100% Real Fortinet NSE4 Certification Exams Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate.
Fortinet NSE 4 - FortiOS 7.0
Includes 106 Questions & Answers
Download Free NSE4 Practice Test Questions VCE Files
TitleFortinet NSE 4 - FortiOS 6.4
TitleFortinet NSE 4 - FortiOS 7.0
Fortinet NSE4 Certification Exam Dumps & Practice Test Questions
Prepare with top-notch Fortinet NSE4 certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All Fortinet NSE4 certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.
So first of all, we will create a topology like this one. We will create three different villains. It's up to you, you can create 100 million this way. But in my case, I will create three different villains. Villain ten, villain 20 and villain 30. These are all in different subjects. Net, this is the ten range, this is the 20 range, this is the 30 range, and this is a switch. So we'll make three villains in the switch (the Cisco switch) and assign them to the VLN. Villain ten, villain 20 and villain 30. Here we will make these ports into a trunk. On the Cisco side, we will make them a trunk, and on the other side, we will create a VLAN automatically; it will become a trunk. And here we want to achieve that. All the PCs reach the Internet even though they are in different VLANs and are using only one interface. We will assign 1020 and 30 to each interface and subinterface we create. not a subinterface, but basically a Vlane. Okay? Then we will face some issues. So we will say, why not combine all these in one zone? So two things we will cover in this one: smart topology related to the interfaces; and So let's go to the label. Okay, so let me remove it. Let's do it from scratch. OK, so let's take a firewall from here. This is my external firewall; please allow me to take a net cloud. Okay, so this is my internet for going outside. Okay. Now I need a Cisco switch. So this is my Cisco switch, properswitch, and it is refusing to let me switch. Now I need three different PCs. So let me take three clients on as a client.So this is my client one, this isclient two, and this is client three. Okay? and it's pitched to make it here. Here we go. That's what we need for management. I will use this one, by the way; you can attach a new management that I show you. But to make them more simple, I will also use the Internet as a management as well.Okay, it's up to you. Let's do connectivity. The net will be connected to one where CP is enabled by default. Two will be connected to zero interface ofCisco switch and zero one, two, PC one. Okay, we need to go over these interfaces in depth and zero two. Let me know what we will do because it will take time to start this one. So for this zero-two interface, we need this interface detail. Okay? and the last one is 22 PC 3. Okay, it's the simplest thing that we need. Okay, now we need subnets 192, 168, 10, and 124; that's PC one IP. Okay? And our PC has two IPS, with 20 different subjects. Keep in mind 22 because it's a PC two,so it will be more good to give them. You can give any range, by the way. And the answer should be 30 and three. Okay, and this year we'll assign two: one for the main R, which should be 100. Okay, I mean this interface. And outside, we already know our outside interface is for this one DNS. Definitely we will use eight DNS. The other thing we have is simple topology. But here, this interface Every weekend we will assign a different by the way.So let me do one more thing on VLAN 10, which is to type this one as well. And this should be VLAN 20. And suppose this one is something else, like HR or something. And this should be so; these are the details, by the way, of the VLAN IP address. Okay done. Now first thing, let me flip the switch to configure three villains. But I also need to assign these IP addresses to PC 1. So it's better to assign them one by one. Choose all three PCs. Right-click and go to edit configuration. So PC three has been open. You have to watch this one and this one. So we settle on PC 3. Remove the hash up to this point (30) and replace it with three. And the gateway will be 3100, as will the DNS. Keep in mind you have to type it in; otherwise, it will not work with the internet on this PC. It should be edited and controlled by A and C. So 33, 3100 gateways, and subnetmar So please allow me to save it; it will open two windows. So control A, control V, just change this to "two." This should be two. This should be a control C save of 20. And the last one is PC 1 control (nCTRL V) changed into ten one and ten 100. That's it. So these IP have been assigned. We can now do what we want on this PC. By the way, this docker Okay. Now we get to the switch. Let's finish the switch part. Here we will basically create three VLANs. So let's set aside the switch part. Navigate to switch configuration VLAN 10, name it VLAN 20, and label it sale. VLAN30 name it HR three VLAN created. Now assign the interfaces' interfaces. An XSVLN is a 10 x 2 switchport. This one goes to villain 20. Sorry. And the final interface is three. This one. And this one will go to VLAN 30. Now this 10 which is connected to the firewall interfacee zero zero switch port trunk and cancellation one Qand switch port mode trunk and not shut down. It should be tracked to carry all the traffic. Now we need to verify something. show will end briefly. So now zero one is in itzero two in sales and zero three. And this one, and VLAN 30. And another thing: show IP. Show the trunk interface. Show the trunk interface. So this one is a trunk. So everything is okay, right? Everything is done via switch. This the part only we need to do PC has been done. Now coming to the main thingwhich is our 40 gate firewall. So what I need to do, right click on this one, goto console, find out the IP so that we can access it. So let's click on this one. Okay. And first of all admin type enter newpassword 123-1230kay show system interface question mark. This is a good idea that we should put into practice. Now go to and type in any browser. It's up to you. Admin and 1230kay. Great. So now what I need to do first is change the name. It's asking all the time, so change. Okay, so now coming to the interface is we done. You always have to follow these steps. So the first step is network interfaces. Now go back to interfaces. Port One is my van interface. Click on plus icon, click on when port one and givethem a name when so they know either internet make theIP manual either let's use this TCP it's not necessary. And leave these things alone because we're using them for management as well. Okay, that's it. So this interface is done when my second interface is on this one port too. So let's go to port two and give it the name Len and assign an IP. We decide to assign IP address 200. Let me copy this one and assign 24 and at least allow ping on this interface. Now comes the part where we configure three different networks to connect to the internet. So what I need to do is to create interfaces. Okay? And then enter "villain" ten times so I know which interface this is. For this one, you can give any name; by the way, it's not necessary. Again, here I will type: What are VL and 10 for? This is it. So let me give them alias it andtype here VLAN interfaces select land because it is linked to LAN and Vlad. This is very important. Switch typing that vlnid you provided here. So we give them ten. It will be distinguished by this one. Keep in mind number ten. So VLAN ten aliases It's going to create a VLAN that is connected to Lane. Okay and which IP I assign. So we decide because the gateway for them is here, I will type "ten hundred," and the gateway for them is 2000. Okay. The gateway for 30 should be 300. So let me copy this one, and I will say that the IPS ten-124 is the subnet mark. Either 25525 five is up to you and wishing at leastping to be loud so that I can test them. We will see the administrative exercise What is this? Are these details? So I make a VLAN 10 and press the button. Okay, so now you see under land there is a VLAN. It's working on land. Let me create a new interface. Okay. And here I will say $20 was for sale. The interface type is again len two, and the address should be 20 land and the IP address should be 20 dot 24. Let me copy so that we can paste them easily. 20 dot 100 and ping have to be loud so we can test the connectivity. Okay, if we check again so underline there aretwo more villains, it's coming under this one, let'screate a third one and so on. In this way, you can create as many as you have in your lane. So VLAN 30 and VLAN 30s are for HR; I believe we are HR. Interface is again having trouble with this one, and this should be 30 and the IP should be gateway 30. I know that ping has to be allowed in the picket Internet group, I know.Okay, so now we can see that we have three interfaces. Again, we have to follow the other step. DNS has to be configured. So let me quickly configure DNS again. Next, we will do the same thing for DNS. We will discuss DNS in detail. Okay, so don't worry. Now we are doing interfaces, and okay, again, we need a steady crowd. So create a steady crowd for anything. Gateway is 192-168-1142, which I told you, so don't worry about this one. Anyway, it's specified that this one is done. Now, coming to the part on policy, which we just completed, Yeah, we need this at least. a quick question. When it comes to the land, we assign the IP address on the physical interface. Yes? Okay, it's a good question. By the way, keep in mind that something it doesn't require, but I assign it, basically, is asking this question, but it's a good question. He mentioned the lane at this point. So the physical IP of the lane I assign is 200, which does not belong to any VLAN, and IPS 10. So I assign those years to that gateway villain: 20th, 2000, and 3100. So, you know, in Ciscoswitch when we create subinterfaces, we