SlideShare a Scribd company logo

Fortinet Ansible Solution Part 2

S
Salim Haniff

This document details the setup of two CentOS servers on VLAN 100 and VLAN 200, ensuring they can communicate according to the established firewall policy. It outlines the installation and configuration steps for both servers, including network settings and the installation of necessary packages like libvirt. The final verification demonstrates successful communication between the workstation and both servers, with a future tutorial planned to install WordPress.

Internet
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
FortiNet/Ansible solution Part 2 Presented by: Salim Haniff (shaniff@parabellyx.com)
INTRODUCTIONINTRODUCTION Second of 4 in the lecture series Set up 2 CentOS servers on VLAN_100 and VLAN_200 Verify that they are able to communicate as instructed by firewall policy
BACKGROUNDBACKGROUND Our FortiGate Appliance was configured via Ansible to create VLAN_100 and VLAN_200, and firewall policies This ensures network separation between Dev and Prod environment Separate servers will now need to be installed in the respected zones
WHY CENTOS?WHY CENTOS? Free alternative to RedHat Enterprise Linux Lots of information online to help troubleshoot issues Easy to implement VLAN, network bridges and VMs
SETTING UP CENTOSSETTING UP CENTOS The installations for both the Dev and Prod servers used a minimal installation Ensures we don't have a lot of packages on the servers We need to disable NetworkManager since it sometimes conflicts with network setting $ sudo systemctl stop NetworkManager $ sudo systemctl disable NetworkManager
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER All network configurations are stored in /etc/sysconfig/network-scripts/ To find which interface is active run Here we can see interface enp3s0 is our main network interface Backup the configuration $ ip a $ sudo cp ifcfg-enp3s0 $HOME/
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER We will now install the libvirt package to help us bring up a virtual switch and help with launching VMs. $ sudo yum -y install libvirt $ sudo systemctl enable libvirtd $ sudo systemctl start libvirtd
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Change the settings of the ifcfg-enp3s0 file to reflect the changes below BOOTPROTO="none" DEVICE="enp3s0" ONBOOT="yes" TYPE="Ethernet"
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Create new file called ifcfg-enp3s0.100 . This denotes that this interface will use VLAN_100 Notice the we added the parameter BRIDGE, this will tell the virtual bridge to use this interface as the uplink to the network. DEVICE="enp3s0.100" BOOTPROTO="None" ONBOOT="yes" VLAN=yes BRIDGE="virbr0"
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Create a new file called ifcfg-virbr0 . This is the virtual network bridge configuration. DEVICE="virbr0" BOOTPROTO="static" ONBOOT="yes" IPADDR="10.1.1.2" PREFIX=24 NETWORK=10.1.1.0 VLAN=yes GATEWAY=10.1.1.1 DNS=8.8.8.8 TYPE="Bridge"
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER One final setting that needs to be configured is loading the 802.1q kernel module that enables VLAN. To enable this module, enter the following command: Now reboot the server and check that the server comes up. $ sudo sh -c 'echo "8021q" > /etc/modules-load.d/8021q.conf
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Exact same procedure that we did on the Dev server This time our main network interface is enp2s0
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-enp2s0 TYPE="Ethernet" BOOTPROTO="none" DEVICE="enp2s0" ONBOOT="yes"
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-enp2s0.200 BOOTPROTO="none" DEVICE="enp2s0.200" ONBOOT="yes" VLAN=yes BRIDGE="virbr0"
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-virbr0 DEVICE="virbr0" BOOTPROTO="static" IPADDR="10.1.2.10" NETMASK="255.255.255.0" GATEWAY="10.1.2.1" DNS1="8.8.8.8" ONBOOT="yes" TYPE="Bridge" VLAN=yes
CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER One final setting that needs to be configured is loading the 802.1q kernel module that enables VLAN. To enable this module, enter the following command: Now reboot the server and check that the server comes up. $ sudo sh -c 'echo "8021q" > /etc/modules-load.d/8021q.conf
VERIFICATIONVERIFICATION Now both of our servers are now configured. We need to test them. With your workstation, set the network device to VLAN_200 and try to ping 10.1.1.1 and 10.1.2.1 Now try to ping 10.1.1.2 and 10.1.2.10 Finally, try SSHing to both of those boxes
WRAPPING UPWRAPPING UP We now have a dev and prod servers running on their own network Our workstation is now able to communicate to both of them In the next tutorial, we will install Wordpress on both the Dev and Prod servers. If you have any questions or feedback, please reach out to me ( ) or our staff. Contact info will be provided below. shaniff@parabellyx.com

More Related Content

PDF
Easy vpn
Hồ Đắc Biên
 
PDF
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
 
PDF
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
雄也 日下部
 
PPTX
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
 
PPSX
vSRX
MarketingArrowECS_CZ
 
PPTX
Introduction to nexux from zero to Hero
Dhruv Sharma
 
DOCX
OTRS
Muhammad Qazi
 
PDF
Installation of pfSense on Soekris 6501
robertguerra
 
Easy vpn
Hồ Đắc Biên
 
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
 
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
雄也 日下部
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
 
vSRX
MarketingArrowECS_CZ
 
Introduction to nexux from zero to Hero
Dhruv Sharma
 
OTRS
Muhammad Qazi
 
Installation of pfSense on Soekris 6501
robertguerra
 

What's hot (20)

