Appendix-A

GNS3 Basics

In this chapter, we will be going through the basics in GNS3. Try to play and familiarize yourself with this environment as this is a good tool for network simulations.

Adding a FortiGate Firewall to GNS3

1- Start by adding a new template

Figure A-1: Create a New template

2- We want to install it from the GNS3 Server, so keep the option default and then press next.

Figure A-2: Select Install an appliance from the GNS3 server

3- On the next window, search for “FortiGate”, and select the option under “Firewalls”, then click install.

Figure A-3: Search for “FortiGate”

4- Press next on this screen

Figure A-4: Install the appliance on the GNS3 VM

5- Press next on this screen

Figure A-5: Qemu settings

6- Tick the allow custom files box

Figure A-6: Tick Allow custom files

7- Just click Yes on this screen

Figure A-7: Click on Yes

8- Highlight a random version

Figure A-8: Highlight a random version

9-Click create a new version

Figure A-9: Create a new version

10- Create a new custom version and select optional name for it.

Figure A-10: Create a custom version

11- Press OK on this one too

Figure A-11: Click on OK

12- Press OK again

Figure A-12: Click on OK

13- Click on any empty30G file, and click Download. Save that file to your computer.

Figure A-13: Download empty30G.qcow2

14- Scroll down to your custom version and click the arrow on the left

Figure A-14: Select Custom version

15- Click the FGT filename under your custom version and click import

Figure A-15: Import FortiGate Image

16- Navigate to your downloaded FortiGate Firewall image and click open

Figure A-16: Select FortiGate Image

17- Still under your custom version, click import on the empty30G file

Figure A-17: Select empty30G.qcow2

18- Navigate to your downloaded empty30G file and click open

Figure A-18: Import empty30G.qcow2 file

19- After that, highlight the custom version again and click next

Figure A-19: Select custom version and then click on Next

20- Click Yes on this window

Figure A-20: Click on “Yes”

21- Then click Finish

Figure A-21: Click on “Finish”

Configuring your Palo Alto Firewall Template and adding the device

1- Lets start by modifying the GNS3 template of the Palo Alto firewall by right clicking the existing template, and clicking on “configure template”.

Figure A-22: Configure Palo Alto template

2- Make sure the max amount of RAM is set to at least 4096MB, and the amount of vCPUs are at least 2.

Figure A-23: Configure template

3- Now close the window, and drag in the Palo Alto device from the left hand pane.

Figure A-24: Drag a Palo Alto in the workspace

4- Once you’ve dragged in the Palo Alto device, right click it, then click “start”.

Figure A-25: Start Palo Alto

5- Keep in mind that this device takes a while to start.

Webterm installation

1- Let’s begin by clicking “new template” on the bottom left hand of GNS3

Figure A-26: Create a new template

2- We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click next.

Figure A-27: Install an appliance from the GNS3 server

3- On the next window, search for “webterm”, select the option under “guests”, then click install.

Figure A-28: Search for “webterm”

4- On the next screen, ensure that “Install the appliance on the GNS3 VM”, is already selected, then click next.

Figure A-29: Select “Install the appliance on the GNS3 VM”

5- On the next screen, click Finish.

Figure A-30: Click on Finish

After that, it should appear under all devices in GNS3

Configuring your webterm device with a static IP

1- Drag in the webterm device from the left pane. Then once it finishes downloading the docker file, right click it and select “edit config”

Figure A-30: Edit config

2- A window will pop up containing the device’s network configuration. We want to modify this file to match the specified IP address. The final modification should look like a little like this

Figure A-31: Static IP address configuration

After these modifications, click on the save button on the bottom right of the window.

Configuring a webterm DHCP client

We just need to uncomment these 2 lines to enable DHCP. Click on save and we are done.

Figure A-32: DHCP IP address configuration

Connecting devices in GNS3

Please see the example below

Figure A-33: connecting devices

Using NAT in GNS3

The NAT device in GNS3 will allow devices in our virtual topology to communicate with the internet. This device is under the all devices section of GNS3.

Figure A-34: NAT

Make sure you select the GNS3VM as the option whenever you see this window (applies for all devices)

Figure A-35: choose GNS3 VM

Using Kali in GNS3

Sometimes we need to use Kali to demonstrate an attack. Please keep in mind that Kali is used strictly for testing purposes, and should not be used as a daily driver, to hack your friends, or to pretend to look cool.

1- Let’s begin by clicking “new template” on the bottom left hand of GNS3

 

Figure A-36: Create a new template

2- We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click next.

Figure A-37: Select “Install an appliance from the GNS3 Server”

3- On the next window, search for “kali”, and select the non “CLI” option.

Figure A-38: Select Kali Linux

4- On the next screen, ensure that “Install the appliance on the GNS3 VM”, is already selected, then click next.

Figure A-39: Install the appliance on the GNS3 VM

5- Next again

Figure A-39: Qemu binary

6- Expand the “2019” option, and download both missing files

Figure A-40: Select the Kali-Linux version and then Download

7- After that, import the downloaded file to the specified 2019 selection.

Figure A-41: Select the Kali-Linux downloaded file

8- It should take a second, but GNS3 will start to load up the ISO into the GNS3VM.

Figure A-42: Loading the image

9- After that, click the 2019 version again, then click next

Figure A-43: Ready to install Kali 2019.3

10- Then click finish

Figure A-44: Click on “Finish”

Using WordPress in GNS3

Sometimes we need a basic webserver to demonstrate website functionality. This can be accomplished using the WordPress appliance in GNS3. Start by clicking the new template button on the bottom of the page

Figure A-45: Create a new template

We want to install an appliance from the gns3 server

Figure A-46: Install an appliance from the GNS3 server

Lookup “wordpress”, then click install

Figure A-47: search for “wordpress”

Just press next for the following dialog boxes, and you should now have wordpress!

Figure A-48: WordPress Installed successfully!

Running WordPress

After changing the interface configuration, start the machine. You will see a dialogue box:

Figure A-49: Running WordPress

Press enter and you’ll see the device under some basic configuration. Once you get to the prompt, you can exit that window, and you will have WordPress ready!

Figure A-50: WordPress is ready!

Using switches in GNS3

Usually we just use switches to connect multiple devices together in GNS3. However, it can also be used for VLANs. Start by dragging one in and double clicking it.

Figure A-51: Switch configuration

Here you can see that they are all basically untagged. To configure a specific port, simply double click your desired port

Figure A-52: Switch port configuration

Configure the necessary settings for them (access is for tagging, dot1q is for trunking)

Figure A-53: Switch port configuration

Click on add to Apply the changes

Figure A-54: Switch port configuration

Then click Apply and OK.

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall: Practical Guidance and Hands-On Labs by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book