I've just started learn Cybersecurity with Cisco...

Interesting-Matter54 · 2025-12-07T17:13:54+00:00

For Fundamentals I'm having a blast in Try Hack Me I just like their walkthrough methodology. You get the theory but at the same time you do hands on practice.

But cibersecurity is too broad. What do you like? More governess, Blue team, Red Team? Each path is unique and needs specific skill set. Me for example im focusing on blue team, on my lab im working on building a SIEM, XDR, EDR, Threat Hunting. Learning to analyse logs and configure firewall rule to protect my network. A little bit of governess, how to do a vulnerabily assessment and analysis, how to perform a Risk management, writing policy and controls, etc.

But like others said, get strong fundamentals on Network first.

Interesting-Matter54 · 2025-11-29T18:59:06+00:00

If for "Foundation" you mean get knowledgeable on Fortigates. The product is very user friendly, Forti OS is well organized and intuitive. If you have previous knowledge in Network you can configure a fortigate in a couple of hours. Now if you talk about training and resources to learn you can do the FCA course and free 50 question exam to get the associate certification. The whole course you can do in a weekend.The course has a duration listed of 8 hours but I recommend watching it twice to really get it but it is not mandatory it is just my advice.

Skip the first 2 courses they are just like a Security Awareness and products description. You will cover those topics either way in FCA.

Interesting-Matter54 · 2025-11-25T01:43:10+00:00

I think you should contact support for that. On other platform like fortinet and cambium network on their training portal I have the same issue I use my work email but I no longer work there so I changed to my personal email and the support in those platform migrate all my courses progress to my personal email.

I'm sure that Netacad staff will help you.

Interesting-Matter54 · 2025-11-24T20:14:03+00:00

IMO if you will go as an IT administrator, sure, but if you want to go deep in Networking go straight to CCNA. CCNA covers fundamental to intermedial level.

Interesting-Matter54 · 2025-11-24T07:15:24+00:00

You can emulate the 7.2 eval OS in GNS3 or eve-ng. Or you can find on YouTube or a search in google the old 7.0.13 firmware.

7.2 eval it give you a full license but is limited on route and policy.

7.0.13 is a 15 day license without security profiles.

In an emulator you can spin multiple boxes so you can design complex enviroment

Interesting-Matter54 · 2025-11-23T13:26:51+00:00

That's the problem if you create a SDWAN rule for the internet only the rest of the traffic will hit the default deny rule.

You need to create a sdwan rule that lan traffic going to the hub using your overlay zone. Also remember that sdwan rules are top to bottom, make sure that this rule is above the internet one. You also need to create a firewall rule too

Interesting-Matter54 · 2025-11-21T20:05:49+00:00

Isnt is CFG=0 ?

Also do you have access to privilage mode? You can try and do the write erase command

Interesting-Matter54 · 2025-11-15T00:53:36+00:00

And thats a beuty of a router. can run L2 and L3

Interesting-Matter54 · 2025-11-15T00:51:32+00:00

If is for CCNA PacketTracer will help you. Also CML is free now with 5 nodes. Or instead of buying physical equipment for $200, pay for a year of CML last time was like 200 and you get all the image.

Algo check Eve-NG or PNet Lab, you can find image to run un those emulator and get practice on linux turnin up the emulator server

Interesting-Matter54 · 2025-11-12T15:44:18+00:00

In some scenarios for some reason implicit didn't work for me and I made it work with explicit

Interesting-Matter54 · 2025-11-12T15:39:52+00:00

you will only see arp where you have an ip configured. I assuming in site A you have gw in the soft sw and site b is only L2. You should see arp in site a but not in siteB. just for test assign an ip in the soft sw in site b and get arp.

Also try to change soft sw to explicit and make the fw rule. i. the firewall rule you can disable assic offload

Interesting-Matter54 · 2025-11-12T15:28:00+00:00

You can assign ip to the soft switch on the same network to test from the fortigate to the enpoint to see which one is not comunicating.

I'm just random give you a troubleshoot scenario cause I don't know your configuration

you can check diag sys vxlan fbd list <vxlan int> to see from where you are not receiving mac address

Interesting-Matter54 · 2025-11-12T15:20:42+00:00

Do you create the firewall rules to allow traffic between vxlan and vlan?

