary firewall and you give them higher priority and for some reason the firewall down. And if it is up, it will never come as a primary again. Until unless you enable Preemption, which I didn’t enable preemption. Now the question is from where to enable Preemption in Ha there is nothing to configure there’s. Why? In 40 gates some of the things you have to go to CLI. So what I need to go I need to go to 40 gate one, which is this one with 100 and still here slave is written slave. So what I need to do, I will go to config. Sorry. Config and system ham is high availability that I want to configure a Ha system and set override rule. I just told you, it’s called override.
There we causing preemption and I will say I want to enable it and end now. After a while you will see this slay will become again master and little refresh logout admin one, two, three. Now it will be login as a primary again. Primary firewall is the name of the firewall. I can give them one and two as well. F one, f two. But I give them the name, which is confusion anyway. So if I go to Ha again this time the primary firewall 100 is become master again. Because I enable override and this override command config system and set override enable. So we check the session pickup. We check the firewall if one is down and already there is establish connection so the user will never be disconnected. Two things we verify and we check that every firewall both the firewall has to be the same. Same interface is same origin, same everything. And then we check if the master firewall with high priority is down when it’s come back, it will be slave until an unless you enable overwrite rule.
And then we verify that they are using H a link to exchange the information. One is as a backup. So right now they are using Port Three as a HF one and sending broadcast packet, which is ether type. Ether type is nothing like a layer two packet. And then I show you. They are using 169 IP which we check 169 is nothing but a PPA IP these are the thing in active pacem let me go if I miss something for some reason let me quickly so we configure the firewall name you can give them any name. Okay, then we get an active pace we configure them, we make them the DHCP verification you can ping and I should you TenneT session and we disable one firewall so maybe one packet loss for ICMP, not for TCP and then we make them and you can verify and just to come on to enable preemption that’s it. That’s the only thing.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »