FortiGate Level 1
Level: 1
Total: 45hrs
I. Who should enroll?
In this course, you will learn how to use basic and advanced FortiGate
features, including networking and security. In interactive labs, you will
explore firewall policies, user authentication, SSL VPN, dial-up IPsec VPN,
and how to protect your network using security profiles such as IPS,
antivirus, web filtering, application control, and more. These administration
fundamentals will provide you with a solid understanding of how to
implement basic network security. Other topics include features commonly
applied in a complex or larger enterprise or MSSP networks, such as
advanced routing, transparent mode, redundant infrastructure, site-to-site
IPsec VPN, SSO, web proxy, and diagnostics.
II. Course Outline
Chapter Topic
1
� Modern Network Security Threats
• High-Level Features
• Setup Decisions
Module • Basic Administration
1 • Built-In Servers
• Fundamental Maintenance
• FortiGate Within the Security Fabric
Firewall Policies
Module • Configuring Firewall Policies
2 • Managing Firewall Policies
• Best Practices and Troubleshooting
Authentication, Authorization and Accounting
• Introduction to NAT
• Firewall Policy NAT
Module
• Central NAT
3
• Session Helpers
• Sessions
• Best Practices and Troubleshooting
Firewall Authentication
• Methods of Firewall Authentication
• Remote Authentication Servers
Module
• User Groups
3
• Using Firewall Policies for Authentication
• Authenticating Through Captive Portal
• Monitoring and Troubleshooting
2
� Logging and Monitoring
• Log Basics
• Local Logging
Module
• Remote Logging
5
• Log Settings
• View, Search, and Monitor Logs
• Protecting Log Data
Certificate Operations
Module • Authenticate and Secure Data Using Certificates
6 • Inspect Encrypted Data
• Mange Digital Certificates in FortiGate
Web Filtering
• Inspection Modes
Module • Web Filtering Basics
7 • Additional Proxy-Based Web Filtering Features
• DNS Filtering
• Best Practices and Troubleshooting
Application Control
• Application Control Basics
Module
• Application Control Configuration
8
• Logging and Monitoring Application Control Events
• Best Practices and Troubleshooting
Antivirus
Module • Antivirus Basics
9 • Antivirus Scanning Modes
• Antivirus Configuration
3
� • Best Practices
• Troubleshooting
Intrusion Prevention and Denial of Service
• Intrusion Prevention System
Module • Denial of Service
10 • Web Application Firewall
• Best Practices
• Troubleshooting
SSL-VPN
• Describe SSL-VPN
• SSL-VPN Deployment Modes
Module
• Configuring SSL-VPNs
11
• Realms and Personal Bookmarks
• Hardening SSL-VPN Access
• Monitoring and Troubleshooting
Dialup IPsec VPN
• IPsec Introduction
Module • IKE Phase 1 and IKE Phase 2
12 • Dialup IPsec VPN
• Best Practices and VPN Logs
• Module 13: Data Leak Prevention (DLP)
Data Leak Prevention (DLP)
• DLP Overview
Module
• DLP Filters
13
• DLP Fingerprinting
• DLP Archiving
4
� • Best Practices
III. Outcome
Upon completion of the Fortigate, students will be able to perform the following tasks:
• Deploy the appropriate operation mode for your network.
• Use the GUI and CLI for administration.
• Identify the characteristics of the Fortinet security fabric.
• Control network access to configured networks using firewall
policies.
• Apply port forwarding, source NAT, and destination NAT.
• Authenticate users using firewall policies.
• Understand encryption functions and certificates.
• Inspect SSL/TLS-secured traffic to prevent encryption used to
bypass security policies.
• Configure security profiles to neutralize threats and misuse,
including viruses, torrents, and inappropriate websites.
• Apply application control techniques to monitor and control network
applications that might use standard or non-standard protocols and
ports.
• Fight hacking and denial of service (DoS).
• Defend against data leaks by identifying files with sensitive data, and
block them from leaving your private network.
• Offer an SSL VPN for secure access to your private network.
• Implement a dialup IPsec VPN tunnel between FortiGate and
FortiClient.
• Collect and interpret log entries.
5
�• Analyse a FortiGate’s route table.
• Route packets using policy-based and static routes for multi-path
and load-balanced deployments.
• Configure SD-WAN to load balance traffic between multiple WAN
links effectively.
• Inspect traffic transparently, forwarding as a Layer 2 device.
• Divide FortiGate into two or more virtual devices, each operating as
an independent FortiGate, by configuring virtual domains (VDOMs).
• Establish an IPsec VPN tunnel between two FortiGate appliances.
• Compare policy-based to route-based IPsec VPN.
• Implement a meshed or partially redundant VPN.
• Diagnose failed IKE exchanges.
• Offer Fortinet Single Sign-On (FSSO) access to network services,
integrated with Microsoft Active Directory.
• Deploy FortiGate devices as an HA cluster for fault tolerance and
high performance.
• Deploy implicit and explicit proxy with firewall policies,
authentication, and caching.
• Diagnose and correct common problems.
