Description

This FortiGate security and infrastructure training will provide you with all the knowledge related to Unified Threath Management (UTM) on the same platform. The “security” part will provide you with knowledge of practices related to general rules for management and protection against malware. The “infrastructure” part will allow mastery of the advanced architectural functions of FortiGate.

Who is this training for ?

For whom ?

Network engineers/administrators and technicians and anyone involved in the design of network and security architectures based on FortiGate hardware.

Prerequisites

Basic knowledge of IT security as well as good knowledge of TCP/IP.

Training objectives

• Deploy the appropriate operating mode for your network (proxy, flow, NGFW, etc.)
• Use the graphical and CLI interfaces jointly for administration
• Control network access to networks configured using security policies fire
• Apply port forwarding, source Network Address Translation (NAT), and destination NAT
• Authenticate users using firewall policies
• Understand encryption features and certificates
• Decrypt SSL/secure traffic TLS in order to inspect it
• Configure security profiles to neutralize threats and abuse
• Apply network application control techniques
• Use standard or non-standard protocols and ports
• Fight against hacking and denial of service ( DoS)
• Collect and interpret items collected in logs
• Identify Fortinet Security Fabric characteristics
• Analyze a FortiGate routing table
• Route packets using static routes and rule-based routes
• Deploy load-balanced multipath
• Split FortiGate into two or more virtual devices
• Configure virtual domains (VDOM)
• Understand the fundamentals and benefits of using ZTNA
• Offer SSL VPN for secure access to your private network
• Establish an IPsec VPN tunnel between two FortiGate devices
• Implement a mesh or partially redundant VPN
• Diagnose failed IKE exchanges
• Provide Single Sign-On (FSSO) access to network services by leveraging access to Microsoft Active Directory (AD)
• Deploy FortiGate devices in high availability cluster
• Improve fault tolerance and deliver high performance
• Deploy SD-WAN virtual interface
• Implement dynamic flow distribution based on measured performance on member interfaces
• Diagnose and fix common problems

Training program

• Safety - Introduction and Initial Settings
  • High-level features.
  • Initial decisions.
  • Basic administration.
  • Basic maintenance.
• Security - Firewall Policy
  • Configuring policies.
  • Managing policies.
  • Best practices and troubleshooting.
• Security - Network Address Translation
  • Introduction.
  • Policy-backed NAT versus central NAT.
  • Best practices and troubleshooting.
• Security - Firewall authentication
  • Firewall authentication methods.
  • User groups.
  • Firewall rules with authentication.
• Security - Logging and monitoring
  • Log basics.
  • Local or remote logging.
  • Logging settings, searching logs.
  • Protecting logs logging data.
• Security - Certificate Operations
  • Authenticate and secure data using certificates.
  • Inspect encrypted data.
• Security - Web filtering
  • Inspection modes.
  • Web filtering basics.
  • Additional proxy-based web filtering features.
  • Video Filtering.
  • Best practices and troubleshooting.
• Security - Application Control
  • Application Control Basics.
  • Configuring Application Control.
  • Logging and Monitoring Application Control Events.
• Security - Antivirus
  • Fundamentals.
  • Scan modes.
  • Antivirus configuration.
• Security - Intrusion prevention
  • The intrusion prevention system.
  • Denial of service.
• Security - Security Fabric
  • Safety fabric concept.
  • Deployment.
  • Expand the safety fabric.
  • Safety fabric rating system and view of the topology.
• Infrastructure - Routing
  • Routing on FortiGate.
  • Routing Monitoring and Routing Attributes.
  • Equal Cost Load Sharing.
  • Test Reverse Path Forwarding (RPF), fight against address spoofing.
  • Link health probes and route toggle.
  • Diagnostics.
• Infrastructure - Virtual Domains
  • VDOM concepts.
  • VDOM administrators.
  • Configuring VDOMs.
  • Inter-VDOM links.
  • Best practices and troubleshooting.
• VDOM concepts. VDOM administrators. Configuring VDOMs. InterVDOM links. Best practices and troubleshooting.
  • Function and deployment.
  • FSSO with Active Directory.
  • Tuning and troubleshooting.
• Infrastructure - Zero Trust Network Access (ZTNA)
  • Introduction.
  • Comparing ZTNA to IPsec and SSL VPNs.
• Infrastructure - VPN SSL
  • Deployment modes.
  • Configuration.
  • Monitoring and troubleshooting.
• Infrastructure - IPsec VPN
  • Introduction.
  • Configuration.
  • Routing and firewall rules.
  • Redundant VPNs, mesh VPN.
  • Monitoring, logging.
• Infrastructure - High availability
  • Active/passive versus active/active operating modes.
  • HA cluster synchronization.
  • HA failover.
• Infrastructure - SD-WAN
  • Motivation, dynamic flow distribution.
  • Implementation.
  • Performance probes.
  • SD-WAN rules.
• Infrastructure - Diagnostics
  • General.
  • Stream debugging.
  • CPU and memory.
  • Firmware and hardware.