normally do not assign anything to the physical interface, the main interface, but when we are creating subinterfaces, we are signing Ipdlalso in palowto forwardwall when you are creating. So you do need to assign any IP to the main interface, but in 40 GATE, it's up to you. If you want to remove this one, it's okay. This is just for real connectivity. If anyone wants to check lane management or anything else. So you can use this IP. You just need these three things. Okay, thank you. This was your question, yeah? Yes, sir. Thank you. Okay, so now the last part within the static crowd, OK? It means that if there is a steady crowd, I can reach from here to outside and execute pinga. So yes, I can go outside, but I can't go outside because inside I need a policy. So let me go to policy. An object IP for policy has an implicit deny. Now there is a question. What I will say is "incoming interface." Look at it says lane. Lane is a separate one. Not these are these are separate. So it means I need three different policies. One, two, three and then I will say goto when, go to when, go to when. So why not? Is there any way to combine them and work as one? Yes, and that method is called Zone, which I was talking about to combine them. So it means we're doing two labs together, the Vine one and Zone One, to bring you together. So zone means that it will group physical interfaces that belong to the same category, in my case, villains 110-30. So rather than create three different policies, it's showing me three different I will say it to Van, then I will say sales to Win. Then I will create a third policy, HR to win. It's a headache. I'm not doing anything. So let's go back to the interfaces to make them more easy. Go to interfaces and click on "Create." We had interfaces, there is a zone and givethem suppose land zone, any name you like. It says block intra zonetraffic intrazone and enter zone. You remember it from Palo Alto. Intrazone refers to these bad guys. If I block intra-zone traffic, these will not be reachable from each other. This one to this, this one to this, and this one to this and that Because they are coming in intra zone, same zone. So even the PC will be not reachable.They will be reachable if you say this one blog in ZoneTraffic I Disconnected. I'll show you who the member is anyway. So. Len it sale and HR. I combined them all, and you can give them any comments if you like. zone is ready. Now, this is another thing. So land we all are working underhere and there is a zone. Zone. We have these four interfaces working together as one group. Now go back to the policy user. I have a question. How do you place the land interface? Yeah, I put the land here; these are the main interfaces. So I put them in this group as well. It's up to you if you want to remove it's.Okay, it will still work. Okay, yeah, but I make them all the physical ones, and, you know, the logical one is shown by this icon. So I say group all together in one because I want to apply all the policies at once on a four-interface system. Basically, three of them are logical and one of them is physical. Okay, so if I go back to the policy IP for policy and now let's create a policy and let me say, "Let me give them all everything," it's up to any name. And now, incoming interface. Examine land zones and land zones. Basically, these four interface members are coming from land, sales, and HR, and they are going outside the source. can be anything, any destination, and any service right now; they will be accepted as native. I want to use and record all the stations, and okay, that's done from outside. Everything is done properly. We use Zone, and the other thing we use is VLAN to utilize.Now let us check out. So let me go to PC One and generate some traffic. Let me go to Facebook if it means everything is working properly and we have configured everything. Yes. It's going on Facebook. Let me go to PC One. PC Two. Let me generate it for Twitter. Does PC Two go to Twitter? Yes, it's going to Twitter, and let me go to PCThree, which is NVLN 30, and let me go to Amazon. Okay, so all three are showing you Twitter, Facebook, and Amazon, and all three are using this one interface and going out. How do we know this? So, if you refresh this one again, okay, not showing from here, let me refresh from here. Then we'll have traffic. Because we only have one policy, which we created. So 13.34 MB was definitely used to implement this policy. Let's go to our dashboard. top lanes and the DMZ. It should be three different PCs from Source. top source should be okay. It's not showing. It will take some time. So let's go until we get back to 40 view source. There will be three different fromthree different 30, ten and 20. Okay? And then destination. They went to different destinations: they went to Google, they went to Amazon, and they went to Twitter. And only one policy is being utilized, which is everything and all sessions. This is all the record shows. if you want to see DNS and whatever they use them.You can also see forwarding traffic in the log and report. So here you will see 33 and 22. You can filter them as well. If you say just show me, you will see a lot of detail anyway; the destination that I want to see is the source IP, by the way. So let me go to the source IP. It's better to type it source. Okay. And you can type the IP ten so it will show youonly ten traffic if you want to see 22 traffic, so 22traffic, that means all three piece of traffic is there. And now let's go back to dashboard and top lens in. So it will be here now. I hope it will sometimes take time. has come up. So, 1020, 30 and these are their destinations, okay? And we utilise Zone as well. We make them a zone based on how the zone works. So there are two things we talk about in this, so let me go back. Wednesday zone, we'll set up a VLAN; let me know if I missed anything. We create zones. We apply with DNS. Definitely. You need a DNS. Okay? And yes, we see the traffic is the only thing I need. Okay,
Another thing related to interface is one-arm snipping. What is one-arm arm snipper?As I previously stated, if you want to use your 40 gate for a while as IDs, simply generate the report. By the way, we normally be used for tigate analyzer, where there is a login application which we will discuss at the end, but we can also use a 40 gate firewall, so whatever traffic is coming, one copy will go to the 40 gate firewall, just like we did in firewall two firewall. So for this purpose, we are using one arm snapper, so let's do it how we can. So, okay, let me take one switch for this purpose, and from here, let me take one bedroom as a client, and what I need to do, let me take an internet firewall. let me connect them to the connect them to the netcloud here is cloud this is the management cloud okay Iwill change it so this is management so I can takemgmt all right click on this one config show special interface choose Lubric in my case I choose Lubric you can useany interface and Lubric and connect it to here okay. By the way, it's better to work on this one and do the rest of the thing with zero slash. Two interfaces are connected to the switch zerointerface we need these interfaces so let me make them visible my PC is connected to one okay and here zero twois connected to the internet okay now what I need todo first I need to assign any IP for the managementso management we are using my loopbake interface and my loopbakeinterface IP is three range which we just use it ifyou remember three one so I will assign 300 okay andlet me on the switch as well and for PC letme stop it and right click go to edit configuration andenable DHCP this time because it's connected direct to this netcloud it will get automatically IP so no need to applyanything it will be make more easy otherwise you can assignstatic IP as well by the way that's it so letme check if this one is enabled first to this oneso console otherwise we will configure switch first so let mesee if starting now so better to go to switch andthe switch I need to configure a session you know thetape mode which we call them monitor you already done inCisco switch so what I need to do in Cisco switch go to configuration and type which we call them monitor sessionone like that monitor session give them any number by therest of this is my source which I want to tapthem interface one both direction means in interffing coming or outgoingso this is the first command I type monitor session onesource interface is one anytime in coming from PC in orout second I will say DC destination I want him topush them to 48 firewall. 40 gate firewall is working like ideas because it willnot stop them anything if it is wrong or good. So the interface is zero; that's it. This was the only thing on systems, so the switch is done. Now go. Coming to 40 gate here, I just say "monitor anything incoming or outgoing" and "forward one copy to e zero slate zero," and I'm connected to the 40 gate firewall and port 2, but going to port 2 first, I need to do something." It meant there was no password. Enter one, two, three, one, two, three, okay, and configure the system interface, which is interface edit port one. Okay, and set the mode to static because it's ehttp by default, so it won't accept IP statically, and set IP192:160 to 324 okay, and everything is already permitted. No need to allow. Suppose http https ping SSH tenlet and tofinish this one show system interface question mark. Now I have 300 configured because this time my topology has changed. Now let's hear and type and enter. If everything is okay, it will come up here. I don't need any more changes. Anything else? All that remains is to port a snipper. That's it. Keep in mind that in a Cisco switch, this port is in monitoring mode; if I check show interface zero issuing down in monitoring state, we call it monitoring state, and it's used to monitor this