PPTX
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
 
PDF
Cumulus networks conversion guide
Scott Suehle
 
PPTX
Factory setup wsa_9.2_v1.0
Dhruv Sharma
 
PDF
Next Generation Security Solution
MarketingArrowECS_CZ
 
PDF
Step by-step installation of a secure linux web dns- and mail server
Integrated Circuit Design Research & Education Center (ICDREC)
 
PDF
Rabbit mq簡介(上)
共和 薛
 
PPT
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
Matt Dunlap
 
PDF
Campus
MarketingArrowECS_CZ
 
PDF
Отказоустойчивость с использованием Cisco ASA Clustering
Cisco Russia
 
PPTX
The Switch as a Server - PuppetConf 2014
Puppet
 
PDF
The latest developments from OVHcloud’s bare metal ranges
OVHcloud
 
PPTX
Fiware testbed from hardware to openstack
Henar Muñoz Frutos
 
PDF
Dev stacklabguide
openstackcisco
 
PPTX
Is OpenStack Neutron production ready for large scale deployments?
Елена Ежова
 
PPTX
OSDC 2014 ONIE by Nat Morris
Cumulus Networks
 
PDF
Open Networking for Your OpenStack
Cumulus Networks
 
PPTX
Differences of the Cisco Operating Systems
美兰 曾
 
PDF
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
PPTX
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Cary Hayward
 
PPT
Cisco data center support
Krunal Shah
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
 
Cumulus networks conversion guide
Scott Suehle
 
Factory setup wsa_9.2_v1.0
Dhruv Sharma
 
Next Generation Security Solution
MarketingArrowECS_CZ
 
Step by-step installation of a secure linux web dns- and mail server
Integrated Circuit Design Research & Education Center (ICDREC)
 
Rabbit mq簡介(上)
共和 薛
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
Matt Dunlap
 
Campus
MarketingArrowECS_CZ
 
Отказоустойчивость с использованием Cisco ASA Clustering
Cisco Russia
 
The Switch as a Server - PuppetConf 2014
Puppet
 
The latest developments from OVHcloud’s bare metal ranges
OVHcloud
 
Fiware testbed from hardware to openstack
Henar Muñoz Frutos
 
Dev stacklabguide
openstackcisco
 
Is OpenStack Neutron production ready for large scale deployments?
Елена Ежова
 
OSDC 2014 ONIE by Nat Morris
Cumulus Networks
 
Open Networking for Your OpenStack
Cumulus Networks
 
Differences of the Cisco Operating Systems
美兰 曾
 
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Cary Hayward
 
Cisco data center support
Krunal Shah
 
Ad

Similar to Fortinet Ansible Solution Part 2 (20)

PDF
[Cook book] ansible 4_dell emc networking
Jo Hoon
 
PPTX
Network configuration and installation of ssh.pptx
achuadithyan119
 
PDF
Dhcp
Md Shihab
 
PDF
Alta disponibilidad en GNU/Linux
Guillermo Salas Macias
 
ODP
Securing the network for VMs or Containers
Marian Marinov
 
ODT
Centos failover link
Ediga Watson
 
PDF
Configuration Firewalld On CentOS 8
Kaan Aslandağ
 
PDF
Domino9on centos6
a8us
 
PDF
2015.10.05 Updated > Network Device Development - Part 1: Switch
Cheng-Yi Yu
 
PDF
Linux hpc-cluster-setup-guide
jasembo
 
PDF
Linux router
Miguel E Arellano Quezada
 
PDF
CentOS Server Gui Initial Configuration
Kaan Aslandağ
 
PPTX
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Nat Morris
 
PDF
Installing & Configuring IBM Domino 9 on CentOS
Devin Olson
 
PDF
Tutorial CentOS 5 untuk Webhosting
Beni Krisbiantoro
 
PDF
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Netgate
 
DOCX
Kickstart
Dhananjayan Ezhumalai
 
PDF
Tópicos - LVS Instalacao Slack11
Luiz Arthur
 
PPTX
High performance content hosting
Aleksey Korzun
 
PDF
install CentOS 6.3 minimal on Hyper-V
Tũi Wichets
 
[Cook book] ansible 4_dell emc networking
Jo Hoon
 
Network configuration and installation of ssh.pptx
achuadithyan119
 
Dhcp
Md Shihab
 
Alta disponibilidad en GNU/Linux
Guillermo Salas Macias
 
Securing the network for VMs or Containers
Marian Marinov
 
Centos failover link
Ediga Watson
 
Configuration Firewalld On CentOS 8
Kaan Aslandağ
 
Domino9on centos6
a8us
 
2015.10.05 Updated > Network Device Development - Part 1: Switch
Cheng-Yi Yu
 
Linux hpc-cluster-setup-guide
jasembo
 
Linux router
Miguel E Arellano Quezada
 
CentOS Server Gui Initial Configuration
Kaan Aslandağ
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Nat Morris
 