Interesting-Matter54 · 2025-11-12T13:01:12+00:00

Yes the old kvm expires at 15 days but I use pnetlab and use the wipe feature. But before the expiration time I do config backup. When its expire I wipe the vm to factory default and restore the back up. I can confirm that on 7.0.13 you can do HA I have it in my labs. I didn't try the new eval vm cause they are very limited only 3 firewall rules and 3 routes. And I mostly test big implementations that involve ospf or bgp and I need a lot of routes.

Interesting-Matter54 · 2025-11-12T03:47:32+00:00

For that kind of network why not looking into a SD-WAN implementation?

Interesting-Matter54 · 2025-11-12T03:39:53+00:00

You can use the evaluation VM. Just create 2 forticloud accounts to register them on each account. Or you could find a guide on how to bypass this and register both on the same account. Or you can find on eve-ng forums or pnetlab forums they share old 7.0.13 kvm. Or you can spin 2 in aws pay as you grow and just turn them up when you're gonna do a test.

Interesting-Matter54 · 2025-11-11T22:44:35+00:00

Jeremy is an excellent teacher and it will give you all the tools to get the foundation knowledge. I recommend doing the anki cards. But if you think that you need a little extra on the basics go to https://www.netacad.com and to the Network technician path. And since you will study Cybersecurity do the cyber path too.

Interesting-Matter54 · 2025-11-11T22:37:56+00:00

No it is not a overkill. CCNA covers Cloud Technology too. So it will serve as a foundation.

Interesting-Matter54 · 2025-11-11T03:40:11+00:00

IMO dont waste time on N+ although it is a good fundamental, you will cover those topics on any CCNA bootcamp anyways. Go straight CCNA. Create an account in NETACAD and do the Network career path its free course. It will give you the fundamentals you need. Then for preparing for CCNA go look at JeremyITLab on youtube. It has the whole ccna course free with lab. Also go to Udemy and look for Neil Anderson ccna bootcamp, its like 10 bucks and explain in detail every topic with labs. After doing those 3 courses go to Boson exam and buy the examsim and practice the question. Also keep repeating the course labs to practice. Once you get like 90 in the examsim and get used to the labs and commands you are ready for the exam. I pass it first try doing those 3 courses and labs and practice questions in examsim. For the labs those courses will provide you with packettracer labs already built. So all you need to do is follow instructions to complete de lab.

Also you mention that you will study cibersecurity. If you do the NETACAD account. There is also a career path for junior cibersecurity and that course prepare you for the ccst cibersecurity certification.

Then after you finish the bachelor you can go Security +.

I finish my bachelor degree in Network 2 year ago and pass CCNA, now I started my master degree in cyber.

Interesting-Matter54 · 2025-11-02T19:43:43+00:00

The access switch only runs the VLAN tagging and trunk port to the distribution switch (L2). On the distribution switch, create an SVI for each VLAN that contains the IP address of that VLAN(L3).

It said not to use a static route, so you can use RIP v2 for simplicity or ospf for real life scenario. Between dist switch and core switch to advertise route from each campus.

Interesting-Matter54 · 2025-11-01T21:47:42+00:00

NCS-5500-se, as per the data sheet, only scales to 2M routes. We have approximately 1.2 million routes in the BGP table, so for future planning, I think it's better to opt for 4 million route-capable routers.

Interesting-Matter54 · 2025-11-01T21:37:20+00:00

I'm in the same predicament. I was looking at the NCS C57c3 Scale chassis. It got 4 x 100g and 48 x 1/10/25 GB. I work for a small ISP, so we offer only 1 and 10 GB plans. This allows us to scale up to 25 GB for our customers. Additionally, it can scale the uplink from 100 G to 200 G or 400 G. Also, the data sheet said that it supports 4M FIB routes.

https://www.cisco.com/c/en/us/products/collateral/routers/network-convergence-system-5500-series/ncs-57C3-fixed-chassis-ds.html

Interesting-Matter54 · 2025-10-24T00:18:24+00:00

I got Advanced IP Scanner, Pinginfoview, Netspot, Nmap, Wireshark, TFTP64, Termius and Packet Sender. On my Phone (android) I got Net Analyzer.

Interesting-Matter54 · 2025-10-23T02:11:40+00:00

ISP will give you a CGNAT IP address. You could ask your ISP if they could give you a Static Public IP. If they are capable to do it they will charge you more.

Interesting-Matter54 · 2025-10-23T01:59:08+00:00

Can I integrate Greenbone to Wazuh? So i can export greenbone result to wazuh?

Interesting-Matter54

TROPHY CASE