Learnedze for Labs

Fortinet Lab Topology

Fortigate Security

1. Introduction and Initial Configuration

  • Administrative methods – CLI (console, SSH or GUI widget) or GUI
  • Configure Mgmt Interface
  • Define operation mode – Routed/Transparent
  • Administrative users & profiles
  • Feature Visibility
  • Interface configuration

2. Firewall Policies

  • Configure firewall objects and policies
  • Configure source match options available firewall policies
  • Apply firewall policy logging options
  • Use policy lookup to find matching policy

3. Network Address Translation (NAT)

  • Configure policy with source NAT – SNAT
  • Configure policy with destination NAT – DNAT4

4. Firewall Authentication

  • Configure an LDAP Server on HQ-FG1 firewall for remote authentication
  • Configure captive portal so users connecting to the network are forced to authenticate
  • Configure captive portal so users connecting to the network are forced to authenticate

5. Logging and Monitoring

  • Configuring Logging on DC-FG1 and DC-FG2
  • Monitoring logs via GUI

6. Web Filtering

  • Configure web filtering on HQ-FG1
  • Enable catergory based filter and apply to a Firewall policy

7. Application Control

  • Creating an application control profile on HQ-FG1
  • Configure and monitor traffic shaping for application control

8. Intrusion Prevention and Denial of Service

  • Configure IPS Sensor and apply IPS inspection on HQ-FG1 firewall
  • Blocking known exploits on HQ-FG1 firewall

9. Dialup IPsec VPN

  • Deploy a dialup VPN for Forticlient
  • Verify VPN connectivity from PC3 to HQ-FG1

Fortigate Infrastructure

1. Routing

  • Configure dynamic routing protocol (OSPF) for IPv4 traffic on DC-FG1 firewall
  • Configure BGP between Firewall DC-FG1 and router R3
  • Configure redistribution of OSPF routes into BGP on DC-FG1
 

2. Virtual Domains

  • Configure split-task VDOM mode on Branch firewall BR1-FG1 and assign interfacesgn interfaces
  • Configure separate security outbound policy on traffic VDOM
 

3. FortiManager & FortiAnalyzer

  • Create HeadQuarter and Branch ADOMS on Fortimanager and assign HQ-FG1 and BR2-FG1 to the respective ADOM
  • Configuring BR2-FG1 and HQ-FG1 firewalls from Fortimanager
  • Configuring FortiAnalyzer as log collector for Branch and HQ Firewalls for analytics

4. High Availability (HA)

  • Configure High availability between two firewalls DC-FG1 and DC-FG2 in Active-Passive mode
  • Manual failover of the firewalls to verify High Availability
  • Configure High availability between two firewalls DC-FG1 and DC-FG2 in Active-Active mode
 

5. Web Proxy

  • Configure HQ-FG1 firewall to act as an explicit web proxy
  • Use a PAC file to configure explicit proxy settings in user machine web browsers

6. Site-to-Site IPsec VPN

  • Configure IPSec VPN between Branch office BR1-FG1 and HeadQuarter HQ-FG1 using Pre-Shared Key authentication
  • Configure IPSec VPN between Branch office BR2-FG1 and HeadQuarter HQ-FG1 via Fortimanager using Pre-Shared Key authentication
 

7. Software-Defined WAN (SD-WAN)

  • Configure SD-WAN between HQ-FG1 and BR1-FG1 to load balance traffic over Internet and MPLS link based on lowest latency
  • Configure SD-WAN between HQ-FG1 and BR2-FG1 to load balance traffic over Internet and MPLS link based on lowest latency via FortiManager

8. Fortinet Single Sign-On (FSSO)

  • Configure SSO on Fortigate firewall HQ-FG1
  • Test the automatic user identification by generating user logon events
  • Monitor the SSO status and operation

9. Diagnostics

  • Executing Diagnostic commands
  • Troubleshooting issues using the sniffer

Who is it for

  • System installers
  • System integrators
  • System administrators
  • Network administrators
  • Solutions designers

Prerequisites

You should have the following knowledge and skills before attending this course:

  • Knowledge of Software-Defined Networking (SDN) concepts as applied to large-scale live network deployments
  • Strong understanding of enterprise WAN design
  • Strong understanding of routing protocol operation, including both interior and exterior routing protocol operation
  • Familiarity with Transport Layer Security (TLS) and IP Security (IPSec)

These recommended Cisco offerings that may help you meet these prerequisites:

  • Implementing and Administering Cisco Solutions (CCNA®)
  • Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)