interface. It will not be used for any other traffic. So it will push whenever my PC one lets me see if my PC one is working or not. First I need to check: can I go to Facebook? Yeah, it's his two because I get the IP automatically this time because I use DHCP. If you want to check, let me show you that config one is at 4200 and I can reach the internet, so my traffic is going directly. I don't have any connection to a firewall, but you will see traffic there, and this would be called a snipper. So now let's go to 40 gateletter they say change the name. I don't need to change the name; the only thing I need to change is the network. Navigate to interface, and the interface that is connected to the switch's port two is port two. Click on this port two and changeto one arm snipper that's it. And filter if you want to apply any filter, like any specific horse traffic if you want to see it, but I say no, just any traffic security profile if you want to enable that, any antivirus web, anything, so you can use that one as well. Let me ask: we don't have any way to have all session logs generated so that I can see the logs in.Okay, now if we go back because it's like a one-arm sniffer, it's mentioned here. Okay, no need to do anything. That's it. You see there is a capturing progress nowshowing you can play them as well. If you want to capture the ticket yourself, it will go to logging as well. but here they give you a capture as well. So let me generate some traffic. Go to Facebook and let me send some pings as well. Let me go ping at Google, okay. And now if you go here, look at 2%—because what do you think is coming? When a PC connects to the Internet, there is no link here to come, but it is basically when it is time to switch. So there is a monitoring session. So we told them to send one copy to port two, not port 20, because it's connected here, and we make port two a snipper. So anything coming on this port will be snipped, and that's why it's recorded at 6%. Let me pause this ping because it's a big day that sometimes brings them down. Let me stop and download and open this in Wireshark directly, and you will see whatever their PC visits. You will see here that I use TCP, then I use TLS because I went to Google, and there will be pings as well. ICMP packet. Look at the ICMP packet because I was pinging at it, and this is my PCIP. Beside this capturing, when you go to login report there is a snipper traffic. You will see those all the time as well. Here it takes time; sometimes it's not showing quickly, but you will see after a while. Snipper traffic here is located. It says that the source was this instance of 4200, which is my PCIP. If I check to see if configuration 20-4 exists, Yes. And it went to edit for the pinned application name. and then use the HTTP browser to send and receive traffic; every detail is mentioned again here; you can download and see more detail. You can earn more detail action. You can see application category, band, channel, date, time, family, destination, group, make address, net, IP devices, and a lot more from this traffic. So this is called a snipper. And if you check here, basically if I check wireshark sowhenever PC one is going so this switch is directing samecopy here in monitor session when I told you, you cansay that only source, only the one web traffic. You can do that one as well. As well. Okay, what else do I need to tell you? Yes, this is the number, and we call them tap mode and monitor mode. and you can add purpose. But this firewall is playing roll-up. Ideas? Keep in mind sorry, ideas. Can you show me one more time that you did nothing? I just went to interface. Keep in mind I changed nothing; I only went to the interface. the interface, which is connected to the switch. I click on the interface, even more in need of IP, and just change the mode to one option. That's it. Okay, so I enable, by the way, securityprofile if you need, otherwise, no need. That and logs that I can see on the log. and the logs can only be seen. It cannot be seen from here. That was for nonstop traffic. So you will see nothing here. So you don't need to be worried that the traffic is not coming. For these special logs, you have to come here, and there is Snipper traffic. So you will see the snipper traffic here. Let's say there is only one interface. Now you see a lot of traffic. So basically, sir, at IDs and IPS, there's no need to do anything, right? If we connect IDs also no, actually I'mdoing like IDs work from 40 gate. I just want to monitor and see the traffic, not to stop. Okay. Otherwise, there are numerous things that can halt their traffic in 40 Gate. But this 40-gate is not in line. "In line is out." If I want to bring them in line and connect this one, then I can stop everything but this style, right? Yeah. So it's working like an audience. And we did the same thing in Firewall as well, right? So that's it for added and monitoring purposes. Okay.
