Open in app

Sign in

Write

Sign in

Simulasi FORTINET dengan EVE-NG

Budi Wibowo
6 min readDec 27, 2023

--

BAB 1. INTALASI DAN SETTING VM EVE

Download bahan-bahan nya

https://bit.ly/labeve

  1. Install VMware Workstation
  2. Setting IP di VMware Workstation
  3. Download Offline EVE-NG Community installation Full ISO

https://www.eve-ng.net/index.php/download/

3. Install ISO ke VMware Workstation

https://www.youtube.com/watch?v=JduSCK-gFvg

Setting Network VMware
Setting Network VMware

5. Jalankan VM EVE

tes ping 8.8.8.8

untuk akses via web IP nya 172.16.64.8

6. cek IP di PC utama

di ketahui :

IP : 172.16.64.0/29

172.16.64.1 (Bridge ke PC utama agar bisa internet)

172.16.64.2 (NAT Gateway yang menghubungkan Net VM ke PC Utama agar bisa internet)

172.16.64.8 -172.16.64.14 (IP DHCP yang konek ke network NAT)

BAB 2 COPY IMAGE KE EVE-NG

  1. Buka Winscp masukan IP 172.16.64.8
  2. copy bahan-bahan nya

3. jalan fix permissions di vm eve

opt/unetlab/wrappers/unl_wrapper -a fixpermissions

BAB 2. TES INTERNET DI EMULATOR EVE-NG

  1. tambahkan node windows dan start windows

NOTE : jika node tidak jalan, enable Hyper-V dan disable Memory integrity

tes ping detik.com sudah bisa internet

sudah bisa sharing folder ke PC UTAMA

BAB 3. BASIC FORTIGATE (add emulator Fortigate)

  1. Add note fortigate -> save -> start

2. setting IP static pada PORT 1 sebagai WAN

SETTING IP FORTIGATE

config system interface
edit port1
set alias INTERNET
set role wan
set mode static
set ip 172.16.64.3 255.255.255.240
set allowaccess ping https ssh
end

SETTING DNS

config system dns
set primary 172.16.64.2
set secondary 172.16.64.2
end

3. Akses fortigate 172.16.64.3

4. Setting Route

Network -> Static Route → Create New

masukan IP 172.16.64.2

Interface : Port 1

Tes ping via cli

execute ping detik.com

sampai sini sudah bisa internet

BAB 4. BASIC FORTIGATE (DHCP untuk PC)

  1. tambahkan emulator Win

2. Edit Interfaces port 2

3. Masukan IP : 192.168.100.1/255.255.255.0

Enable DHCP Server → OK

4. Tambahkan Policy (agar ip dari port 2 (local) bisa internet

5. isi incoming dan outgoing

6. Jalankan Emulator Windows, langsung dapat ip DHCP dari fortigate

BAB 5. BASIC FORTIGATE ( Web Filter)

  1. Security Profiles -> Web Filter → Create New

2. Name : Block Social Media

Block Invalid URLs : enable

URL Filter : enable

3. masukan URL yang mau di block contoh *facebook.com

4. Save

5. Aktifkan Web FIlter

Policy & Objects -> IPv4 Policy -> edit port 2 (Local To Internet)

Web Filter : enable -> Block Social Media

OK

6. tes akses pakai emulator windows akses facebook.com

BAB 6. BASIC FORTIGATE ( VLAN )

pada bab ini port 2 di FORTIGATE akan di rubah menjadi VLAN

  1. Copy Emulator Switch Cisco ke /opt/unetlab/addons/iol/bin

jalankan fix permission

2. tambahkan emulator switch L2-ADVENTERPRISEK9-M-15.2-IRON-20151103

3. tambahkan emulator windows

berikut topologi dan IP yang akan di gunakan

#Setting Fortigate

4. Rubah Port 2 menjadi sperti ini

Alias : LOCAL

Role : Undefined

IP nya : kosongkan (0.0.0.0.0/0.0.0.0)

5. Create Interface VLAN

Network → Interfaces -> Create New -> Interfaces

6. isikan

Name : VLAN10

Type : VLAN

Interfaces : Port 2

VLAN ID : 10 (ID sesuai Name VLAN)

Address : 192.168.10.1/255.255.25.0

DHCP : enable

7. lakukan hal sama untuk bikin VLAN 20 IP (192.168.20.1/255.255.255.0) dan VLAN 30 (192.168.30.1/255.255.255.0)

8. Setting Policy agar VLAN10, VLAN20, VLAN30 bisa internet

Policy & Objects -> IPv4 Policy -> Create New

setting seperti di bawah ini

9. lakukan hal yang sama untuk VLAN20 dan VLAN30

#Setting Switch

10. jalankan switch nya

enable
configure terminal
hostname Switch-VLAN
vlan 10
vlan 20
vlan 30
no shutdown
exit
exit
show vlan

VLAN 10, 20, 30 status nya sudah active tapi belum di assign ke port nya.

lanjut syntax assign por vlan.

configure terminal
interface ethernet 0/1
switchport mode access
switchport access vlan 10
no shutdown
exit
exit
configure terminal
interface ethernet 0/2
switchport mode access
switchport access vlan 20
no shutdown
exit
exit
configure terminal
interface ethernet 0/3
switchport mode access
switchport access vlan 30
no shutdown
exit
exit
configure terminal
interface ethernet 0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all
switchport mode trunk
no shutdown
exit
exit
wr
copy running-config startup-config
<enter>
show running-config

ketika di show vlan, statusnya sudah active dan sudah ke assign masing2 port.

ketika di show running-config, status masing2 ethernet sudah switchport.

11. jalankan client windows, sudah dapat dhcp ip

12. agar masing windows bisa saling komunikasi (ping), tambahkan Policy di Fortigate.

VLAN10 ke VLAN20
VLAN20 ke VLAN10
Eveng
Eve
Networking
Networking Virtual

--

--

Budi Wibowo

Written by Budi Wibowo

13 Followers

www.hellobudi.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams