#SDN #Routing #Switching #Firewall #NAC #Proxy #Mail Gateway #SDWAN

http://www.certprepare.com/vlan-access-map

What is VLAN Access Control Lists (VACL) used for? VLAN Access Control Lists (VACL) can be used to filter traffic within the same vlan Scenario Suppose a host is connected to VLAN 2 and we are required to drop all telnet traffic within VLAN 2. Configuration Make an access list to match telnet traffic Router(config)#access-list 101 permit tcp any any eq telnet Create VACL using the above ACL. Drop telnet traffic and forward all other traffic Router(config)#vlan access-map VACL_ACL 10 Router(config-access-map)#match ip address 101 Router(config-access-map)#action drop Router(config-access-map)#exit Router(config)#vlan access-map VACL_ACL 20 Router(config-access-map)#action forward Router(config-access-map)#exit Router(config)# Apply VACL to VLAN 2. Router(config)#vlan filter VACL_ACL vlan-list 2 Thats it for the configuration. If everything is configured properly, telnet traffic should be dropped within VLAN 2

config system modem set status enable end     diagnose sys modem wireless-id   you should get something like this: vendor: 0x12d1, product: 0×1003, registered: yes      set status enable set pin-init '' set network-init '' set lockdown-lac '' set mode standalone set dial-on-demand enable set idle-timer 5 set redial none set holddown-timer 60 set connect-timeout 90 set wireless-port 0 set phone1 "#777" set username1 "internet" set passwd1 **** set extra-init1 '' set peer-modem1 generic set ppp-echo-request1 enable set authtype1 pap chap mschap mschapv2 execute modem dial     If you are using the web interface of your FortiGate device, when you enable the modem interface you will get Modem option under System > Network section on the left side menu. You can set up some of the options, like phone or Extra Initialization String there too. Also

With the RPF function the Firewall checks if the packet comes in the firewall on the correct interface and does not try to spoof the address. For example in a DMZ network a packet coming in the dmz interface of the firewall and has a source IP from the internal network is spoofed. The firewall should not allow it. RPF is enabled by default and cannot be disabled, but can be set to strict. Strict RPF is disabled by default. If it is set to loose it does not look for best match route only if there is a route. With strict it checks the Forwarding Information Base (FIB). If it is set to strict it look for best match route. for more info see RFC 3704 . Used Version: v4.0,build0521,120313 (MR3 Patch 6) firewall (root) # show full-configuration system settings config system settings set comments '' set opmode nat set bfd disable set utf8-spam-tagging enable set wccp-cache-engine disable unset vpn-stats-log set vpn-stats-period 0 set