In this 2-day class, you will learn how to use basic FortiGate UTM. In interactive labs, you will explore firewall policies, basic VPNs, virus detection, web filtering, application control, user authentication, and more.

These administrative fundamentals will provide you with a solid understanding of how to integrate basic network security.

Associated Certification:

This is part of the courses that prepare you for the NSE 4 certification exam.

After completing FortiGate 1 course, you will be able to:

• Describe capabilities of FortiGate UTM
• Neutralize threats / misuse: viruses, torrents, and inappropriate web sites
• Control network access based on device type
• Authenticate users via firewall policies
• Offer an SSL VPN for secure access to your private network
• Establish an IPsec VPN tunnel between two FortiGate appliances
• Compare policy- vs. tunnel-based IPsec VPN
• Apply port forwarding, source NAT, and destination NAT
• Interpret log entries
• Generate reports
• Use the GUI and CLI for administration
• Deploy the right operation mode
• Deploy an explicit proxy with firewall policies, authentication, and caching
• Simplify protocol handling with application control

1. Introduction to Fortinet Unified Threat Management

• Key FortiGate features
• FortiGuard services
• Administrators and permissions
• Operating mode differences
• Basic network settings
• Console ports
• How to show and hide features in the GUI
• Configuration backup and restoration
• Upgrade and downgrade
• Built-in DHCP and DNS servers
• Lab – Initial Setup and Configuration
• Lab – Administrative Access

2. Logging and Monitoring

• Log severity levels
• Storage locations
• Log types and subtypes
• Log structure and behavior
• Log settings
• Log resources
• Viewing log messages
• Monitoring, reading, and interpreting log messages
• Lab – Status Monitor and Event Log
• Lab – Remote Monitoring

3. Firewall Policies

• How packets match a firewall policy
• How FortiGate defines matching traffic
• Interfaces vs. zones
• Domain name / IP address object
• Device list & endpoint control
• Network services
• Packet handling
• NAT & session helpers
• How to interpret the session table
• Quality of service (QoS) & traffic shaping
• Proxy- vs. flow-based UTM scans
• Debugging packet handling
• Monitor in GUI
• CLI
• Lab – Firewall Policy

4. Firewall Authentication

• Authentication
• Three methods of authentication
• Authentication protocols
• Two-factor authentication (OTP and tokens)
• Authentication types (active and passive)
• Authentication Policies
• Captive portals and disclaimers
• Authentication timeout
• Users(user groups
• LDAP, RADIUS
• FortiGate
• Monitoring firewall users
• Lab – User Authentication

5. SSL VPN

• VPN
• SSL VPN vs. IPSec VPN
• Web-only mode, tunnel mode (including split-tunneling), and port forwarding
• Methods of connecting to SSL VPN tunnels
• Portals, bookmarks, and realms
• Securing SSL VPN access
• Monitoring SSL VPN users
• Configuring SSL VPN
• Lab – SSL VPN

6. Basic IPSec VPN

• Benefits of VPN
• How IPSec VPN works
• Ports numbers & NAT traversal
• Encapsulation: tunnel vs. transport
• Internet Key Exchange & Diffie-Hellman
• Phase 1
• Phase 2
• How quick mode refreshes and selects IPSec SAs
• Policy-based vs. route-based VPN
• How to configure a static point-to-point VPN
• Monitoring VPN tunnels
• Lab – IPSec VPN

7. Antivirus

• What are the types of malware
• Heuristics, grayware and general purpose antivirus scans
• Sandboxing
• Blocking botnet C&C connections
• Proxy vs. flow-based scans
• 3 antivirus databases
• Scanning large / compressed files
• Order of scans
• Zero-day viruses
• How to scan encrypted traffic
• What is conserve mode ?
• How to diagnose the primary cause of high RAM usage
• Lab – Antivirus Scanning

8. Explicit Proxy

• What is an explicit web proxy ?
• PAC file vs. web proxy auto-discovery protocol (WPAD)
• How to decrease WAN bandwidth usage with cache
• IP-based vs. session-based authentication
• Explicit web proxy configuration
• URL pattern objects
• Monitoring explicit web proxy users
• Lab – Explicit Web Proxy

9. Web Filtering

• Web filtering overview
• Types of web filtering
• Static URL filtering
• FortiGuard category filter
• Web site rating submissions
• FortiGuard and static filtering actions
• Web site rating overrides
• Custom categories
• FortiGuard Quotas
• Fortinet Bar
• Forcing safe search
• HTTP inspection order
• Web profile overrides
• Basic HTTPS scanning
• Lab – Web Filtering

10. Application Control

• How does application control work ?
• When is application control necessary ?
• 5 point application risk rating
• Submitting new/revised definitions
• Configuring an application control profile
• Actions, including traffic shaping
• Order of operations for scans
• Reading application control logs
• Lab – Application Identification

• Anyone who is responsible for day-to-day management of a FortiGate appliance. You must master this course before attending FortiGate 2

• None except TCP/IP network experience and a basic understanding of firewall concepts.