1 00:00:06,180 --> 00:00:12,000 Hello and welcome to this lecture in this lecture we're going to talk about the lab topology and session 2 00:00:12,000 --> 00:00:13,230 goals. 3 00:00:13,230 --> 00:00:19,170 So first of biology we have now in front of us talks about the real world network design. 4 00:00:19,950 --> 00:00:27,480 So Esper fortnight documentation you'd have to have both 48 firewalls configured in between a pair of 5 00:00:27,480 --> 00:00:28,460 switches. 6 00:00:28,620 --> 00:00:32,250 And this is the recommended and needed design. 7 00:00:32,250 --> 00:00:37,130 Now let's first now talk about what is what are this red and black lines. 8 00:00:37,200 --> 00:00:42,150 So you see here that management traffic is outlined in red and they are playing traffic. 9 00:00:42,150 --> 00:00:44,200 It's outlined in black. 10 00:00:44,760 --> 00:00:48,970 So in a real world scenario you do separate you. 11 00:00:49,080 --> 00:00:55,020 I mean as a design you basically do separate things related to data plan and management traffic. 12 00:00:55,920 --> 00:01:05,490 So you'd have a management switch and this switch would connect to each of the active equipment in your 13 00:01:05,640 --> 00:01:12,390 topology then the management station will connect to the management B.C. and this way you'll have an 14 00:01:12,470 --> 00:01:15,740 out of band connection to each of the equipments. 15 00:01:15,750 --> 00:01:22,070 So for management now we will not implement this in Genesis 3 software. 16 00:01:22,560 --> 00:01:28,110 So when trying to build a topology so that you can practice along you can practice every every topic 17 00:01:28,110 --> 00:01:29,080 in this course. 18 00:01:29,370 --> 00:01:35,990 And we are not doing this not because it's not possible but because resources on our PCs are limited. 19 00:01:36,000 --> 00:01:37,110 So they are not infinite. 20 00:01:37,110 --> 00:01:41,970 So we we have to save you in memory. 21 00:01:41,970 --> 00:01:44,790 So for this for this reason. 22 00:01:44,970 --> 00:01:45,840 What are we. 23 00:01:45,840 --> 00:01:49,270 What are we going to do is the second option. 24 00:01:49,440 --> 00:01:51,680 So let's erase the board now. 25 00:01:52,170 --> 00:01:54,710 And here is what we'll do. 26 00:01:54,930 --> 00:02:03,930 So by default all of the 48 firewalls not the small ones will have management ports so dedicated management 27 00:02:03,930 --> 00:02:11,640 ports where you will use in a real war scenario again the information in the previous slide in the previous 28 00:02:11,820 --> 00:02:12,960 topology. 29 00:02:12,960 --> 00:02:18,900 Now in our case because we are trying to build this on Janus 3 so that we can practice we will use the 30 00:02:18,900 --> 00:02:24,880 same port both for management and data plane traffic. 31 00:02:24,900 --> 00:02:26,820 And here is basically what we'll do. 32 00:02:27,300 --> 00:02:36,630 So on port one we will configure the uplink so an IP addressing so that it connects to the Internet. 33 00:02:36,630 --> 00:02:44,220 And when this is successful we will move on to the next one port to put one is facing the land and this 34 00:02:44,220 --> 00:02:47,950 will represent basically the default gateway for the land. 35 00:02:47,960 --> 00:02:56,470 P.S. We will configure here again the the IP addressing and we will test connectivity up to port to. 36 00:02:56,490 --> 00:03:03,810 Now after this is successful we will have to provide the door to configured to say so the bridge between 37 00:03:03,810 --> 00:03:10,680 these ports so that the land b c can connect to the Internet and we will do this by implementing net 38 00:03:10,750 --> 00:03:17,690 so network address translation on the 40 gate firewall when this is done you will see that the land 39 00:03:17,700 --> 00:03:25,470 P.C. will be able to access the Internet and it will test this with ping and also an HDTV session will 40 00:03:25,470 --> 00:03:29,480 browse a Web site or something like that. 41 00:03:29,550 --> 00:03:38,370 Now coming back to the course topic when this is when everything is working we'll have to move on and 42 00:03:38,400 --> 00:03:40,960 implement the H.A. cluster. 43 00:03:40,980 --> 00:03:44,500 So the high availability cluster and we have two options. 44 00:03:44,550 --> 00:03:52,510 Option one it's active passive and this means that only 148 will will forward traffic. 45 00:03:52,560 --> 00:04:00,630 So from from the land to the Internet and back and when this fails the slave 48 will take ownership 46 00:04:00,630 --> 00:04:11,970 of this for the role and will will make it that the land P.C. will not see basically any packet drops 47 00:04:12,090 --> 00:04:17,620 or if the if there are any packet drops there will be significant. 48 00:04:17,760 --> 00:04:25,860 The second option is the active active and this means that both of the firewalls were will forward traffic 49 00:04:26,880 --> 00:04:28,080 to the Internet. 50 00:04:28,110 --> 00:04:35,040 So this one and also this one will still have and you will see this in the in the graphical user interface 51 00:04:35,580 --> 00:04:42,290 that one is considered master and the other the other one is considered a slave but in terms of session 52 00:04:42,300 --> 00:04:51,210 forwarding there will be two of them doing this or even more if if we install more than two 48 firewalls 53 00:04:51,900 --> 00:04:59,790 now something that I haven't talked about up to this point it's this port three port four on both of 54 00:04:59,790 --> 00:05:08,840 the firewalls these two links and basically the HRA the high availability heartbeat links. 55 00:05:08,840 --> 00:05:16,450 So when configuring the cluster between these two for Gates they will start to forward packets on this 56 00:05:16,450 --> 00:05:17,900 specific links. 57 00:05:17,900 --> 00:05:25,460 And when the other 48 will see the packets they will try and negotiate the cluster if everything is 58 00:05:25,460 --> 00:05:27,100 successful they will form a cluster. 59 00:05:27,110 --> 00:05:29,780 As I said in active active or active passive. 60 00:05:30,080 --> 00:05:31,620 So this will be all for now. 61 00:05:31,640 --> 00:05:35,790 And I do hope to see you in the upcoming lecture.