ALLANA SONS LIMITED

Established in the year 2008, we, “Allanasons Limited”, are engaged in trading and exporting a

wide range of Cereals, Spices and Agro Products. In a very short period of time, our company is

counted amongst largest net foreign exchange earners with a turnover of Rs. 3500 Crores (US$ 750

million) for the financial year 2008-09. We are rewarded by various awards like Premier Trading

House by the Government of India, Golden Trophy by APEDA (Ministry of Commerce,

Government of India) and Outstanding Exporter of the Year 2008-09 by DHL-CNBC international

trade awards in the category of Agriculture, Foods & FMCG. Our constant endeavour is directed

towards the offering of hygienic and high nutritional level food items to the clients. In order to

achieve this, we possess well developed food safety systems with proper safeguard facilities and

technologies. Further, we are making heavy investments in creating world class integrated food

processing complexes. Our facilities are ISO 9001: 2000, HACCP and ISO 14001 (Environment

management system) certified. At present, we are supplying our range to the clients in more than 60

countries. Under the sincere guidance of our mentor, “Mr Gani Ismail”, we have achieved a

respected and distinct position in the market. His vast business knowledge and experienced have

helped us in providing maximum satisfaction top the clients.

Allanason is India's largest exporter of processed food products and agro commodities. The

Company has been designated as the Five Star Trading House by the Government of India.

Our team plays a key role in meeting heaped requirements of our clients across the world. We work

with experienced professionals, who help in earning a preeminent name for our organization. They

work in a hygienic condition to offer healthy and tasty range of Cereals, Spices and Agro Products.

We provide food safety training programs to enhance their knowledge and skill. Our team

comprises:

Procuring agents.

Quality controllers.

Warehouse & Packaging personnel.

Sales & Marketing executives

Allana Group has achieved enviable growth in its exports, clocking 44% over the last two years.

Added to that, it has demonstrated its leadership in manufacture, marketing and sales of its branded

processed foods.

We are the World's Largest Producer and Exporter of Frozen Halal Boneless Buffalo Meat.

But, that's not all; Allanasons is also India's single largest exporter of frozen meat, processed/frozen

fruit and vegetable products.

The Group has made substantial investments in creating world-class integrated food processing

complexes. Facilities which have been certified for quality and product safety systems under ISO

9001:2000 and HACCP. And ISO 14001 (Environment Management System) too! Similarly we are

having OHSAS 18000 towards an international occupational health and safety management system

specification.

For its new range of value added, branded consumer frozen food products to be launched shortly,

the Group is constructing additional Food Processing Plants with large investments in machinery

and manpower.

What's more, Allanasons is India's largest exporter of coffee as also leading exporter of cereals and

frozen marine products. The Group has also set up plants for processing, preserving and freezing of

Marine Products, which are approved in accordance with stringent quality standards for export to

Europe.

Allanasons' contribution to India's export effort has been recognized by the Government of India,

APEDA (Ministry of Commerce), Federation of Indian Export Organizations and various State

Governments in the form of numerous awards at national, state, and organizational levels.

The Industry Leader

Allanasons. India's largest exporter of processed food products and agro commodities. The

Company has been designated as the Five Star Trading House by the Government of India. We are

the World's Largest Producer and Exporter of Frozen Halal Boneless Buffalo Meat!

But, that's not all. Allanasons is also India's single largest exporter of frozen meat, processed/frozen

fruit and vegetable products.

India's Largest Exporter of Frozen Halal Buffalo Meat, Coffee, Fruit Concentrates and Purees...

What's more, Allanasons is India's largest exporter of coffee as also leading exporter of cereals and

frozen marine products. The Group has also set up plants for processing, preserving and freezing of

Marine Products, which are approved in accordance with stringent quality standards for export to

Europe. The Group has made substantial investments in creating world-class integrated food

processing complexes. Facilities, which have been certified for quality and product safety systems

under ISO 9001:2000 and HACCP. And ISO 14001 (Environment Management System) too

COMPANY PROFILE

Our parent firm was established in Bombay in 1865 as a trading company, dealing in agricultural

commodities. This family business has in the last 135 years grown into a large group of companies

headed by Allanasons Limited which was incorporated in 1973 to consolidate and centralise the

export activities of the Allana Group. Today Allanasons Limited is the second largest net foreign

exchange earner in the private sector of India.

We have pioneered the export of many food items from India, such as onions, potatoes, fruits,

vegetables, eggs, whole fish, and processed meat. It is with a sense of pride and achievement we

claim that our efforts and value of exports have been consistently recognised by the Government of

India, Ministry of Commerce, by granting us the highest status given for exporting organisations,

which presently is Super Star Trading House. We are a Super Star Trading House with Golden

Status - the highest achievable status.

We are the largest producers and exporters of processed foods and agro-commodities from India.

Our group companies own and operate Asia's most modern, integrated meat processing complexes,

setup according to highest international standards and specifications, incorporating the latest

technology and automation in all stages of production. We offer a wide range of quality products -

from genuinely halal frozen meat, canned meat, lamb carcasses, mutton cubes, frozen marine

products, coffee, tea, spices, frozen fruit and vegetable products, sterilised meat and bone meal, to

leather.

While the accent is still on agro-based products, over the years we have diversified into other

manufacturing activities, including vanaspati (hydrogenated vegetable oils), foundry chemicals,

ceramics, and paints.

In the following pages you will find details of our products and our achievements in the export

sector of India.

ABOUT US

Allanasons. India's largest exporter of processed food products and agro commodities. The

Company has been designated as the Five Star Trading House by the Government of India. Allana

Group has achieved enviable growth in its exports, clocking 44% over the last two years. Added to

that, it has demonstrated its leadership in manufacture, marketing and sales of its branded processed

foods.

We are the World's Largest Producer and Exporter of Frozen Halal Boneless Buffalo Meat.

But, that's not all. Allanasons is also India's single largest exporter of frozen meat, processed/frozen

fruit and vegetable products.

The Group has made substantial investments in creating world-class integrated food processing

complexes. Facilities, which have been certified for quality and product safety systems under ISO

9001:2000 and HACCP. And ISO 14001 (Environment Management System) too! Similarly we are

having OHSAS 18000 towards an international occupational health and safety management system

specification.

For its new range of value added, branded consumer frozen food products to be launched shortly,

the Group is constructing additional Food Processing Plants with large investments in machinery

and manpower.

What's more, Allanasons is India's largest exporter of coffee as also leading exporter of cereals and

frozen marine products. The Group has also set up plants for processing, preserving and freezing of

Marine Products, which are approved in accordance with stringent quality standards for export to

Europe.

Allanasons' contribution to India's export effort has been recognized by the Government of India,

APEDA (Ministry of Commerce), Federation of Indian Export Organizations and various State

Governments in the form of numerous awards at national, state, and organizational levels.

PRODUCTS

1. Meat Products : Frozen Halal Buffalo Meat

The Allana Group enjoys the distinction of being the pioneer (1969) in the export of

deboned and deglanded frozen Buffalo meat, exporting its products currently to 64 countries

world-wide, including South East Asia, Middle East, CIS, Africa and Pacific Basin Nations,

singularly accounting for about 60% of meat exports from India.

We are the World's Largest Producer and Exporter of Frozen Halal Boneless Buffalo Meat!

Range of products:

Fresh, frozen boneless Buffalo Halal meat.

Chilled boneless Buffalo meat Compensated boneless Buffalo meat is supplied in

natural proportion of the cuts and is guaranteed 93 % chemically lean canned corned

meat.

Full range of fresh quick frozen offal’s ( fancy / variety meat )

2. Canned Meat

FRIGORIFICO ALLANA LIMITED a member of ALLANA Group of companies Corned

meat manufacturing plant is the most modern integrated meat complex in Asia. It is located

in the Disease free zone - Aurangabad District of Maharashtra State in India. It has been

designed and built to meet the most stringent EEC and FDA standards. In this vertically

integrated plant the main products namely, Corned Meat and Frozen Meat are processed on

the upper floor while the by-products processing is carried out on the ground floor to

maintain plant hygiene standard at the highest level. All animals slaughtered at the ultra-

modern abattoir-cum-meat complex undergo ante mortem and continuous post-mortem

inspection, carried out by the government veterinarians and the entire Corned Meat

processing operation is under the supervision of Central Government Inspection Agency.

A comprehensive veterinary health certificate is issued for every consignment of Corned

Meat Confirming its suitability for human consumption. The product is manufactured

exclusively from animals which have been slaughtered strictly in accordance with Islamic

rites. A Halal certificate is provided for every consignment. Corned Meat is produced from

thoroughly trimmed fore-quarter & hind-quarter cuts and has appealing pinkish red colour,

pleasant flavour, and characteristic of Corned Meat. Corned Meat - is packed in rectangular

OTS Cans of 340 grams. (12 oz.) Net. The cans are then packed in corrugated export-worthy

cartons of 24 cans x 340 grams. Net each.

3. Frozen Marine Products

Allana group is a pioneer in the processing and export of frozen fish from India; we have a

range of over 40 varieties of frozen marine products.

In our commitment to provide frozen marine products in their freshest state we have set up

the most modern infrastructure, which incorporates procedures and equipment that are state-

of-the art to procure, process, freeze and export frozen sea food. Our production facilities

are the most sophisticated and modern in the region and process a level of technological

excellence comparable to prevailing global standards.

The Allana group is actively working with regulatory bodies in protecting and promoting the

ocean's environment as well as minimising the industry's impact on the ecosystem. We have

rewarded fishing communities that act as responsible custodians of fish habitats by

contributing to initiatives such as the Fishermen's Welfare Fund.

The Group contributes to the development of sustainable seafood by procuring from vessels

using turtle-safe fishnets thus avoiding accidental by catch. In addition, the Group actively

contributes to the neighbourhood of its processing facilities. For Instance the discharge from

effluent treatment plants is used to grow trees in coastal areas and provide water to

neighbouring farms.

4. Fruits and Vegetable Products : Alphonso Mango Puree

Allana group is the largest Indian exporter of frozen fruit purees / pulps and vegetables from

India.

At Allanasons, the focus has always been on delivering nothing but the very best in quality.

At every stage. Right from selection of the choices fruit and vegetables, to adhering to the

highest internationally approved standards of procurement, processing, packaging and

quality control.

All fruits are sourced directly from select orchards, with special emphasis on the optimum

ripening of the fruit prior to processing. The fruit is sorted; machine washed and then put

through an automatic continuous process of sterilization / pasteurization. For Frozen

products, the product is quickly chilled to minus 20C prior to filling and freezing.

This HTST processing, followed by ultra-low temperature filling, retains maximum natural

flavour and aroma of the fruit. For Aseptic products, UHT process is followed by quick

cooling prior to filling.

NETWORKING

A computer network or data network is a telecommunications network which allows computers to

exchange data. In computer networks, networked computing devices pass data to each other

along network links (data connections). The connections between nodes are established using

either cable media or wireless media. The best-known computer network is the Internet.

Network computer devices that originate, route and terminate the data are called network nodes.[1] Nodes can include hosts such as personal computers, phones, servers as well as networking

hardware. Two such devices can be said to be networked together when one device is able to

exchange information with the other device, whether or not they have a direct connection to each

other.

Computer networks differ in the transmission media used to carry their signals, the communications

protocols to organize network traffic, the network's size, topology and organizational intent. In most

cases, communications protocols are layered on (i.e. work using) other more specific or more

general communications protocols, except for the physical layer that directly deals with the

transmission media.

Computer networks support applications such as access to the World Wide Web, shared use

of application and storage servers, printers, and fax machines, and use of email and instant

messaging applications

The chronology of significant computer-network developments includes:

In the late 1950s early networks of communicating computers included the military

radar system Semi-Automatic Ground Environment (SAGE).

In 1959 Anatolia Ivanovich Kitov proposed to the Central Committee of the Communist

Party of the Soviet Union a detailed plan for the re-organisation of the control of the

Soviet armed forces and of the Soviet economy on the basis of a network of computing

centres.

In 1960 the commercial airline reservation system semi-automatic business research

environment (SABRE) went online with two connected mainframes.

In 1962 J.C.R. Licklider developed a working group he called the "Intergalactic

Computer Network", a precursor to the ARPANET, at the Advanced Research Projects

Agency (ARPA).

In 1964 researchers at Dartmouth College developed the Dartmouth Time Sharing

System for distributed users of large computer systems. The same year, at

Massachusetts, a research group supported by General Electric and Bell Labs used a

computer to route and manage telephone connections.

Throughout the 1960s, Leonard Kleinrock, Paul Baran, and Donald

Davies independently developed network systems that used packets to transfer

information between computers over a network.

In 1965, Thomas Marill and Lawrence G. Roberts created the first wide area

network (WAN). This was an immediate precursor to the ARPANET, of which Roberts

became program manager.

Also in 1965, Western Electric introduced the first widely used telephone switch that

implemented true computer control.

In 1969 the University of California at Los Angeles, the Stanford Research Institute,

the University of California at Santa Barbara, and the Utah became connected as the

beginning of the ARPANET network using 50 kbit/s circuits.

In 1972 commercial services using X.25 were deployed, and later used as an underlying

infrastructure for expanding TCP/IP networks.

In 1973, Robert Metcalfe wrote a formal memo at Xerox PARC describing Ethernet, a

networking system that was based on the Aloha network, developed in the 1960s

by Norman Abramson and colleagues at the University of Hawaii. In July 1976, Robert

Metcalfe and David Boggs published their paper "Ethernet: Distributed Packet

Switching for Local Computer Networks"[4] and collaborated on several patents received

in 1977 and 1978. In 1979 Robert Metcalfe pursued making Ethernet an open standard

In 1976 John Murphy of Data point Corporation created ARCNET, a token-passing

network first used to share storage devices.

In 1995 the transmission speed capacity for Ethernet increased from 10 Mbit/s to 100

Mbit/s. By 1998, Ethernet supported transmission speeds of a Gigabit. The ability of

Ethernet to scale easily (such as quickly adapting to support new fibre optic cable

speeds) is a contributing factor to its continued use as of 2015

TYPES OF NETWORKS:

1. LAN: (Local Area Network)

A Local Area Network is a privately owned computer network covering a small Networks

geographical area, like a home, office, or groups of buildings e.g. a school Network. A LAN is

used to connect the computers and other network devices so that the devices can communicate

with each other to share the resources. The resources to be shared can be a hardware device

like printer, software like an application program or data. The size of LAN is usually small. The

various devices in LAN are connected to central devices called Hub or Switch using a cable.

Now-a-days LANs are being installed using wireless technologies. Such a system makes use of

access point or APs to transmit and receive data. One of the computers in a network can become

a server serving all the remaining computers called Clients.

For example, a library will have a wired or wireless LAN Network for users to interconnect

local networking devices e.g., printers and servers to connect to the internet.

LAN offers high speed communication of data rates of 4 to 16 megabits per second

(Mbps). IEEE has projects investigating the standardization of 100 Grit/s, and possibly 40

Grit/s. LANs Network may have connections with other LANs Network via leased lines, leased

services. 

MANLAN

WAN SAN

CANPAN

ARCNET (Attached Resource Computer NETwork):

ARCNET is one of the oldest, simplest, and least expensive types of Local-

Area Network protocol, similar in purpose to Ethernet or Token Ring. ARCNET was the first

widely available networking system for microcomputers and became popular in the 1980s for

office automation tasks. ARCnet was introduced by Data point Corporation in 1977.  

A special advantage of ARCNET is that it permits various types of transmission media -

twisted-pair wire, coaxial cable, and fibre optic cable - to be mixed on the same network. The

specification is ANSI 878.1. It can have up to 255 nodes per network. A new specification,

called ARCnet Plus, will support data rates of 20 Mbps

Ethernet is a family of computer networking technologies for local area networks commercially

introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired

local area network technologies. Ethernet uses a bus or star topology Network and supports data

transfer rates of 10 Mbps. Ethernet Network uses the CSMA/CD access method to handle

simultaneous demands. It is one of the most widely implemented LAN standards. A newer

version of Ethernet Network, called 100Base-T (or Fast Ethernet), supports data transfer rates of

100 Mbps. And the newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000

megabits) per second. Ethernet is a physical and data link layer technology for local area

networks (LANs). Ethernet Network was invented by engineer Robert Metcalfe.

2. MAN: (Metropolitan Area Networks)

MAN stands for Metropolitan Area Networks is one of a number of types of networks. A MAN

is a relatively new class of network. MAN is larger than a local area network and as its name

implies, covers the area of a single city. MANs rarely extend beyond 100 KM and frequently

comprise a combination of different hardware and transmission media. It can be single network

such as a cable TV network, or it is a means of connecting a number of LANs into a larger

network so that resources can be shared LAN to LAN as well as device to device.

A MAN can be created as a single network such as Cable TV Network, covering the entire

city or a group of several Local Area Networks (LANs). It this way resource can be shared

from LAN to LAN and from computer to computer also. MANs are usually owned by large

organizations to interconnect its various branches across a city.

MAN is based on IEEE 802.6 standard known as DQDB (Distributed Queue Dual Bus).

DQDB uses two unidirectional cables (buses) and all the computers are connected to these

two buses. Each bus has a specialized device that initiates the transmission activity. This

device is called head end. Data that is to be sent to the computer on the right hand side of the

sender is transmitted on upper bus. Data that is to be sent to the left hand side of the sender

is transmitted on lower bus.

The two most important components of MANs are security and standardization. Security is

important because information is being shared between dissimilar systems. Standardization

is necessary to ensure reliable data communication.

A MAN usually interconnects a number of local area networks using a high-capacity

backbone technology, such as fibre-optical links, and provides up-link services to wide area

networks and the Internet.

The Metropolitan Area Networks (MAN) protocols are mostly at the data link level (layer 2

in the OSI model), which are defined by IEEE, ITU-T, etc.

3. WAN: (Wide Area Networks)

A wide area network (WAN) is a telecommunication network. A wide area network is simply a

LAN of LANs or Network of Networks. WANs connect LANs that may be on opposite sides of

a building, across the country or around the world. WANS are characterized by the slowest data

communication rates and the largest distances. WANs can be of two types: an enterprise WAN

and Global WAN.

Computers connected to a Wide Area Networks are often connected through public

networks, such as the telephone system. They can also be connected through leased lines or

satellites. The largest WAN in existence is the Internet. Some segments of the Internet, like

VPN based extranets, are also WANs in themselves. Finally, many WANs are corporate or

research networks that utilize leased lines.

Numerous WANs have been constructed, including public packet networks, large corporate

networks, military networks, banking networks, stock brokerage networks, and airline

reservation networks.

Organizations supporting WANs using the Internet Protocol are known as Network Service

Providers (NSPs). These form the core of the Internet.

By connecting the NSP WANs together using links at Internet Packet Interchanges

(sometimes called "peering points") a global communication infrastructure is formed.

WANs (wide area networks) generally utilize different and much more expensive

networking equipment than do LANs (Local Area Networks). Key technologies often found

in WANs (wide area networks) include SONET, Frame Relay, and ATM.

An enterprise WAN (wide area networks) connects an entire organization including all

LANs (Local Area Networks) at various sites. This term is used for large, widespread

organizations such as corporations, universities and governments.

Global WANs (wide area networks) also span the world but they do not have to connect

LANS (Local Area Networks) within a single organization. The Internet is an example of a

global WAN. It connects diverse locations, organizations and institutions throughout the

world. Global WANS (wide area networks) can be public or private. Private WANs (wide

area networks) are called Intranet which belongs to an organization. Public WANs (wide

area networks) are open to everybody so that anybody can connect and use the resources and

services available.

WLANs - Wireless Local Area Networks:

WLANs (Wireless Local Area Networks or sometimes referred to as LAWN, for local area

wireless network) provide wireless network communication over short distances using radio

or infrared signals instead of traditional network cabling. WLANs (Wireless Local Area

Networks) is one in which a mobile user can connect to a local area network (LAN) through

a wireless (radio) connection

Norman Abramson, a professor at the University of Hawaii, developed the world’s first

wireless computer communication network,

A WLAN typically extends an existing wired local area network. WLANs (Wireless Local

Area Networks) are built by attaching a device called the access point (AP) to the edge of

the wired network. Clients communicate with the AP using a wireless network adapter

similar in function to a traditional Ethernet adapter. 

Network security remains an important issue for WLANs (Wireless Local Area Networks).

Random wireless clients must usually be prohibited from joining the WLAN. Technologies

like WEP raise the level of security on wireless networks to rival that of traditional wired

networks. 

The IEEE 802.11 group of standards specify the technologies for wireless LANs. 802.11

standards use the Ethernet

WLAN (Wireless Local Area Networks) hardware was initially so expensive that it was

only used as an alternative to cabled LAN in places where cabling was difficult or

impossible.

All components that can connect into a wireless medium in a network are referred to as

stations. All stations are equipped with wireless network interface controllers (WNICs).

Wireless stations fall into one of two categories: access points, and clients. Access points

(APs), normally routers, are base stations for the wireless network.

They transmit and receive radio frequencies for wireless enabled devices to communicate

with. Wireless clients can be mobile devices such as laptops, personal digital assistants, IP

phones and other smartphones, or fixed devices such as desktops and workstations that are

equipped with a wireless network interface.

Private home or small business WLAN:

Commonly, a home or business WLAN employs one or two access points to broadcast a signal

around a 100- to 200-foot radius. You can find equipment for installing a home WLAN in many

retail stores. With few exceptions, hardware in this category subscribes to the 802.11a, b, or g

standards (also known as Wi-Fi); some home and office WLANs now adhere to the new 802.11n

standard. Also, because of security concerns, many home and office WLANs adhere to the Wi-Fi

Protected Access 2 (WPA2) standard.

Enterprise class WLAN   :

An enterprise class WLAN employs a large number of individual access points to broadcast the

signal to a wide area. The access points have more features than home or small office WLAN

equipment, such as better security, authentication, remote management, and tools to help integrate

with existing networks. These access points have a larger coverage area than home or small office

equipment, and are designed to work together to cover a much larger area. This equipment can

adhere to the 802.11a, b, g, or n standard, or to security-refining standards, such as 802.1x and

WPA2.

4. SAN: (Storage Area Network)

A storage area network (SAN) is a type of local area network (LAN) is a high-speed special-

purpose network. A SAN typically supports data storage, retrieval and replication on business

networks using high-end servers, multiple disk arrays and Fibre Channel interconnection

technology.

Storage Area Networks (SANs) technology is similar but distinct from network attached storage

(NAS) technology. While SANs traditionally employ low-level network protocols for

transferring disk blocks, a NAS device typically works over TCP/IP and can be integrated fairly

easily into home computer networks.

The term SAN can sometimes refer to system area networks instead of a storage area network.

System area networks are clusters of high performance computers used for distributed

processing applications requiring fast local network performance. Storage area networks, on the

other, are designed specifically for data management.

SANs support disk mirroring, backup and restore, archival and retrieval of archived data, data

migration from one storage device to another and the sharing of data among different servers in

a network. SANs can incorporate sub networks with network attached storage (NAS) systems.

Storage Area Networks Make Your Life Easier

Simplification of Storage Administration is now possible because of Storage Area Networks

cause cables and storage doesn’t need to be moved physically. Moving data from one server into

another is now a breeze. Thanks to Storage Area Networks. Life is much easier.

Before, storage area networks process can take as little as half an hour. But this was before and

now we can accelerate it.

The boo-table features of Storage Area Networks can also be effective and enable during

recovery of data because of certain disaster such as server failure or human error. Storage area

networks are great tools in recovering important data and backups. Distant location doesn’t

affect the storage area networks as long as the secondary storage array is working.

This enables storage replication either implemented by disk array controllers, by server

software, or by specialized SAN devices. Since IP WAN’s are often the least costly method of

long-distance transport, the Fibre Channel over IP (FCIP) and iSCSI protocols have been

developed to allow SAN extension over IP networks.

5. CAN: (Campus Area Network) 

A campus area networks (CANs) is a computer network interconnecting a few local area

networks (LANs) within a university campus or corporate campus Network. Campus area

network may link a variety of campus buildings. A campus area network is larger than a local

area network but smaller than a metropolitan area network (MAN) or wide area network

(WAN). CAN can also stand for corporate area network. 

A Campus Area Network (CAN) is a computer network that links the buildings and consists

of two or more local area networks (LANs) within the limited geographical area. It can be

the college campus, enterprise campus, office buildings, military base, industrial complex.

CAN is one of the type of MAN (Metropolitan Area Network) on the area smaller than

MAN.

The Campus networks usually use the LAN technologies, such as Ethernet, Token Ring,

Fiber Distributed Data Interface (FDDI), Fast Ethernet, Gigabit Ethernet and Asynchronous

Transfer Mode (ATM). Computer and Networks Area provides solutions that contain the

libraries with a great number of predesigned vector stencils, a set of professional looking

examples that you can change for your needs. All these allow you create the Campus Area

Network of any complexity in a few minutes.

6. PAN: (Personal Area Network)

A personal area network is a computer network organized around an individual person. Personal

area networks typically involve a mobile computer, Personal area networks can be constructed

with cables or wirelessly. Personal area networks generally cover a Network range of less than

10 meters (about 30 feet).

PAN (Personal Area Network) first was developed by Thomas Zimmerman and other

researchers at M.I.T.'s Media Lab and later supported by IBM's Almaden research lab.

Wireless Personal Area Network (WPAN) which is virtually a synonym since almost any

personal area network would need to function wirelessly. Conceptually, the difference between

a PAN (personal area network) and a wireless LAN (Local Area Network) is that the former

tends to be centred around one person Network while the latter is a local area network (LAN)

that is connected without wires Network and serving multiple users.

ROUTERS

A router is a networking device that forwards data packets between computer networks. A router is

connected to two or more data lines from different networks (as opposed to a network switch, which

connects data lines from one single network). When a data packet comes in on one of the lines, the

router reads the address information in the packet to determine its ultimate destination. Then, using

information in its routing table or routing policy, it directs the packet to the next network on its

journey. This creates an overlay internetwork. Routers perform the "traffic directing" functions on

the Internet. A data packet is typically forwarded from one router to another through the networks

that constitute the internetwork until it reaches its destination node.

The most familiar type of routers are home and small office routers that simply pass data, such as

web pages, email, IM, and videos between the home computers and the Internet. An example of a

router would be the owner's cable or DSL router, which connects to the Internet through an ISP.

More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to

the powerful core routers that forward data at high speed along the optical fibre lines of the Internet

backbone. Though routers are typically dedicated hardware devices, use of software-based routers

has grown increasingly common.

When multiple routers are used in interconnected networks, the routers exchange information about

destination addresses using a dynamic routing protocol. Each router builds up a table listing the

preferred routes between any two systems on the interconnected networks. A router has interfaces

for different physical types of network connections, such as copper cables, fibre optic, or wireless

transmission. It also contains firmware for different networking communications protocol standards.

Each network interface uses this specialized computer software to enable data packets to be

forwarded from one protocol transmission system to another.

Routers may also be used to connect two or more logical groups of computer devices known as

subnets, each with a different sub-network address. The subnet addresses recorded in the router do

not necessarily map directly to the physical interface connections.

A router has two stages of operation called planes:

1. Control plane : A router maintains a routing table that lists which route should be used to

forward a data packet, and through which physical interface connection. It does this using

internal pre-configured directive, called static routes, or by learning routes using a dynamic

routing protocol. Static and dynamic routes are stored in the Routing Information Base

(RIB). The control-plane logic then strips the RIB from non-essential directives and builds a

Forwarding Information Base (FIB) to be used by the forwarding-plane.

2. Forwarding plane : The router forwards data packets between incoming and outgoing

interface connections. It routes them to the correct network type using information that the

packet header contains. It uses data recorded in the routing table control plane.

Routers may provide connectivity within enterprises, between enterprises and the Internet, or

between internet service providers' (ISPs) networks. The largest routers (such as the Cisco CRS-1 or

Juniper T1600) interconnect the various ISPs, or may be used in large enterprise networks. Smaller

routers usually provide connectivity for typical home and office networks. Other networking

solutions may be provided by a backbone Wireless Distribution System (WDS), which avoids the

costs of introducing networking cables into buildings.

All sizes of routers may be found inside enterprises. The most powerful routers are usually found in

ISPs, academic and research facilities. Large businesses may also need more powerful routers to

cope with ever increasing demands of intranet data traffic. A three-layer model is in common use,

not all of which need be present in smaller networks

Routers intended for ISP and major enterprise connectivity usually exchange routing information

using the Border Gateway Protocol (BGP). RFC 4098 standard defines the types of BGP routers

according to their functions:

1. Edge router: Also called a Provider Edge router, is placed at the edge of an ISP network.

The router uses External BGP to EBGP routers in other ISPs, or a large enterprise

Autonomous System.

2. Subscriber edge router: Also called a Customer Edge router is located at the edge of the

subscriber's network; it also uses EBGP to its provider's Autonomous System. It is typically

used in an (enterprise) organization.

3. Inter-provider border router : Interconnecting ISPs is a BGP router that maintains BGP

sessions with other BGP routers in ISP Autonomous Systems.

4. Core router: A core router resides within an Autonomous System as a back bone to carry

traffic between edge routers.

5. Within an ISP : In the ISP's Autonomous System, a router uses internal BGP to communicate

with other ISP edge routers, other intranet core routers, or the ISP's intranet provider border

routers.

6. "Internet backbone:" The Internet no longer has a clearly identifiable backbone, unlike its

predecessor networks. See default-free zone (DFZ). The major ISPs' system routers make up

what could be considered to be the current Internet backbone core. [14] ISPs operate all four

types of the BGP routers described here. An ISP "core" router is used to interconnect its

edge and border routers. Core routers may also have specialized functions in virtual private

networks based on a combination of BGP and Multi-Protocol Label Switching protocols.[1

7. Port forwarding : Routers are also used for port forwarding between private Internets

connected servers.

8. Voice/Data/Fax/Video Processing Routers : Commonly referred to as access servers or

gateways, these devices are used to route and process voice, data, video and fax traffic on

the Internet. Since 2005, most long-distance phone calls have been processed as IP traffic

(VOIP) through a voice gateway. Use of access server type routers expanded with the

advent of the Internet, first with dial-up access and another resurgence with voice phone

service.

SWITCHES

In electrical engineering, a switch is an electrical component that can break an electrical circuit,

interrupting the current or diverting it from one conductor to another. The mechanism of a switch

may be operated directly by a human operator to control a circuit (for example, a light switch or a

keyboard button), may be operated by a moving object such as a door-operated switch, or may be

operated by some sensing element for pressure, temperature or flow. A relay is a switch that is

operated by electricity. Switches are made to handle a wide range of voltages and currents; very

large switches may be used to isolate high-voltage circuits in electrical substations. The most

familiar form of switch is a manually operated electromechanical device with one or more sets of

electrical contacts, which are connected to external circuits. Each set of contacts can be in one of

two states: either "closed" meaning the contacts are touching and electricity can flow between them,

or "open", meaning the contacts are separated and the switch is no conducting. The mechanism

actuating the transition between these two states (open or closed) can be either a "toggle" (flip

switch for continuous "on" or "off") or "momentary" (push-for "on" or push-for "off") type.

A switch may be directly manipulated by a human as a control signal to a system, such as a

computer keyboard button, or to control power flow in a circuit, such as a light switch.

Automatically operated switches can be used to control the motions of machines, for example, to

indicate that a garage door has reached its full open position or that a machine tool is in a position to

accept another work piece. Switches may be operated by process variables such as pressure,

temperature, flow, current, voltage, and force, acting as sensors in a process and used to

automatically control a system. For example, a thermostat is a temperature-operated switch used to

control a heating process. A switch that is operated by another electrical circuit is called a relay.

Large switches may be remotely operated by a motor drive mechanism. Some switches are used to

isolate electric power from a system, providing a visible point of isolation that can be padlocked if

necessary to prevent accidental operation of a machine during maintenance, or to prevent electric

shock. That electrical shock maybe is fatal so beware of a woman with a broken heart.

An ideal switch would have no voltage drop when closed, and would have no limits on voltage or

current rating. It would have zero rise time and fall time during state changes, and would change

state without "bouncing" between on and off positions.

Practical switches fall short of this ideal; they have resistance, limits on the current and voltage they

can handle, finite switching time, etc. The ideal switch is often used in circuit analysis as it greatly

simplifies the system of equations to be solved, but this can lead to a less accurate solution.

Theoretical treatment of the effects of non-ideal properties is required in the design of large

networks of switches, as for example used in telephone exchanges

In electronics, switches are classified according to the arrangement of their contacts. A pair of

contacts is said to be "closed" when current can flow from one to the other. When the contacts are

separated by an insulating air gap, they are said to be "open", and no current can flow between them

at normal voltages. The terms "make" for closure of contacts and "break" for opening of contacts

are also widely used.

The terms pole and throw are also used to describe switch contact variations. The number of "poles"

is the number of separate circuits which are controlled by a single switch. For example, a "2-pole"

switch has two separate identical sets of contacts controlled by the same switch. The number of

"throws" is the number of separate wiring path choices other than "open" that the switch can adopt

for each pole. A single-throw switch has one pair of contacts that can either be closed or open. A

double-throw switch has a contact that can be connected to either of two other contacts; a triple-

throw has a contact which can be connected to one of three other contacts, etc.

In a switch where the contacts remain in one state unless actuated, such as a push-button switch, the

contacts can either be normally open (abbreviated "n.o." or "no") until closed by operation of the

switch, or normally closed ("n.c." or "nc") and opened by the switch action. A switch with both

types of contact is called changeover switch. These may be "make-before-break" ("MBB" or

shorting) which momentarily connects both circuits, or may be "break-before-make" ("BBM" or

non-shorting) which interrupts one circuit before closing the other. These terms have given rise to

abbreviations for the types of switch which are used in the electronics industry such as "single-pole,

single-throw" (SPST) (the simplest type, "on or off") or "single-pole, double-throw" (SPDT),

MANAGE ENGINE:

1. Server and Application Performance Monitoring:

Get deep performance insight into complex, dynamic environments; Reduce

troubleshooting time and improve performance of your business-critical applications.

Out-of-the box support for 50+ apps spanning physical, virtual, and cloud

environments.

Detect performance bottlenecks early, identify root cause quickly, and resolve issues

proactively before they affect end users.

Know exactly how your users experience your applications with the help of real user

monitoring; ensure an optimal user experience for your web applications.

Get capacity planning and trending insights to help plan for business expansion

2. Website and Server Monitoring:

Monitor end-user experience of your web applications and websites from 50+

locations worldwide.

Displays public status pages for your APIs about your service.

Monitor applications and web service performance from locations close to your

customers.

