See how Insoft Services is responding to COVID-19

FortiGate II – Multi Threat Security Systems


Student Registration Form

Thank you for being interested in our training! Fill out this form to pre-book or request information about the delivery options.

* Required

Course Schedule

I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

  • 3 dager
    Network Security

    Classroom + Online

    Course Details


    In this 3-day class, you will learn advanced FortiGate networking and security. Topics include features commonly in complex or larger enterprise/MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, advanced IPsec VPN, IPS, SSO, data leak prevention, diagnostics, and fine-tuning performance.


    Associated Certification:

    This is part of the courses that prepare you for the NSE 4 certification exam.


    New Version Available:


    After completing FortiGate II course, you will be able to:

    • Deploy FortiGate devices as an HA cluster for fault-tolerance & high performance
    • Inspect traffic transparently, forwarding as a Layer 2 device
    • Manage FortiGate device’s route table
    • Route packets using policy-based and static routes for multi-path and load-balance deployments
    • Connect virtual domains (VDOMs) without packets leaving FortiGate
    • Implement a meshed / partially redundant VPN
    • Diagnose failed IKE exchanges
    • Fight hacking & denial of service (DoS)
    • Diagnose IPS engine performance issues
    • Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory
    • Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
    • Understand encryption functions and certificates
    • Defend against data leaks by identifying files with sensitive data, and blocking them from leaving your private network
    • Diagnose and correct common problems
    • Optimize performance by configuring to leverage ASIC acceleration chips, such as CP or NPs, instead of only the CPU resources
    • Implement IPv6 and hybrid IPv4-IPv6 networks


    1. Routing

    • Routing table elements
    • How FortiGate matches each packet with a route
    • Static routes, policy routes, and dynamic routing
    • Equal cost multi-path (ECMP)
    • Link health monitor
    • Loose and strict reverse path forwarding (RPF)
    • Link aggregation
    • Loopback interfaces and black hole routes
    • WAN link load balancing
    • How to diagnose broken routes
    • Lab – Router Configuration & Troubleshooting

    2. Virtual Domains

    • VLANs and VLAN tagging
    • Virtual Domains (VDOMs)
    • Global and per-VDOM resources
    • Per-VDOM administrative accounts
    • Inter-VDOM Links
    • Monitoring per-VDOM resources
    • VDOM topologies
    • Lab – Virtual Domains

    3. Transparent Mode

    • Transparent mode vs. NAT mode
    • Transparent bridging
    • Forwarding domains
    • Port pairing
    • STP configuration
    • Monitoring the MAC address table
    • Lab – Transparent Mode VDOMs

    4. High Availability

    • Active-passive vs. active-active mode
    • How and HA cluster elects the primary
    • Active-active traffic balancing
    • HA failover
    • Configuration synchronization
    • Session synchronization
    • Virtual clustering
    • FortiGate session life support protocol (FGCP)
    • Checking the status of a HA cluster
    • Lab – High Availability

    5. Advanced IPSec VPN

    • Main vs. aggressive mode negotiations
    • Extended authentication (Xauth)
    • Static vs. dynamic peers
    • Benefits and cost of VPN technologies
    • Dialup VPN configuration
    • Redundant VPNs
    • Troubleshooting
    • Lab – Advanced IPSec VPN

    6. Intrusion Prevention System (IPS)

    • Attacks vs. anomalies
    • Protocol Decoders
    • FortiGuard IPS Signatures and engines
    • CVSS & FortiGuard severity levels
    • Custom signature syntax
    • Denial of Service (DoS) attacks
    • One-arm deployment
    • IPS logs
    • Diagnostic commands
    • Expected IPS engine CPU usage
    • Lab – Intrusion Prevention System

    7. Fortinet Single Sign-On (FSSO)

    • DC agent mode vs. polling modes
    • NTLM authentication
    • Microsoft Active Directory access modes
    • Collector agent configuration
    • FortiGate FSSO configuration
    • Monitoring FSSO
    • Lab – Fortinet Single Sign On

    8. Certificate Operations

    • Securing traffic
    • Symmetric cryptography
    • Asymmetric cryptography
    • Digital Certificates
    • Certificate-based user authentication
    • SSL handshake
    • Generating and signing certificates
    • Importing certificates
    • Managing certificate revocation list
    • SSL content inspection
    • Certificate warnings
    • Installing the proxy certificate as a root authority
    • Configuration
    • Inline SSL decoding
    • Lab – Certificate Operations

    9. Data Leak Prevention (DLP)

    • Why use DLP ?
    • Files vs. messages
    • Sensors and filters
    • Document fingerprinting
    • Summary vs. full content archiving
    • Lab – Data Leak Prevention

    10. Diagnostics

    • Why do you need to know precisely what is normal ?
    • Network diagrams
    • Monitoring network usage & system resource usage
    • Physical layer troubleshooting
    • Network layer troubleshooting
    • Transport layer troubleshooting
    • Resources issues
    • Hardware testing
    • How to load firmware into RAM only, not disk

    11. Hardware Acceleration

    • How to find which chip(s) your FortiGate model has
    • Network Processor (NP) architecture
    • Offloading from CPU to NP
    • Session requirements for NP offloading
    • NP features
    • Security Processor (SP) features
    • Content Processor (CP) features
    • Integrated Processor, also called “system on a chip” (SoC)
    • How to determine if your system is taking advantage of offloading

    12. IPv6

    • Identify IPv6 fundamentals
    • Identify FortiOS IPv6 features
    • Differentiate between different transition technologies
    • Enable IPv6 on GUI and configure an IPv6 interface
    • Configure the FortiGate to announce an IPv6 prefix
    • Compare SLAAC and DHCPv6
    • Create a NAT64 policy
    • Create an 6in4 tunnel using IPSec
    • Identify new and revised diagnostic commands
    • Lab: IPv6 Transition Technologies


    Networking and security professionals involved in the design, implementation, and administration of a security infrastructure using FortiGate appliances.

    This course assumes knowledge of basic yet FortiGate-specific fundamentals. As a result, if you know about firewalls, but are new to Fortinet, we do not recommend that you skip FortiGate I.


    • Knowledge of OSI layers
    • Good knowledge of firewalling concepts in an IPv4 network
    • Familiarity with all topics presented in the prerequisite FortiGate I course