Networking

In this post, we are going to discuss how to add a VLAN to a hardware (sometimes referred to as physical) switch or interface on a Fortigate. It is worth noting that I actually do my testing on a FortiWifi, so I can assure you that this also applies there too. I will be focusing on the configuration which is relevant to FortiOS v6.0 and above, so your millage vary between versions. However, you need can usually be found over at the Fortinet Handbook: https://docs.fortinet.com/product/fortigate/6.0. ...

A short and sweet problem/resolution. If you are looking to enable subnet overlapping on a Fortigate so that you can give multiple interfaces an IP in the same subnet, this is the post for you. NOTE: This feature can only be enabled in the Fortigate’s CLI. To enable the overlapping feature, enter the following commands: config system settings set allow-subnet-overlap [enable/disable] end What is subnet overlapping? Subnet overlapping is disabled by default in fortiOS and for good reason; if you misuse subnet overlapping it can cause massive routing issues for your clients and their traffic. Subnet overlapping lets you apply IPs from the same subnet (e.g 192.160.1.X/24) to multiple interfaces that are not in the same virtual/physical switch. ...

If you are unfortunate enough to have to deal with double NAT on your gateway then you might know the troubles surrounding portforwarding or VIPs. Here is a quick how to guide for setting up a port forward on a Forgate where double NAT is inplace. Case Study – Plex port forward Plex is a great tool for managing your personal media collection and it gets even better when you enable a port forward to let you access this collection from anywhere in the world. Whilst Plex ahve made a number of changes to allow you to reach your contect via a relay server, the best way to access your content from outside your LAN is by using a port forward. ...

This is a local DNS server for local DNS requests. This post is going to explain the why and how I created a local DNS server in my home network environment. I used the PiHole project to make a network wide advert blocking a reality. https://pi-hole.net/ I have previously created a DNS server using Bind, running on CentOS 7. Thankfully digital ocean came to my rescue with some of the config in this home lab project, so be sure to check out their guide if you are looking for slightly higher level DNS setup: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-centos-7 ...