Installing & Configuring IBM Domino 9 on CentOS
Devin Olson
 
Tutorial CentOS 5 untuk Webhosting
Beni Krisbiantoro
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Netgate
 
Kickstart
Dhananjayan Ezhumalai
 
Tópicos - LVS Instalacao Slack11
Luiz Arthur
 
High performance content hosting
Aleksey Korzun
 
install CentOS 6.3 minimal on Hyper-V
Tũi Wichets
 
Ad

Recently uploaded (20)

PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
Ethics in Information System - Management Information System
faizhossain3
 
Funds Management Learning Material for Beg
NKKumar16
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 

Fortinet Ansible Solution Part 2

  • 1. FortiNet/Ansible solution Part 2 Presented by: Salim Haniff (shaniff@parabellyx.com)
  • 2. INTRODUCTIONINTRODUCTION Second of 4 in the lecture series Set up 2 CentOS servers on VLAN_100 and VLAN_200 Verify that they are able to communicate as instructed by firewall policy
  • 3. BACKGROUNDBACKGROUND Our FortiGate Appliance was configured via Ansible to create VLAN_100 and VLAN_200, and firewall policies This ensures network separation between Dev and Prod environment Separate servers will now need to be installed in the respected zones
  • 4. WHY CENTOS?WHY CENTOS? Free alternative to RedHat Enterprise Linux Lots of information online to help troubleshoot issues Easy to implement VLAN, network bridges and VMs
  • 5. SETTING UP CENTOSSETTING UP CENTOS The installations for both the Dev and Prod servers used a minimal installation Ensures we don't have a lot of packages on the servers We need to disable NetworkManager since it sometimes conflicts with network setting $ sudo systemctl stop NetworkManager $ sudo systemctl disable NetworkManager
  • 6. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER All network configurations are stored in /etc/sysconfig/network-scripts/ To find which interface is active run Here we can see interface enp3s0 is our main network interface Backup the configuration $ ip a $ sudo cp ifcfg-enp3s0 $HOME/
  • 7. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER We will now install the libvirt package to help us bring up a virtual switch and help with launching VMs. $ sudo yum -y install libvirt $ sudo systemctl enable libvirtd $ sudo systemctl start libvirtd
  • 8. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Change the settings of the ifcfg-enp3s0 file to reflect the changes below BOOTPROTO="none" DEVICE="enp3s0" ONBOOT="yes" TYPE="Ethernet"
  • 9. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Create new file called ifcfg-enp3s0.100 . This denotes that this interface will use VLAN_100 Notice the we added the parameter BRIDGE, this will tell the virtual bridge to use this interface as the uplink to the network. DEVICE="enp3s0.100" BOOTPROTO="None" ONBOOT="yes" VLAN=yes BRIDGE="virbr0"
  • 10. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER Create a new file called ifcfg-virbr0 . This is the virtual network bridge configuration. DEVICE="virbr0" BOOTPROTO="static" ONBOOT="yes" IPADDR="10.1.1.2" PREFIX=24 NETWORK=10.1.1.0 VLAN=yes GATEWAY=10.1.1.1 DNS=8.8.8.8 TYPE="Bridge"
  • 11. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON DEV SERVERDEV SERVER One final setting that needs to be configured is loading the 802.1q kernel module that enables VLAN. To enable this module, enter the following command: Now reboot the server and check that the server comes up. $ sudo sh -c 'echo "8021q" > /etc/modules-load.d/8021q.conf
  • 12. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Exact same procedure that we did on the Dev server This time our main network interface is enp2s0
  • 13. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-enp2s0 TYPE="Ethernet" BOOTPROTO="none" DEVICE="enp2s0" ONBOOT="yes"
  • 14. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-enp2s0.200 BOOTPROTO="none" DEVICE="enp2s0.200" ONBOOT="yes" VLAN=yes BRIDGE="virbr0"
  • 15. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER Settings for ifcfg-virbr0 DEVICE="virbr0" BOOTPROTO="static" IPADDR="10.1.2.10" NETMASK="255.255.255.0" GATEWAY="10.1.2.1" DNS1="8.8.8.8" ONBOOT="yes" TYPE="Bridge" VLAN=yes
  • 16. CONFIGURING THE NETWORK ONCONFIGURING THE NETWORK ON PROD SERVERPROD SERVER One final setting that needs to be configured is loading the 802.1q kernel module that enables VLAN. To enable this module, enter the following command: Now reboot the server and check that the server comes up. $ sudo sh -c 'echo "8021q" > /etc/modules-load.d/8021q.conf
  • 17. VERIFICATIONVERIFICATION Now both of our servers are now configured. We need to test them. With your workstation, set the network device to VLAN_200 and try to ping 10.1.1.1 and 10.1.2.1 Now try to ping 10.1.1.2 and 10.1.2.10 Finally, try SSHing to both of those boxes
  • 18. WRAPPING UPWRAPPING UP We now have a dev and prod servers running on their own network Our workstation is now able to communicate to both of them In the next tutorial, we will install Wordpress on both the Dev and Prod servers. If you have any questions or feedback, please reach out to me ( ) or our staff. Contact info will be provided below. shaniff@parabellyx.com