Innhold

Fortigate I Outline:

---

1. Introduction to Fortinet Unified Threat Management

• Key FortiGate features
• FortiGuard services
• Administrators and permissions
• Operating mode differences
• Basic network settings
• Console ports
• How to show and hide features in the GUI
• Configuration backup and restoration
• Upgrade and downgrade
• Built-in DHCP and DNS servers
• Lab – Initial Setup and Configuration
• Lab – Administrative Access

2. Logging and Monitoring

• Log severity levels
• Storage locations
• Log types and subtypes
• Log structure and behavior
• Log settings
• Log resources
• Viewing log messages
• Monitoring, reading, and interpreting log messages
• Lab – Status Monitor and Event Log
• Lab – Remote Monitoring

3. Firewall Policies

• How packets match a firewall policy
• How FortiGate defines matching traffic
• Interfaces vs. zones
• Domain name / IP address object
• Device list & endpoint control
• Network services
• Packet handling
• NAT & session helpers
• How to interpret the session table
• Quality of service (QoS) & traffic shaping
• Proxy- vs. flow-based UTM scans
• Debugging packet handling
• Monitor in GUI
• CLI
• Lab – Firewall Policy

4. Firewall Authentication

• Authentication
• Three methods of authentication
• Authentication protocols
• Two-factor authentication (OTP and tokens)
• Authentication types (active and passive)
• Authentication Policies
• Captive portals and disclaimers
• Authentication timeout
• Users(user groups
• LDAP, RADIUS
• FortiGate
• Monitoring firewall users
• Lab – User Authentication

5. SSL VPN

• VPN
• SSL VPN vs. IPSec VPN
• Web-only mode, tunnel mode (including split-tunneling), and port forwarding
• Methods of connecting to SSL VPN tunnels
• Portals, bookmarks, and realms
• Securing SSL VPN access
• Monitoring SSL VPN users
• Configuring SSL VPN
• Lab – SSL VPN

6. Basic IPSec VPN

• Benefits of VPN
• How IPSec VPN works
• Ports numbers & NAT traversal
• Encapsulation: tunnel vs. transport
• Internet Key Exchange & Diffie-Hellman
• Phase 1
• Phase 2
• How quick mode refreshes and selects IPSec SAs
• Policy-based vs. route-based VPN
• How to configure a static point-to-point VPN
• Monitoring VPN tunnels
• Lab – IPSec VPN

7. Antivirus

• What are the types of malware
• Heuristics, grayware and general purpose antivirus scans
• Sandboxing
• Blocking botnet C&C connections
• Proxy vs. flow-based scans
• 3 antivirus databases
• Scanning large / compressed files
• Order of scans
• Zero-day viruses
• How to scan encrypted traffic
• What is conserve mode ?
• How to diagnose the primary cause of high RAM usage
• Lab – Antivirus Scanning

8. Explicit Proxy

• What is an explicit web proxy ?
• PAC file vs. web proxy auto-discovery protocol (WPAD)
• How to decrease WAN bandwidth usage with cache
• IP-based vs. session-based authentication
• Explicit web proxy configuration
• URL pattern objects
• Monitoring explicit web proxy users
• Lab – Explicit Web Proxy

9. Web Filtering

• Web filtering overview
• Types of web filtering
• Static URL filtering
• FortiGuard category filter
• Web site rating submissions
• FortiGuard and static filtering actions
• Web site rating overrides
• Custom categories
• FortiGuard Quotas
• Fortinet Bar
• Forcing safe search
• HTTP inspection order
• Web profile overrides
• Basic HTTPS scanning
• Lab – Web Filtering

10. Application Control

• How does application control work ?
• When is application control necessary ?
• 5 point application risk rating
• Submitting new/revised definitions
• Configuring an application control profile
• Actions, including traffic shaping
• Order of operations for scans
• Reading application control logs
• Lab – Application Identification

 

Fortigate II Outline:

---

1. Routing

• Routing table elements
• How FortiGate matches each packet with a route
• Static routes, policy routes, and dynamic routing
• Equal cost multi-path (ECMP)
• Link health monitor
• Loose and strict reverse path forwarding (RPF)
• Link aggregation
• Loopback interfaces and black hole routes
• WAN link load balancing
• How to diagnose broken routes
• Lab – Router Configuration & Troubleshooting

2. Virtual Domains

• VLANs and VLAN tagging
• Virtual Domains (VDOMs)
• Global and per-VDOM resources
• Per-VDOM administrative accounts
• Inter-VDOM Links
• Monitoring per-VDOM resources
• VDOM topologies
• Lab – Virtual Domains

3. Transparent Mode

• Transparent mode vs. NAT mode
• Transparent bridging
• Forwarding domains
• Port pairing
• STP configuration
• Monitoring the MAC address table
• Lab – Transparent Mode VDOMs

4. High Availability

• Active-passive vs. active-active mode
• How and HA cluster elects the primary
• Active-active traffic balancing
• HA failover
• Configuration synchronization
• Session synchronization
• Virtual clustering
• FortiGate session life support protocol (FGCP)
• Checking the status of a HA cluster
• Lab – High Availability

5. Advanced IPSec VPN

• Main vs. aggressive mode negotiations
• Extended authentication (Xauth)
• Static vs. dynamic peers
• Benefits and cost of VPN technologies
• Dialup VPN configuration
• Redundant VPNs
• Troubleshooting
• Lab – Advanced IPSec VPN

6. Intrusion Prevention System (IPS)

• Attacks vs. anomalies
• Protocol Decoders
• FortiGuard IPS Signatures and engines
• CVSS & FortiGuard severity levels
• Custom signature syntax
• Denial of Service (DoS) attacks
• One-arm deployment
• IPS logs
• Diagnostic commands
• Expected IPS engine CPU usage
• Lab – Intrusion Prevention System

7. Fortinet Single Sign-On (FSSO)

• DC agent mode vs. polling modes
• NTLM authentication
• Microsoft Active Directory access modes
• Collector agent configuration
• FortiGate FSSO configuration
• Monitoring FSSO
• Lab – Fortinet Single Sign On

8. Certificate Operations

• Securing traffic
• Symmetric cryptography
• Asymmetric cryptography
• Digital Certificates
• Certificate-based user authentication
• SSL handshake
• Generating and signing certificates
• Importing certificates
• Managing certificate revocation list
• SSL content inspection
• Certificate warnings
• Installing the proxy certificate as a root authority
• Configuration
• Inline SSL decoding
• Lab – Certificate Operations

9. Data Leak Prevention (DLP)

• Why use DLP ?
• Files vs. messages
• Sensors and filters
• Document fingerprinting
• Summary vs. full content archiving
• Lab – Data Leak Prevention

10. Diagnostics

• Why do you need to know precisely what is normal ?
• Network diagrams
• Monitoring network usage & system resource usage
• Physical layer troubleshooting
• Network layer troubleshooting
• Transport layer troubleshooting
• Resources issues
• Hardware testing
• How to load firmware into RAM only, not disk

11. Hardware Acceleration

• How to find which chip(s) your FortiGate model has
• Network Processor (NP) architecture
• Offloading from CPU to NP
• Session requirements for NP offloading
• NP features
• Security Processor (SP) features
• Content Processor (CP) features
• Integrated Processor, also called “system on a chip” (SoC)
• How to determine if your system is taking advantage of offloading

12. IPv6

• Identify IPv6 fundamentals
• Identify FortiOS IPv6 features
• Differentiate between different transition technologies
• Enable IPv6 on GUI and configure an IPv6 interface
• Configure the FortiGate to announce an IPv6 prefix
• Compare SLAAC and DHCPv6
• Create a NAT64 policy
• Create an 6in4 tunnel using IPSec
• Identify new and revised diagnostic commands
• Lab: IPv6 Transition Technologies