1
00:00:06,270 --> 00:00:12,630
Hello and welcome to this lecture in this lecture we will configure the Net policy on the master 48

2
00:00:13,050 --> 00:00:19,130
in order to have internet connectivity on the land P.C. going upstream.

3
00:00:19,290 --> 00:00:22,200
So let's use now the graphical user interface.

4
00:00:22,290 --> 00:00:31,830
I will just log in with admin and no password like before and we will navigate once the gooey loads

5
00:00:32,700 --> 00:00:36,640
to the settings system settings something like that.

6
00:00:36,650 --> 00:00:41,520
But we'll see it's self-explanatory you will see in just a moment.

7
00:00:41,610 --> 00:00:43,680
So let's go to system

8
00:00:50,960 --> 00:00:51,980
system.

9
00:00:52,010 --> 00:00:56,510
So this is the HRA where we will configure the high availability cluster.

10
00:00:56,510 --> 00:01:05,000
Now it's here in the policy and objects so click on policy and objects then go to IP V for policy.

11
00:01:05,000 --> 00:01:12,800
This is the IP for policy that will help us translate basically from private IP addressing to public

12
00:01:12,800 --> 00:01:16,620
IP addressing going forward on the Internet.

13
00:01:16,640 --> 00:01:25,040
So again I appeal for policy and by default you will see that there is a deny all policy so it's implicit.

14
00:01:25,250 --> 00:01:32,210
And if I click on it it says implicitly implicitly deny from coming from anywhere going to anywhere.

15
00:01:32,250 --> 00:01:35,100
Always action deny.

16
00:01:35,130 --> 00:01:37,540
Now the log it's disabled.

17
00:01:37,580 --> 00:01:41,400
We'll have to create a new one so I'll click this button to create new

18
00:01:44,320 --> 00:01:47,290
and first thing I have to define it's the name.

19
00:01:47,290 --> 00:01:58,680
So let's say net land Net policy I would make it all capitals so policy now what's the incoming interface

20
00:01:58,680 --> 00:01:59,250
of traffic.

21
00:01:59,250 --> 00:02:04,390
It's coming from and if you just hover over the port.

22
00:02:04,390 --> 00:02:06,970
One two three and four you will see also the IP address.

23
00:02:06,970 --> 00:02:11,760
So if you don't remember exactly or forget what's the what's the port the land port.

24
00:02:11,760 --> 00:02:14,620
You will see also the IP before address.

25
00:02:14,620 --> 00:02:23,880
So our incoming interface it's port too and the traffic is going outbound on port one.

26
00:02:24,010 --> 00:02:26,730
We will now have to define source.

27
00:02:26,740 --> 00:02:32,340
So plugging on the plus sign you will have here the available options.

28
00:02:32,380 --> 00:02:36,780
Now we have to define some some new object here.

29
00:02:36,850 --> 00:02:44,050
We could use the all option meaning all traffic coming from port one going outbound on port on port

30
00:02:44,890 --> 00:02:47,070
from Portal 4 to port 1.

31
00:02:47,080 --> 00:02:51,480
But the best way is to make it make it exact.

32
00:02:51,490 --> 00:02:55,350
So I'll create a new address.

33
00:02:55,470 --> 00:03:03,340
And the reason behind all this it's it's implemented to most if not all of the vendors is this one.

34
00:03:03,390 --> 00:03:10,290
So let's say you have a long configuration on your on your equipment and let's suppose that you have

35
00:03:10,680 --> 00:03:17,550
100 places where you have your IP IP before lan address defined.

36
00:03:17,670 --> 00:03:25,200
If at some point this LAN IP address or LAN subnet will change you'd have to make a hundred changes.

37
00:03:25,200 --> 00:03:32,280
On the other hand if you use an object like we are defining now it's it would be much more faster and

38
00:03:32,280 --> 00:03:32,690
easier.

