Fortinet FortiGate II – Multi Threat Security Systems Training

Print Friendly, PDF & Email
Introduction

Fortinet FortiGate II – Multi Threat Security Systems Course Hands-on

In this 3-day Fortinet FortiGate II – Multi Threat Security Systems Training class, which follows FortiGate I, you will learn a selection of advanced FortiGate networking and security features. Topics include features commonly used in complex or larger enterprise/MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, security-as-a-service (SaaS), advanced IPsec VPN, IPS, SSO, certificates, data leak prevention, diagnostics, and fine-tuning performance.

Duration: 3 days

FortiGate II – Multi Threat Security Systems Related Courses

 
Customize It

• If you are familiar with some aspects of this Fortinet FortiGate II – Multi Threat Security Systems Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Fortinet FortiGate II – Multi Threat Security Systems Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Fortinet FortiGate II – Multi Threat Security Systems Training course in manner understandable to lay audiences.

Audience / Target Group

• Anyone who is responsible for day-to-day management of a FortiGate appliance.
• Networking and security professionals involved in the design, implementation, and administration of a security infrastructure using FortiGate appliances.
• Students must master this Fortinet FortiGate II – Multi Threat Security Systems Training course before attending FortiAnalyzer.

Fortinet FortiGate II – Multi Threat Security Systems Training - Objectives:

After completing this Fortinet FortiGate II – Multi Threat Security Systems Training course, attendees will be able to:

• Deploy FortiGate devices as an HA cluster for fault-tolerance & high performance
• Inspect traffic transparently, forwarding as a Layer 2 device
• Manage FortiGate device's route table
• Route packets using policy-based and static routes for multi-path and load-balance deployments
• Connect virtual domains (VDOMs) without packets leaving FortiGate
• Implement a meshed / partially redundant VPN
• Diagnose failed IKE exchanges
• Fight hacking & denial of service (DoS)
• Diagnose IPS engine performance issues
• Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory
• Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
• Understand encryption functions and certificates
• Defend against data leaks by identifying files with sensitive data, and blocking them from leaving your private network
• Diagnose and correct common problems
• Optimize performance by configuring to leverage ASIC acceleration chips, such as CP or NPs, instead of only the CPU resources
• Implement IPv6 and hybrid IPv4-IPv6 networks

Fortinet FortiGate II – Multi Threat Security Systems Training - Course Content:

1. Routing

Routing table elements
How FortiGate matches each packet with a route
Static routes, policy routes, and dynamic routing
Equal cost multi-path (ECMP)
Link health monitor
Loose and strict reverse path forwarding (RPF)
Link aggregation
Loopback interfaces and black hole routes
WAN link load balancing
How to diagnose broken routes
Lab – Router Configuration & Troubleshooting

2. Virtual Domains

VLANs and VLAN tagging
Virtual Domains (VDOMs)
Global and per-VDOM resources
Per-VDOM administrative accounts
Inter-VDOM Links
Monitoring per-VDOM resources
VDOM topologies
Lab – Virtual Domains

3. Transparent Mode

Transparent mode vs. NAT mode
Transparent bridging
Forwarding domains
Port pairing
STP configuration
Monitoring the MAC address table
Lab – Transparent Mode VDOMs

4. High Availability

Active-passive vs. active-active mode
How and HA cluster elects the primary
Active-active traffic balancing
HA failover
Configuration synchronization
Session synchronization
Virtual clustering
FortiGate session life support protocol (FGCP)
Checking the status of a HA cluster
Lab – High Availability

5. Advanced IPSec VPN

Main vs. aggressive mode negotiations
Extended authentication (Xauth)
Static vs. dynamic peers
Benefits and cost of VPN technologies
Dialup VPN configuration
Redundant VPNs
Troubleshooting
Lab – Advanced IPSec VPN

6. Intrusion Prevention System (IPS)

Attacks vs. anomalies
Protocol Decoders
FortiGuard IPS Signatures and engines
CVSS & FortiGuard severity levels
Custom signature syntax
Denial of Service (DoS) attacks
One-arm deployment
IPS logs
Diagnostic commands
Expected IPS engine CPU usage
Lab – Intrusion Prevention System

7. Fortinet Single Sign-On (FSSO)

DC agent mode vs. polling modes
NTLM authentication
Microsoft Active Directory access modes
Collector agent configuration
FortiGate FSSO configuration
Monitoring FSSO
Lab – Fortinet Single Sign On

8. Certificate Operations

Securing traffic
Symmetric cryptography
Asymmetric cryptography
Digital Certificates
Certificate-based user authentication
SSL handshake
Generating and signing certificates
Importing certificates
Managing certificate revocation list
SSL content inspection
Certificate warnings
Installing the proxy certificate as a root authority
Configuration
Inline SSL decoding
Lab – Certificate Operations

9. Data Leak Prevention (DLP)

Why use DLP ?
Files vs. messages
Sensors and filters
Document fingerprinting
Summary vs. full content archiving
Lab – Data Leak Prevention

10. Diagnostics

Why do you need to know precisely what is normal ?
Network diagrams
Monitoring network usage & system resource usage
Physical layer troubleshooting
Network layer troubleshooting
Transport layer troubleshooting
Resources issues
Hardware testing
How to load firmware into RAM only, not disk

11. Hardware Acceleration

How to find which chip(s) your FortiGate model has
Network Processor (NP) architecture
Offloading from CPU to NP
Session requirements for NP offloading
NP features
Security Processor (SP) features
Content Processor (CP) features
Integrated Processor, also called “system on a chip” (SoC)
How to determine if your system is taking advantage of offloading

12. IPv6

Identify IPv6 fundamentals
Identify FortiOS IPv6 features
Differentiate between different transition technologies
Enable IPv6 on GUI and configure an IPv6 interface
Configure the FortiGate to announce an IPv6 prefix
Compare SLAAC and DHCPv6
Create a NAT64 policy
Create an 6in4 tunnel using IPSec
Identify new and revised diagnostic commands
Lab: IPv6 Transition Technologies

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0