Today we were discussing interfaces, but with interfaces, there are so many options One of them is a redundant interface. As I told you, redundant interfaces mean redundancy, so maybe one is available at a time and only one interface will be available. The other will be available if the first one isdown either it failed so then alternatively the second interfacewill start working keep in mind it's not aggregate aggregatewe will do a bit later normally such thing weuse when we are configuring HIV will do at theend either when we have maybe two three switches connectivitymaybe our connectivity has been two switches so one interfacewill connect to one switch and the other interface willconnect to other switch normally in environment or real environmentwe are using two switches for redundancy so the samewe will use redundant interfaces but these interfaces will notbe configured before maybe it is not in use andpolicy and such thing then you can use those interfacesas a retention to make them as a redundant interfacesand these interfaces will be not configured for DHCP purposeeither point to point or ethernet the link which camefrom what is called ISP okay. That's the only requirement; otherwise, you can use them normally. We use them in two scenarios. If we have a redundancy environment with many switches, perhaps distributed switches, core switches, or excess switches, and we want more than one connectivity but only one will work, we can use redundant interface either NHA, which we will do at the end, or we can go to lab and configure redundant interfaces, so from here I will take this one okay. 48 firewalls for connectivity I'm going to use net cloud for fund management, so this is my management; let me connect to port one; it will take care of itself, okay? And let me change the name to mgmt. This is management, and let's turn it on so we can do the rest of the configuration. Let me change this one to change symbols so we know this is management PC, okay? So here, let's take this one client, okay? So this is my management, okay? And this management will definitely take 192-168-1140 something from thissubnet because this is my net cloud subnet and Itold you how we can find out our subnet now coming to redundant interfaces okay, so let me take aswitch here, this is a switch okay? And we'll connect two interfaces, okay, two to zero interface, okay, 03201 interface, that's it, or maybe there's another switch, so one interface will go to one switch, and the other interface will go to another switch, which is also a possibility, but anyone let me make it easy for you, okay, that's it, and let me begin. Okay, now let's see if we can get the IP address, so right-click and go to console, and 40 gate means it's still starting. What else? I don't need to do anything that's it, we justneed to do and combine these two port number twoand three and make them as a redundant interfaces. Okay, so let's wait. What else can we do? You know how I get this IP, 192-16-8114, so you can get this IP from your net interface Your network interface is this one, VMAT eight, so this is my range. Okay, and you can also find this IP by going to VMware, then to the Virtual Network Reader, and from there you can determine your range, and your next rock will be two if you use it in the future. So let's go back yes login now to Edmundno password 12312 three and display the system interface questionmark, and this is the IP, which I need to go to any browser in your system, okay, and type the IP username, which is admin by default. Two. Okay, three, we just set this password. There's no need to change the name later. Otherwise, it will be changing this name, which is already showing here straight away.Go to network interfaces these are our interfaces, we alreadydiscuss all these things, whatever you can see here wediscuss all these stuff, this whatever these column we discuss,search, delete, edit and also we done interface zone wewill do this on a bit later. Okay? So let's go to interface now that we've completed zone. Click on interface and enter my redundant -- whatever you want to call them -- name, land, switch connectivity, whatever you want -- but change this to redundant interfaces. Okay, and which interface will take part? So zero, two, and three to two and three add those interfaces, and the role is to be LAN because it's connected to land. If you want to assign IP, it's okay, otherwise youcan leave it just like this, just allowed pink. Suppose there is an IP and you want to test it. We'll talk about this more later, as well as whether or not you want to enable LLDP. We will discuss it again LLDP a little later, that's all. This was a redundant interface, as you can see from the switch side, it has to be on so show IP interface brief so if I refresh it has to be green, so yes, it's green now and that's it. Now you can connect any PC here; if one interface goes down, the other will start working, but not both at the same time. That's the only difference in regenerated interfaces and aggregate interfaces. Okay, that's it; that's the only way we can configure topology later on if we use this one. So you have to keep in mind how we create these redundant interfaces. Right now, I'm not doing anything to them or something; it was easy to create because our topic is interface-related stuff, so I don't want to go into more detail, okay?