39
00:03:32,700 --> 00:03:39,690
You will just have to define basically the change in the object where the object means a name with an

40
00:03:39,720 --> 00:03:46,520
IP for subnet assigned to it and then the change will just propagate throughout all your configuration.

41
00:03:46,620 --> 00:03:48,330
So that's the main advantage.

42
00:03:48,330 --> 00:03:57,140
So we say lan VLAN inside the type it's IP and net mask and now define here.

43
00:03:57,180 --> 00:04:06,740
This specific IP address so 1 2 16 it 100 does zero slash 24 it's coming from interface again port to

44
00:04:08,740 --> 00:04:14,580
and I would just click OK.

45
00:04:14,650 --> 00:04:19,590
So now in the list we have also another option a new one and this is the land inside.

46
00:04:19,660 --> 00:04:24,160
I would just click it and it will be added here in the source field.

47
00:04:24,190 --> 00:04:25,510
Now what's the destination.

48
00:04:25,510 --> 00:04:26,770
So where are we going.

49
00:04:26,770 --> 00:04:32,410
We are coming from the landing site and going where because we want to reach Internet like anything.

50
00:04:32,410 --> 00:04:35,940
I will just select all here the schedule.

51
00:04:36,100 --> 00:04:42,220
It's always meaning the traffic will be translated from Sunday to Saturday.

52
00:04:42,220 --> 00:04:49,270
So every every day of the week and any time start time and time means I mean highlighting that zero

53
00:04:49,270 --> 00:04:51,340
means anytime in any day.

54
00:04:52,090 --> 00:04:59,850
And I will just want to translate what service everything or specific like HDP like FTB traffic TFT

55
00:04:59,850 --> 00:05:01,010
P and so on.

56
00:05:01,090 --> 00:05:09,160
So I will select all because I won just plain on plain old internet access and if you see like here

57
00:05:10,880 --> 00:05:19,780
you will have the net being being enabled and for the IP address on the outside.

58
00:05:20,380 --> 00:05:23,980
I will use the outgoing interface address.

59
00:05:23,980 --> 00:05:27,350
This means that if we now take a look on the 48.

60
00:05:27,790 --> 00:05:38,830
So I will logging in for yet one admin and say show system interface.

61
00:05:38,830 --> 00:05:48,670
And question mark this specific IP address 172 that 16 that 1 0 9 that 86 will be the IP address of

62
00:05:48,670 --> 00:05:50,590
the translated traffic.

63
00:05:50,590 --> 00:05:59,200
So every single user on the land will reach Internet by using this IP address everyone will be translated

64
00:05:59,200 --> 00:06:00,550
to a single IP address.

65
00:06:00,550 --> 00:06:06,130
And that's of the outgoing or outside interface address.

66
00:06:06,130 --> 00:06:11,800
So let's see if there are any other important important sets set up here.

67
00:06:11,800 --> 00:06:13,420
So security antivirus.

68
00:06:13,440 --> 00:06:14,600
No.

69
00:06:15,160 --> 00:06:15,790
Very important.

70
00:06:15,790 --> 00:06:18,070
I will enable this policy by default.

71
00:06:18,080 --> 00:06:20,010
It's enabled and I will live in this way.

72
00:06:20,050 --> 00:06:20,980
And I will just click.

73
00:06:21,010 --> 00:06:21,450
Okay.

74
00:06:23,820 --> 00:06:27,530
We can see now that we have two policies here.

75
00:06:27,540 --> 00:06:30,280
So this is the sequence number this is 1 in 2.

76
00:06:30,450 --> 00:06:32,690
We have the implicit deny by default.

77
00:06:32,700 --> 00:06:36,240
And now we also have a land not policy.

78
00:06:36,240 --> 00:06:43,230
So if everything is okay the users from the from the inside land should now be able to reach Internet.

79
00:06:43,920 --> 00:06:47,070
So thank you for your time and I'll see you in the next lecture.