Fortinet Lab Technology

Fortinet Lab Topology

Fortigate Security

1. Introduction and Initial Configuration
Administrative methods - CLI (console, SSH or GUI widget) or GUI
Configure Mgmt Interface
Define operation mode - Routed/Transparent
Administrative users & profiles
Feature Visibility
Interface configuration
2. Firewall Policies
Configure firewall objects and policies
Configure source match options available firewall policies
Apply firewall policy logging options
Use policy lookup to find matching policy
3. Network Address Translation (NAT)
Configure policy with source NAT - SNAT
Configure policy with destination NAT - DNAT4
4. Firewall Authentication
Configure an LDAP Server on HQ-FG1 firewall for remote authentication
Configure captive portal so users connecting to the network are forced to authenticate
5. Logging and Monitoring
Configuring Logging on DC-FG1 and DC-FG2
Monitoring logs via GUI
6. Web Filtering
Configure web filtering on HQ-FG1
Enable catergory based filter and apply to a Firewall policy
7. Application Control
Creating an application control profile on HQ-FG1
Configure and monitor traffic shaping for application control
8. Intrusion Prevention and Denial of Service
Configure IPS Sensor and apply IPS inspection on HQ-FG1 firewall
Blocking known exploits on HQ-FG1 firewall
9. Dialup IPsec VPN
Deploy a dialup VPN for Forticlient
Verify VPN connectivity from PC3 to HQ-FG1

Fortigate Infrastructure

1. Routing
Configure dynamic routing protocol (OSPF) for IPv4 traffic on DC-FG1 firewall
Configure BGP between Firewall DC-FG1 and router R3
Configure redistribution of OSPF routes into BGP on DC-FG1
2. Virtual Domains
Configure split-task VDOM mode on Branch firewall BR1-FG1 and assign interfacesgn interfaces
Configure separate security outbound policy on traffic VDOM
3. FortiManager & FortiAnalyzer
Create HeadQuarter and Branch ADOMS on Fortimanager and assign HQ-FG1 and BR2-FG1 to the respective ADOM
Configuring BR2-FG1 and HQ-FG1 firewalls from Fortimanager
Configuring FortiAnalyzer as log collector for Branch and HQ Firewalls for analytics
4. High Availability (HA)
Configure High availability between two firewalls DC-FG1 and DC-FG2 in Active-Passive mode
Manual failover of the firewalls to verify High Availability
Configure High availability between two firewalls DC-FG1 and DC-FG2 in Active-Active mode
5. Web Proxy
Configure HQ-FG1 firewall to act as an explicit web proxy
Use a PAC file to configure explicit proxy settings in user machine web browsers
6. Site-to-Site IPsec VPN
Configure IPSec VPN between Branch office BR1-FG1 and HeadQuarter HQ-FG1 using Pre-Shared Key authentication
Configure IPSec VPN between Branch office BR2-FG1 and HeadQuarter HQ-FG1 via Fortimanager using Pre-Shared Key authentication
7. Software-Defined WAN (SD-WAN)
Configure SD-WAN between HQ-FG1 and BR1-FG1 to load balance traffic over Internet and MPLS link based on lowest latency
Configure SD-WAN between HQ-FG1 and BR2-FG1 to load balance traffic over Internet and MPLS link based on lowest latency via FortiManager
8. Fortinet Single Sign-On (FSSO)
Configure SSO on Fortigate firewall HQ-FG1
Test the automatic user identification by generating user logon events
Monitor the SSO status and operation
9. Diagnostics
Executing Diagnostic commands
Troubleshooting issues using the sniffer