Interfaces—what is aggregate? Basically, L SCP when weconfigure Lsvp and Cisco switch. So here, we call them aggregate interfaces. Basically, we combine more than one interface to make them virtually one logical interface. We also refer to Cisco Ether Channel. So in this case, I have a switch. We will combine these two interfaces. On this side, we will combine these two interfaces to work as one, not like our separate ones, which we just discussed in interfaces. And we call them LHCP link integrationcontrol protocol, which is an open standard. There is a Cisco one as well. Port aggregation control protocol, which is a Cisco proprietary This one is an open standard. So on a Cisco switch, you can configure both LHCP and PAGP, but in this case, because it's an open standard, we can use them. And this is an IEEE one. Normally it's recognised by this number as well, 8023. And I already told you a story of 8023because in February 1980 these it has been recognized. That's why they give every protocol this name: 8021, ABCD, and so many other wirelessly related, cable-related, and other things. Anyway, one of them is 300 and uses the Link Aggregation Control Protocol to combine many interfaces, up to eight interfaces, to make them logically one. So one interface fails, but the other will undoubtedly work, and it will function as a logical and spinning tree interface; it will appear as the one previously discussed. Again, it has to be a DHCP or Ethernet interface, okay? And it's not to be used before in any other policy or something, so let's go there. And if I go there, I cannotcreate if I click on interface, okay? And this time, if I say where is this one aggregate, you'll notice that two and three aren't present. Why? Because it's in use, that's why I told you this was the condition. So first I need to go there, and I need to remove that one. So click on this one, okay? And there should be a reference to how I can do it because delete is not available here. Click on this reference, and this is it. Delete this reference, okay? And now when you come here, two and three Now you can delete this page. It's now neither a grade nor a deletion. And yes, so before you have to delete references, you will face this issue now with port number two, and let's see, where are two numbers? So let me refresh now. So two entry has to be released. Yeah, two entry is now available, it's notin use anywhere and reference is zero. Now I can create an aggregate. So go to Interface. Okay. And this time I will say whatever name you want to give them, choose this 18023, and click on this plus to combine which interfaces will take part. So in my case, two interfaces, minimum twois required so two and three and roleis lane again, IP address, et cetera. Just allow the ping, and OK, done. So aggregation is very easy here. Okay, so this one is done. Now I need to go to the switch, switch the configuration of the interface range, and switch sides. I have zero, zero, and zero one.So range e one denotes a combined range. I choose this one. And what you need to do switch port trunkencapsulation want to you switch for mode trunk. Okay. and then channel protocol. Protocol. There are two protocols, which I told you had a question mark. As a result, you will see Cisco proprietary LACP and PSCP. But anyway, in this case, LACP is protocol and channel group one, and mode is for LACP. If both sides are active active,it will work unconditionally it's. Okay, one side must be active, the other must be passive, but not both must be passive; otherwise, it will not work. So it's better to put here active. So the other side is already active. One of the 40 accounts is active by default. So I put here "active." In either case it will work if I put paste. So now if I check, it shows the Ether Channel. Ether Channel summary. So P now indicates that it is displaying the bundle and port channel. It means it's working lacpse open central protocoland it means I'm using as a switch. Okay, you can use them as both a router and a layer two switch. And U refers to this one and its application. So I'm using the ether channel as layer two. You can create as a layer three as well. and both are supported in 48 as well. These two are both taking part. And P stands for and bundle. It means it's working. There is no issue; there is nothing. If I disable one interface, then it will go to W or something. Okay. So LACP is working. Another command to check LSCP: show LACP is some other command, show the LSCP one. So I need to type Niber is better. So this is My, which is the inverse of 48 8511. And if I go back to 40, gate firewall and refresh. It has to be green now. And our port channel has been configured on both sides of LACP. So here I combined ports two and three. On the other side of the Cisco switches are zero and one. That's why it's showing me the port channelis up and there is no issue. If there is an issue, it will show you some other. You can use this page to figure out what the problem is. So this is called LACP and FortiGate. We call them "support aggregation" aggregate interfaces. And we can use them to combine many interfaces into a logical one. How logically one? If I say a show that spans three wheels and one, So here is a port that works as one. There is no which interfaces weare using zero and zero one. It's not here anymore because zero one and zero two are working as a port channel, so it's combined logically. It will not be like the other one. Okay, and that one. All interfaces will be shown separately in the Cisco switch, which I forgot to show you, but in this case, it will be a logically working one. So yes, in case if you're need toconfigure LACP link integration so you can usethis technology, these features interface and combine theinterfaces they said so easy to create.
ExamCollection provides the complete prep materials in vce files format which include Fortinet NSE4 certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to Fortinet NSE4 certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.
Fortinet NSE4 Video Courses
Top Fortinet Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from firstname.lastname@example.org and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.