FortiGate II – Multi Threat Security Systems

FortiGate 2 Training in UK - Multi Threat Security Systems | Insoft Services
FortiGate II – Multi Threat Security Systems

FortiGate II – Multi Threat Security Systems

3 Days Course
Network Security
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 3.83 out of 5)
Loading...

Reviews

$1800 (Excl. VAT)
Book Now

Course Details

Overview

In this 3-day class, you will learn advanced FortiGate networking and security. Topics include features commonly in complex or larger enterprise/MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, advanced IPsec VPN, IPS, SSO, data leak prevention, diagnostics, and fine-tuning performance.

 

Associated Certification:

 

NSE-4 Bundle Price: 2750 GBP

Duration: 5 Days

Objectives

After completing FortiGate II course, you will be able to:

  • Deploy FortiGate devices as an HA cluster for fault-tolerance & high performance
  • Inspect traffic transparently, forwarding as a Layer 2 device
  • Manage FortiGate device’s route table
  • Route packets using policy-based and static routes for multi-path and load-balance deployments
  • Connect virtual domains (VDOMs) without packets leaving FortiGate
  • Implement a meshed / partially redundant VPN
  • Diagnose failed IKE exchanges
  • Fight hacking & denial of service (DoS)
  • Diagnose IPS engine performance issues
  • Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory
  • Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
  • Understand encryption functions and certificates
  • Defend against data leaks by identifying files with sensitive data, and blocking them from leaving your private network
  • Diagnose and correct common problems
  • Optimize performance by configuring to leverage ASIC acceleration chips, such as CP or NPs, instead of only the CPU resources
  • Implement IPv6 and hybrid IPv4-IPv6 networks

Outline

1. Routing

  • Routing table elements
  • How FortiGate matches each packet with a route
  • Static routes, policy routes, and dynamic routing
  • Equal cost multi-path (ECMP)
  • Link health monitor
  • Loose and strict reverse path forwarding (RPF)
  • Link aggregation
  • Loopback interfaces and black hole routes
  • WAN link load balancing
  • How to diagnose broken routes
  • Lab – Router Configuration & Troubleshooting

2. Virtual Domains

  • VLANs and VLAN tagging
  • Virtual Domains (VDOMs)
  • Global and per-VDOM resources
  • Per-VDOM administrative accounts
  • Inter-VDOM Links
  • Monitoring per-VDOM resources
  • VDOM topologies
  • Lab – Virtual Domains

3. Transparent Mode

  • Transparent mode vs. NAT mode
  • Transparent bridging
  • Forwarding domains
  • Port pairing
  • STP configuration
  • Monitoring the MAC address table
  • Lab – Transparent Mode VDOMs

4. High Availability

  • Active-passive vs. active-active mode
  • How and HA cluster elects the primary
  • Active-active traffic balancing
  • HA failover
  • Configuration synchronization
  • Session synchronization
  • Virtual clustering
  • FortiGate session life support protocol (FGCP)
  • Checking the status of a HA cluster
  • Lab – High Availability

5. Advanced IPSec VPN

  • Main vs. aggressive mode negotiations
  • Extended authentication (Xauth)
  • Static vs. dynamic peers
  • Benefits and cost of VPN technologies
  • Dialup VPN configuration
  • Redundant VPNs
  • Troubleshooting
  • Lab – Advanced IPSec VPN

6. Intrusion Prevention System (IPS)

  • Attacks vs. anomalies
  • Protocol Decoders
  • FortiGuard IPS Signatures and engines
  • CVSS & FortiGuard severity levels
  • Custom signature syntax
  • Denial of Service (DoS) attacks
  • One-arm deployment
  • IPS logs
  • Diagnostic commands
  • Expected IPS engine CPU usage
  • Lab – Intrusion Prevention System

7. Fortinet Single Sign-On (FSSO)

  • DC agent mode vs. polling modes
  • NTLM authentication
  • Microsoft Active Directory access modes
  • Collector agent configuration
  • FortiGate FSSO configuration
  • Monitoring FSSO
  • Lab – Fortinet Single Sign On

8. Certificate Operations

  • Securing traffic
  • Symmetric cryptography
  • Asymmetric cryptography
  • Digital Certificates
  • Certificate-based user authentication
  • SSL handshake
  • Generating and signing certificates
  • Importing certificates
  • Managing certificate revocation list
  • SSL content inspection
  • Certificate warnings
  • Installing the proxy certificate as a root authority
  • Configuration
  • Inline SSL decoding
  • Lab – Certificate Operations

9. Data Leak Prevention (DLP)

  • Why use DLP ?
  • Files vs. messages
  • Sensors and filters
  • Document fingerprinting
  • Summary vs. full content archiving
  • Lab – Data Leak Prevention

10. Diagnostics

  • Why do you need to know precisely what is normal ?
  • Network diagrams
  • Monitoring network usage & system resource usage
  • Physical layer troubleshooting
  • Network layer troubleshooting
  • Transport layer troubleshooting
  • Resources issues
  • Hardware testing
  • How to load firmware into RAM only, not disk

11. Hardware Acceleration

  • How to find which chip(s) your FortiGate model has
  • Network Processor (NP) architecture
  • Offloading from CPU to NP
  • Session requirements for NP offloading
  • NP features
  • Security Processor (SP) features
  • Content Processor (CP) features
  • Integrated Processor, also called “system on a chip” (SoC)
  • How to determine if your system is taking advantage of offloading

12. IPv6

  • Identify IPv6 fundamentals
  • Identify FortiOS IPv6 features
  • Differentiate between different transition technologies
  • Enable IPv6 on GUI and configure an IPv6 interface
  • Configure the FortiGate to announce an IPv6 prefix
  • Compare SLAAC and DHCPv6
  • Create a NAT64 policy
  • Create an 6in4 tunnel using IPSec
  • Identify new and revised diagnostic commands
  • Lab: IPv6 Transition Technologies

Target Audience

Networking and security professionals involved in the design, implementation, and administration of a security infrastructure using FortiGate appliances.

This course assumes knowledge of basic yet FortiGate-specific fundamentals. As a result, if you know about firewalls, but are new to Fortinet, we do not recommend that you skip FortiGate I.

Pre-Requisites

  • Knowledge of OSI layers
  • Good knowledge of firewalling concepts in an IPv4 network
  • Familiarity with all topics presented in the prerequisite FortiGate I course

Course Schedule

 Apr 25 - Apr 27, 2018
London
 Nov 21 - Nov 23, 2018
London