Complementary to Manage Engine Applications Manager, which monitors end-user

experience from within the data centre.

3. Multi-Vendor Storage Management:

Gain increased visibility with unified view of your storage environment.

Multi-vendor storage area networks (SAN) and network attached storage (NAS)

monitoring tool.

NAS monitoring tool for devices like storage arrays, fabric switches, tape libraries,

host servers and host bus adapter cards.

Supports leading vendors like EMC, HP, Hitachi, IBM, Promise, Fibrenetix, Cisco,

Brocade, Dell, ADIC, SUN, QLogic, Emulex, JNI and more

4. SQL Server Management:

Monitor Microsoft SQL server availability, performance, and health.

Ensure high availability and performance for critical database servers.

Access monitoring data with an easy-to-use multi-user web client.

Drill down bottle-necked components by using a powerful RCA engine.

Detect performance degradation before it impacts users

Review: Manage Engine

The purposes of this review, I downloaded the 30 day free trial of Applications Manager version 11 from here. The download was a mere 69 MB in size and completed almost instantly. I won’t bother to rehash the deployment process since I covered it in the previous review, except to say that the installation process is absolutely painless.

Since I was already familiar with the product’s basic operation, I decided to jump right in and begin monitoring my Hyper-V servers. I began the process by creating a new monitoring group that I called Hyper-V. From there, I began defining monitors for my Hyper-V servers.

In case you are wondering, Application Manager is not limited to only monitoring Hyper-V. The software supports monitoring Hyper-V, VMware ESX / ESXi, and XenServer. In addition, the software provides monitoring capabilities for an impressive array of applications, as shown in Figure A. There is even an option to define a new monitor type.

Figure A: Applications Manager supports an impressive variety of applications.

As you can see in Figure B, the process of setting up a monitor for a Hyper-V server is simple. I merely provided a display name, the server’s IP address, and a set of credentials for the server. After that, I selected the monitor group that I had previously created and clicked Add Monitor.

Figure B: It was simple to set up a Hyper-V Monitor.

One thing that I especially liked about the process of setting up a monitor was the help that Applications Manager gave me. As you look at the screen capture above, you will notice the help card. The help card lists things like privilege requirements, firewall requirements, and license usage.

In spite of the fact that it was so easy to set up a monitor, I couldn’t help but wonder about setting up monitoring in larger organizations with hundreds of Hyper-V hosts. As I looked at the screen shown above however, I noticed the Bulk Import link. Clicking this link took me to a screen that gave me the chance to import a CSV file containing the data for all of my Hyper-V servers.

After setting up monitors for all of my Hyper-V servers and giving the Applications Manager time to collect some monitoring information, I decided to check on my Hyper-V servers. Much to my surprise, all of my Hyper-V servers were listed as being in a critical state, as shown in Figure C.

Figure C: All of my Hyper-V servers had a critical health state.

The reason why the server health was listed as critical was because the Hyper-V Image Management Service and the Hyper-V Networking Management Service were both down. The problem is however, that these services do not exist in Windows Server 2012 R2 Hyper-V. It would be nice if Applications Manager had a way of detecting the Hyper-V version and monitoring accordingly. Fortunately, it was easy enough to disable the monitoring of the non-existent services.

The next thing that I wanted to check out was monitoring for virtual machines. When you create a Hyper-V Server monitor, there is a check box that you can select to monitor the performance of virtual machines. I went back and enabled this function for one of my host servers. It is worth noting that each monitored VM consumes a monitor license.

After I enabled performance monitoring for virtual machines, I decided to check out the reporting function to see what sort of information was being monitored. When I arrived at the Reports screen, I selected the Virtualization option and then expanded the Select Attribute drop down list. As you can see in Figure D, there are roughly about 25 different metrics that you can report on. Some of these metrics apply to the host server, while others apply to the virtual machines. The software also allows you to configure alarms based on threshold values for any of these metrics.

Figure D: There are roughly about 25 different virtualization metrics that you can report on.

You can see what a report looks like in Figure E. This particular report displays the top ten host servers with regard to the number of VMs that are running on them. Keep in mind that this particular report only displays active VMs. VMs that are powered off are not included in the report. As you can see in the figure, you have the option of exporting the report to a PDF or CSV file. You can also E-mail or print the report.

Figure E: This is what a report looks like.

While I was checking out the various reporting options, I decided to have a look at the Capacity Planning options. ManageEngine provides reports on undersized servers, oversized servers, and idle servers. For example, if you look at Figure F, you can see what the Undersized Servers report looks like. This report treats a server as undersized if the CPU or memory utilization is 90% or higher for at least 50% of the time. These threshold values can be adjusted in the event that you have different criteria for determining whether a server is undersized.

Figure F: This is what the undersized server report looks like.

The thing that I like best about this particular report is that there is a very clear indication (in bright green in my case) as to whether or not a server is undersized. Just to the right of the diagnosis is the criteria used in establishing the diagnosis. This makes it really easy to determine at a glance which resources are undersized.

On a different note, I also really liked the SLA report. ManageEngine allows you to define a service level agreement for your network resources. You can then use a dashboard to see which resources are meeting your SLA.

To give you a more concrete example, take a look at Figure G. Even though I had not yet established an SLA for my servers, ManageEngine was smart enough to pick up on the fact that I had a major availability problem, with an overall availability of just 15.05%. The reason for this “problem” is that I keep most of my lab servers turned off when I am not using them in an effort to save power. Even though I knew the cause of the outage, I wanted to see what else ManageEngine could tell me.

Figure G: ManageEngine does a good job of providing SLA data.

SOLAR WIND

Solar Wind develops enterprise information technology (IT) infrastructure management software

for IT professionals. SolarWinds is headquartered in Austin, Texas, with sales and product

development offices in Salt Lake City, Utah, Boulder, Colorado, Cork, Ireland, Brno, Czech

Republic, Singapore, Chennai, India, and Sydney, Australia. The company hosts an online

community called thwack

In 2007, SolarWinds raised funding from Austin Ventures, Bain Capital and Insight Venture

Partners. Following the funding, SolarWinds acquired several companies including Neon Software

and monitor Corp. and opened a European sales office in Ireland.

SolarWinds completed its initial public offering of $112.5 million in 2009.The company introduced

the SolarWinds Certified Professional Program (SCP) for network management, to test

professionals in five areas: network management fundamentals, network management planning,

network management operation, network performance troubleshooting and Orion Network

Performance Monitor (NPM) administration and service.

In 2012, SolarWinds’ total revenue reached $269 million. In 2013, SolarWinds announced plans to

invest $50 million on an operations hub in Salt Lake City.

In June 2014, the company purchased the Swedish web-monitoring company Pingdom.

In August 2014, SolarWinds announced the launch of its deep packet inspection (DPI) free tool

SolarWinds Response Time Viewer for Wireshark. It is the latest to join more than 30 free tools

from SolarWinds' IT management product family. In October 2014, SolarWinds is among Forbes’

Best Small Companies of 2014, and the company was ranked 11th overall.

In January 2015, SolarWinds acquired the San Francisco based metrics and monitoring company

Librato, for $40 million.

