FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201



Similar documents
Fortinet Certified Network Security Administrator

FortiMail Filtering Course 221-v2.2 Course Overview

FortiManager Centralized Device Management

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

FortiMail Filtering. Course 221 (for FortiMail v4.2) Course Overview

FortiGate Multi-Threat Security Systems I

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

FortiWeb 5.0, Web Application Firewall Course #251

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

Fortigate Features & Demo

NETASQ MIGRATING FROM V8 TO V9

Connecting an Android to a FortiGate with SSL VPN

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

Fortinet Network Security NSE4 test questions and answers:

Please report errors or omissions in this or any Fortinet technical document to

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Fireware Essentials Exam Study Guide

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

FortiGate 200A. Administration Guide. FortiGate-200A Administration Guide Version 2.80 MR8 4 February

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

Funkwerk UTM Release Notes (english)

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 9 Monitoring System Performance

QUESTION: 1 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

McAfee Network Security Platform Administration Course

Troubleshooting. FortiOS Handbook v3 for FortiOS 4.0 MR3

McAfee Next Generation Firewall (NGFW) Administration Course

FortiOS Handbook - WAN Optimization, Web Cache, Explicit Proxy, and WCCP VERSION 5.2.4

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

Managing a FortiSwitch unit with a FortiGate Administration Guide

inlife Managed Security Service (MSS)

Move over, TMG! Replacing TMG with Sophos UTM

Cisco AnyConnect Secure Mobility Solution Guide

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Configuring a FortiGate unit as an L2TP/IPsec server

User Authentication. FortiOS Handbook v3 for FortiOS 4.0 MR3

FortiOS Handbook SSL VPN for FortiOS 5.0

Check Point Security Administrator R70

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

INSTALL GUIDE. FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4.

(91) FortiOS 5.2

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Managing Enterprise Security with Cisco Security Manager

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

74% 96 Action Items. Compliance

Security Administration R77

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Barracuda Link Balancer

TABLE OF CONTENTS NETWORK SECURITY 2...1

FortiGate High Availability Overview Technical Note

Configuring IPsec VPN with a FortiGate and a Cisco ASA

FortiOS Handbook What s New for FortiOS 5.0

Simple security is better security Or: How complexity became the biggest security threat

Unified Threat Management, Managed Security, and the Cloud Services Model

Chapter 8 Router and Network Management

Configuring Windows Server 2008 Network Infrastructure

Vantage Report. User s Guide. Version /2006 Edition 1

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Table of Contents. Introduction. Audience. At Course Completion

HA OVERVIEW. FortiGate FortiOS v3.0 MR5.

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

FortiOS Handbook - Authentication VERSION 5.2.6

FortiOS Handbook - Getting Started VERSION 5.2.2

Securing Networks with PIX and ASA

Step-by-Step Configuration

SonicOS 5.9 One Touch Configuration Guide

INTRODUCTION TO FIREWALL SECURITY

Endian Unified Threat Management

Cisco ASA. Administrators

FortiOS Handbook - Security Profiles VERSION 5.4.0

Preparing for Version 10

Cisco Small Business ISA500 Series Integrated Security Appliances

Configuring PA Firewalls for a Layer 3 Deployment

Cisco Certified Security Professional (CCSP)

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Sophos Certified Architect Course overview

Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER

Network protection and UTM Buyers Guide

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Implementing Cisco IOS Network Security

Solution Brief FortiMail for Service Providers. Nathalie Rivat

FortiOS Handbook Install and System Administration for FortiOS 5.0

How To Configure Syslog over VPN

About Firewall Protection

Stonesoft 5.5. Firewall/VPN Reference Guide. Firewall Virtual Private Networks

SonicWALL PCI 1.1 Implementation Guide

IINS Implementing Cisco Network Security 3.0 (IINS)

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Configuring IPsec VPN between a FortiGate and Microsoft Azure

FortiGate IPS Guide. Intrusion Prevention System Guide. Version November

Transcription:

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201 Course Overview Through this 2-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration aspects of the most commonly used features on the FortiGate Unified Threat Management (UTM) Appliance. Through interactive modules, participants explore firewall policies, user authentication, VPNs, virus detection, email filtering, web filtering, application control and more. FortiGate unit administrative fundamentals provide a solid understanding of how to integrate and ensure operational maintenance for optimal performance in the corporate environment. Course At the conclusion of this course, participants will be able to:» Describe the capabilities of the FortiGate Unified Threat Management appliance» Use the web management interface and CLI to complete administration and maintenance tasks» Understand the basic differences between the NAT/Route and Transparent operational modes» Enable logging, read and interpret different event log entries» Create firewall policies for any situation to control traffic passing through the FortiGate unit» Work through a list of configuration situations and identify the firewall policies and settings needed» Enable authentication for local users» Implement SSL VPNs to offer secure access to private networks» Configure a working IPSec VPN tunnel between two FortiGate devices in policy and tunnel-based mode» Implement threat management filtering including antivirus, email filtering, web filtering, and application control

Products Used in This Course FortiGate Appliance Prerequisites Introductory-level network security experience Basic understanding of firewall concepts System Requirements If performing this training online, students will require the following: A high-speed Internet connection A Web browser that supports the Adobe Flash Player to launch the Virtual Classroom Speakers or a headset to follow along with the audio portion of the presentation Adobe Reader to view on-line class materials Who Should Attend This introductory-level course is intended for anyone who is responsible for the day-to-day administration and management of a FortiGate unit. Students must be familiar with the topics presented in this course before attending the FortiGate Multi-Threat Security Systems II - Secured Network Deployment and IPSec VPN course. Certification This course helps to prepare students for the following certification exams: Fortinet Certified Network Security Associate (FCNSA) Fortinet Certified Network Security Professional (FCNSP)

AGENDA - Day 1 Module 1: Introduction to Fortinet Unified Threat ManagementThis module introduces students to the FortiGate unit, comparing and describing the essential FortiGate features, as compared to other firewall devices. Feature usage and their order of operations are explained and students examine how these can affect system performance and resources. Finally this module will cover configuration backup and restore, factory default settings and establishing connectivity to the FortiGate device GUI.» Identify major features of the FortiGate Unified Threat Management appliance» Access and use the FortiGate unit s administration interfaces» Create Administrators» Work with examine configuration files (backup, restore, identify config file problems) Introduction to Unified Threat Management The Fortinet Solution FortiGate Appliance Capabilities and Components Device Administration (Firmware Upgrade, Downgrade) Administrator Users Initial Device Configuration (IPs, Gateway, DHCP, DNS)

Module 2: Logging and Monitoring This module familiarizes students with how to search various logs from the FortiGate device GUI and understand how these logs are used. Different methods of logging will be discussed (both on and off the device), as well as getting information from the logs that may not be initially visible.» Define the storage location for log information» Enable logging for different FortiGate unit events» View and search logs» Monitor log activity» Understand RAW log output» Customize widgets on the dashboard Logging Severity Levels Log Storage Locations Log Types and Subtypes Structure and Behavior of Logs Traffic Log Generation Viewing Logs (Log Viewer Filtering, Raw Logs) Alert Email SNMP Event Logging Monitoring Customizing Status Widgets (GUI)

Module 3: Firewall Policies This module demonstrates setting up the Firewall policies on a FortiGate device and explains the logic for how a match on a firewall policy is determined.» Identify the components used in a firewall policy» Create firewall objects» Create Address and Device Identity policies and manage the order of their processing» Monitor traffic through policies Firewall Policies (Types, Subtypes, Actions) Device Identification (Bring Your Own Device - BYOD) Firewall Address Objects, Interfaces, Service Objects Traffic Logging Network Address Translation (Source NAT) NAT Dynamic IP Pool (Source NAT) Central NAT Traffic Shaping Source NAT IP Address and Port Fixed Port (Source NAT) Virtual IPs (Destination NAT) Threat Management Denial of Service Policies Endpoint Control Firewall Policy Object Management (Object Tagging) Monitoring Policies

Module 4: Local User Authentication This module familiarizes students with utilizing Identity based policies. The focus will be on setting up and manipulating traffic based on authentication using local users.» Describe available FortiGate device authentication mechanisms» Create local users and user groups» Create identity-based policies to enable local user authentication» Monitor active users» Check authentication Log entries Local User Authentication User Authentication via Remote Server User Authentication Groups Identity-Based Policies Disclaimers Password Policies Two-Factor Authentication Policy Configuration User Monitor

Module 5: SSL VPN In this module students learn how to configure and connect to an SSL VPN.» Identify the VPN technologies available on the FortiGate device» Configure the FortiGate device s SSL VPN operating modes» Define user restrictions» Setup SSL VPN portals» Configure firewall policies and authentication rules for SSL VPNs Virtual Private Networks FortiGate Device VPNs SSL VPN Operating Modes (Web-Only, Tunnel) User Groups Authentication SSL VPN Server Certificate Encryption Key Algorithm Web Portal Interface Full-Access Web Portal Interface Tunnel Mode Split-Tunnelling Client Checking (Integrity Checks, Host Checks) Tunnel Mode Connection Client Port Forward Policy De-Authentication Access Modes (Web Mode, Tunnel Mode, Port Forward Mode) SSL VPN Configuration

AGENDA - Day 2 Module 6: IPSec VPN The students will be shown how to configure an IPSec VPN on the FortiGate device using Interface-based and policy-based modes.» Define the architectural components of IPSec VPN» Define the protocols used as part of an IPSec VPN» Identify the phases of Internet Key Exchange (IKE)» Identify the FortiGate unit IPSec VPN modes» Configure IPSec VPN on the FortiGate unit IPSec VPN Internet Key Exchange Defining Phase 1 and Phase 2 Parameters IPSec VPN Modes (Interface Mode, Tunnel Mode) Overlapping Subnets IPSec Topologies IPSec VPN Monitor IPSec VPN Configuration

Module 7: Antivirus This section will teach students how to configure and enable traffic scanning for the detection of viruses.» Describe conserve mode conditions and AV system behavior» Define the virus scanning techniques used on the FortiGate unit» Identify the differences between file-based and flow-based virus scanning» Configure quarantine options» Define firewall policies using antivirus profiles» Update FortiGuard Services Conserve Mode Antivirus Fail-Open Antivirus Overview Scanning Order Proxy-based Scanning Flow-based Scanning Virus Databases Unknown and Known Viruses Heuristic Scanning Antivirus Profiles UTM Proxy Options Quarantine Logging

Module 8: Email Filtering This module will introduce students to email inspection and spam detection.» Identify the email filtering methods used on the FortiGate device» Configure banned word, IP address and email address filters» Define firewall policies using email filter profiles» Identify the differences between the email filtering capabilities of the FortiGate and FortiMail units Email Filtering Spam Actions Email Filtering Methods Email Filtering Order of Operations (SMTP) Email Filtering Order of Operations (POP) FortiGuard IP (Address, URL, Email Address and Email Checksum Check) IP Address Black/White List (BWL) Email Address Black/White List HELO DNS Lookup Return Email DNS Check Banned Word Check MIME Headers Check DNSBL and ORDBL Check Dealing with False Positives FortiGuard Email Filtering Options Email Filter Profile

Module 9: Web Filtering This module introduces students to the web filtering functions available on the FortiGate unit.» Identify the web filtering mechanisms used on the FortiGate device» Create web content and URL filters» Configure FortiGuard Web Filtering» Configure FortiGuard Web Filtering exemptions and rating overrides» Define firewall policies using web filter profiles Web Filtering Overview Types of Web Filtering (Proxy-based, Flow-based, DNS-based) Web Filtering Activation HTTP Inspection Order Web Content Filtering Web URL Filtering Forcing Safe Search FortiGuard Category Filter FortiGuard Caching, Usage Quotas, Rating Submissions and Rating Overrides Local Categories Filtering Actions (Warning, Authenticate) Web Filter Profiles

Module 10: Application Control This module teaches Students the inner workings of Application Control, how to configure it, and how signature triggers are accomplished.» Configure application control» Create firewall policies using application control lists» Define application control operation and best practices Application Control Overview Application Control Lists Application Control Profiles Order of Operations Implicit Rules Creating Filter Rules Application Categories Proper Identification Functional Overview (Under the Hood) Peer-to-Peer Detection

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information