Firewall training lab with layer 3 switch
Hello all,
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
can you please put your default route like:
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
Premium Content
You need an Expert Office subscription to comment.Start Free Trial