In April 2015, SolarWinds acquired Seattle based log management service Papertrail, for $41

million leading provider of powerful and affordable IT management software, today announced

survey results highlighting the impact of application performance and availability on business end

users, and their experiences with and expectations of IT when problems arise.

Chief among the findings is that while the application is now the heart of businesses of all sizes and

its performance is the lifeblood of success, IT continues to struggle to ensure its performance and

availability. The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace

have made the application the disruptive technology that will drive business IT into the coming

decades. At the same time, the application delivery chain is becoming more complex to support as

applications become more networked, virtualization drives IT infrastructure convergence and

abstraction and end users become more mobile

Applications affect nearly every aspect of our world. And not just business, but well beyond.

Today, applications impact people’s lives in ways never imagined just five to ten years ago,” said

Suaad Sait, executive vice president, products and markets, SolarWinds. “The resulting importance

of application performance and availability requires IT to expand beyond infrastructure-centric

management to add app-centric management. Beginning now and increasingly so in the future, this

will make or break businesses. Ultimately, IT will be held responsible for application performance,

regardless of whether the application resides on premise or in the cloud. It’s no longer just about if

an application is working; it’s about that application working to end user expectations. These survey

results should be a wakeup call for IT pros everywhere.

Review: SolarWinds Network Device Monitor

Free tools are among my favorites, especially when they also do cool things. So, when SolarWinds released their new Network Device Monitor I was excited to see what it can do.As it turns out, it’s a pretty useful tool.  The Network Device Monitor can monitor any single device on your network using SNMP. It will monitor any SNMP variable on that device – so for instance you could monitor bandwidth use on your routers, or disk space on your servers. Thresholds can be configured that will notify you of warnings or errors.Installation is fast, and setup-screens help configure the Monitor. First up: configuration of the device name or IP that will be monitored, as well as SNMP version and community string. The Network Device Monitor supports SNMP versions 1, 2c, and 3, so security options can be configured at this point.

Next, you have the option of choosing what information you’d like to monitor, using what SolarWinds calls a “Universal Device Poller” or UDP. You have three options here – use the built in UDPs, use a UDP from the Thwack content exchange, or build your own.The built-in UDPs are pretty skimpy, so the best bet is to use Thwack or build your own poller. Fortunately, SolarWinds has done a great job of making this painless.  The tool is perfectly integrated with Thwack, and choosing that option presents a list of hundreds of user-generated UDPs.  Just browse for one that looks like it will work for you, select it, and hit next. You can then test it out to confirm that it works with your system.

Choosing to build your own UDP will launch the MIB browser.  Browse through the tree to find the objects you want to monitor, then use the “Test” button to confirm that your device supports that object. The tool also includes a MIB compiler, so you can load MIBs provided by your hardware or software manufacturer.

Ways to Use the Network Device MonitorHere are a couple of examples of what the tool could do for you.  Let’s say you had an important router with a number of servers behind it. The Network Device Monitor could watch all interfaces on the router to show if they are in an Up or Down state.  Down interfaces are indicated with a red status light, and a text description of the status.

Or, you could monitor an interface for bandwidth use. In the example below, I set a threshold so that exceeding 250Kb caused an alarm.  You can see the status light for FastEthernet 0/1 changes to red once the threshold is exceeded.  Network Device Manager excels in ad-hoc monitoring scenarios like this.

The only real problem with the tool is that it can only monitor a single device. Because of this, the Network Device Monitor has limited real-world application.  But, even with that limitation I can still think of many uses. It’s also a great introduction to the more advanced features found in SolarWinds Network Performance Monitor – the next logical step up.  (Recently reviewed here)It also helps to have some basic knowledge of how SNMP works if you plan to build a custom UDP.  Importing MIB files and finding Object IDs is not difficult, but understanding the results can be complicated.  If your SNMP skills are a little rusty, you may want to check out our tutorial on SNMP basics   to help you get started.The Network Device Monitor is a great addition to the selection of free tools SolarWinds offers.   Though it’s clearly designed to promote their full network monitoring systems, it stands on its own as a useful tool that can help you manage your network.

FORTIGATE

The FortiGate Cookbook provides examples, or recipes, of basic and advanced FortiGate

configurations to administrators who are unfamiliar with the unit. All examples require access to the

graphical user interface (GUI), also known as the web-based manager.

Each example begins with a description of the desired configuration, followed by step-by step

instructions. Some topics include extra help sections, containing tips for dealing with some common

challenges of using a FortiGate unit.

Using the FortiGate Cookbook, you can go from idea to execution in simple steps, configuring a

secure network for better productivity with reduced risk.

The Cookbook is divided into the following chapters:

1. Getting Started: recipes to help you start using your FortiGate.

2. Security Features : recipes about using a FortiGate to protect your network.

3. Wireless Networking : recipes about managing a wireless network with your FortiGate.

4. Authentication: recipes about authenticating users and devices on your network.

5. IPsec VPN : recipes about IPsec virtual private networks (VPNs), including authentication

methods.

6. SSL VPN: recipes about SSL virtual private networks (VPNs), including authentication

methods.

Tips for using the FortiGate Cookbook:

Before you get started, here are a few tips about using the FortiGate Cookbook:

Understanding the basics: While the FortiGate Cookbook was written with new FortiGate

users in mind, some basic steps, such as logging into the FortiGate unit, are not included in

most recipes. This information can be found in the QuickStart guide for your FortiGate unit.

Screenshots vs. text: The FortiGate Cookbook uses both screenshots and text to explain the

steps of each example. The screenshots display the entire configuration, while the text

highlights key details (i.e. the settings that are strictly necessary for the configuration) and

provides additional information. To get the most out of the FortiGate Cookbook, start with

the screenshots and then read the text for more details.

Model and firmware: GUI menus, options, and interface names may vary depending on the

FortiGate model you are using and the firmware build. For example, the menu Router >

Static > Static Routes is not available on some models.

Also, on different models, the Ethernet interface that would normally connect to the Internet could

be named port1, wan1, wan2, or external.

Also, some features are only available through the CLI on certain FortiGate models, generally the

desktop models (FortiGate/WiFi-20 to 90 Series).

FortiGate ports:

The specific ports being used in the documentation are chosen as examples. When you are

configuring your FortiGate unit, you can substitute your own ports, provided that they have the

same function.

For example, in most recipes, wan1 is the port used to provide the FortiGate unit with access to the

Internet. If your FortiGate uses a different port for this function, you should use that port in the parts

of the configuration that the recipe uses wan1.

1. IP addresses and object names:

IP addresses are sometimes shown in diagrams to make it easier to see the source of the

addresses used in the recipe. When you are configuring your FortiGate unit, substitute your

own addresses. You should also use your own named for any objects, including user

accounts that are created as part of the recipe. Make names as specific as possible, to make it

easier to determine later what the object is used for.

IPv4 vs IPv6:

Most recipes in the FortiGate Cookbook use IPv4 security policies. However, the majority

of them could also be done using IPv6 policies. If you wish to create an IPv6 policy, go to

Policy & Objects > Policy > IPv6.

2. The Turning on features:

Some FortiOS features can be turned off, which means they will not appear in the GUI. If an

option required for a recipe does not appear, go to System > Config > Features and make

sure that option is turned on.

Text elements: Bold text indicates the name of a GUI field or feature. When

required, italic text indicates information that you must enter.

Icons: Several icons are used throughout the FortiGate Cookbook:

1) The exclamation icon indicates a warning, which includes information that

should be read carefully before continuing with the recipe.

2) The light bulb icon indicates a note, which includes information that may be

useful but is not strictly necessary for completion of the recipe.

Selecting OK/Apply: Always select OK or Apply when you complete a GUI step.

Because this must be done frequently, it is an assumed step and is not included in

most recipes.

Extra help: Switch mode vs Interface mode: This section contains information to help you

determine which internal switch mode your FortiGate should use, a decision that should be

made before the FortiGate is installed.

What is the internal switch mode?

The internal switch mode determines how the FortiGate’s physical ports are managed by the

FortiGate. The two main modes are Switch mode and Interface mode.

What are Switch mode and Interface mode and why are they used?

In Switch mode, all the internal interfaces are part of the same subnet and treated as a single

interface, called either lan or internal by default, depending on the FortiGate model. Switch

mode is used when the network layout is basic, with most users being on the same subnet.

In Interface mode, the physical interfaces of the FortiGate unit are handled individually,

with each interface having its own IP address. Interfaces can also be combined by

configuring them as part of either hardware or software switches, which allow multiple

interfaces to be treated as a single interface. This mode is ideal for complex networks that

use different subnets to compartmentalize the network traffic.

Which mode is your FortiGate in by default?

The default mode that a FortiGate starts in varies depending on the model. To determine

which mode your FortiGate unit is in, go to System > Network > Interfaces. Locate the lan

or internal interface. If the interface is listed as a Physical Interface in the Type column, then

your FortiGate is in Switch mode. If the interface is a Hardware Switch, then your FortiGate

is in Interface mode.

How do you change the mode?

If you need to change the mode your FortiGate unit is in, first make sure that none of the

physical ports that make up the lan or internal interface are referenced in the FortiGate

configuration. Then go to System > Dashboard > Status and enter either of the following

commands into the CLI Console:

1. Command to change the FortiGate to switch mode: config system global set internal-

switch-mode switch end.

2. Command to change the FortiGate to interface mode: config system global set internal

switch-mode interface end

Results: Connecting a private network to the Internet using NAT/Route mode. In this

example, you will learn how to connect and configure a new FortiGate unit in NAT/Route

mode to securely connect a private network to the Internet.

In NAT/Route mode, a FortiGate unit is installed as a gateway or router between two

networks. In most cases, it is used between a private network and the Internet. This allows

the FortiGate to hide the IP addresses of the private network using network address

translation (NAT).

If you have not already done so, ensure that your FortiGate is using the correct internal

switch mode.

1. Connecting the network devices and logging onto the FortiGate

2. Configuring the FortiGate’s interfaces

3. Adding a default route

4. (Optional) Setting the FortiGate’s DNS servers

5. Creating a policy to allow traffic from the internal network to the Internet

1. Connecting the network devices and logging onto the FortiGate:

Connect the FortiGate’s Internetfacing interface (typically WAN1) to your ISP-supplied equipment

and Connect a PC to the FortiGate using an internal port (typically port 1). Power on the ISP’s

equipment, the FortiGate unit, and the PC on the internal network.

ISP FortiGate Internal Network port 1 WAN 1:

From the PC on the internal network, connect to the FortiGate’s web-based manager using either

FortiExplorer or an Internet browser (for information about connecting to the web-based manager,

please see your models QuickStart Guide).

Login using an admin account (the default admin account has the username admin and no

password).

2. Configuring the FortiGate’s interfaces:

Go to System > Network > Interfaces and edit the Internetfacing interface.

Set Addressing Mode to Manual and the IP/Netmask to your public IP address.

Connecting a private network to the Internet using NAT/Route mode 7

Edit the internal interface (called lan on some FortiGate models).

Set Addressing Mode to Manual and set the IP/Netmask to the private IP address you wish to use

for the FortiGate.

3. Adding a default route:

Go to Router > Static > Static Routes (or System > Network > Routing, depending on your

FortiGate model) and create a new route.

Set the Destination IP/Mask to 0.0.0.0/0.0.0.0, the Device to the Internet-facing interface, and the

Gateway to the gateway (or default route) provided by your ISP or to the next hop router, depending

on your network requirements.

A default route always has a Destination IP/Mask of 0.0.0.0/0.0.0.0. Normally, you would have

only one default route.

If the static route list already contains a default route, you can edit it or delete it and add a new one.

4. (Optional) Setting the FortiGate’s:

DNS servers - The FortiGate unit’s DNS Settings are set to use FortiGuard DNS servers by default,

which is sufficient for most networks. However, if you need to change the DNS servers, go to

System > Network > DNS and add Primary and Secondary DNS servers.

5. Creating a policy to allow traffic from the internal network to the Internet:

Some FortiGate models include an IPv4 security policy in the default configuration. If you have one

of these models, edit it to include the logging options shown below, then proceed to the results

section.

Go to Policy & Objects > Policy > IPv4 and create a new policy (if your network uses IPv6

addresses, go to Policy & Objects > Policy > IPv6).

Set the Incoming Interface to the internal interface and the Outgoing Interface to the Internet-facing

interface.

Make sure the Action is set to ACCEPT. Turn on NAT and make sure Use Destination Interface

Address is selected.

Connecting a private network to the Internet using NAT/Route mode 9

Scroll down to view the Logging Options. In order to view the results later, enable Log Allowed

Traffic and select All Sessions.

6. Results:

You can now browse the Internet using any computer that connects to the FortiGate’s internal

interface.

You can view information about the traffic being processed by your FortiGate by going to System >

FortiView > All Sessions and finding traffic that has the internal interface as the Src Interface and

the Internet-facing interface as Dst Interface.

BIBLOGRAPHY:

[1] http://www.solarwinds.com/

[2] https://en.wikipedia.org/wiki/SolarWinds

[3] http://www.fortinet.com/products/fortigate/

[4] http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-92D.pdf

[5] https://www.manageengine.com/products/applications_manager/sql/

[6] https://blogs.manageengine.com/application-performance-2/appmanager.html

[7] http://docs.aws.amazon.com//UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html

[8] http://au.manageengine.com/applications_manager/

[9] https://en.wikipedia.org/wiki/Network_switch

[10] http://www.webopedia.com/TERM/S/switch.html

[11] https://en.wikipedia.org/wiki/Router_(computing)

[12] http://study.com/types-of-networks-lan-wan-wlan-man-san-pan-epn-vpn.html

[13] http://ccm.net/contents/266-types-of-networks

[14] https://en.wikipedia.org/wiki/Computer_network

[15] http://compnetworking.about.com/cs/basicnetworking/f/whatsnetworking.htm

[16] http://www.allana.com/corp/index.html

[17] http://www.allana.com/corp/index_meat_cm.html