FortiGate II – Multi Threat Security Systems

FortiGate II - Multi Threat Security Systems Training | Insoft Services
FortiGate II – Multi Threat Security Systems
  • FortiGate II – Multi Threat Security Systems

    3 Dages kursus
    Network Security
    1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 3.83 out of 5)
    Loading...

    Reviews

    Course Details

    Overview

    In this 3-day class, you will learn advanced FortiGate networking and security. Topics include features commonly in complex or larger enterprise/MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, advanced IPsec VPN, IPS, SSO, data leak prevention, diagnostics, and fine-tuning performance.

     

    Associated Certification:

    Objectives

    After completing FortiGate II course, you will be able to:

    • Deploy FortiGate devices as an HA cluster for fault-tolerance & high performance
    • Inspect traffic transparently, forwarding as a Layer 2 device
    • Manage FortiGate device’s route table
    • Route packets using policy-based and static routes for multi-path and load-balance deployments
    • Connect virtual domains (VDOMs) without packets leaving FortiGate
    • Implement a meshed / partially redundant VPN
    • Diagnose failed IKE exchanges
    • Fight hacking & denial of service (DoS)
    • Diagnose IPS engine performance issues
    • Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory
    • Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
    • Understand encryption functions and certificates
    • Defend against data leaks by identifying files with sensitive data, and blocking them from leaving your private network
    • Diagnose and correct common problems
    • Optimize performance by configuring to leverage ASIC acceleration chips, such as CP or NPs, instead of only the CPU resources
    • Implement IPv6 and hybrid IPv4-IPv6 networks

    Outline

    1. Routing

    • Routing table elements
    • How FortiGate matches each packet with a route
    • Static routes, policy routes, and dynamic routing
    • Equal cost multi-path (ECMP)
    • Link health monitor
    • Loose and strict reverse path forwarding (RPF)
    • Link aggregation
    • Loopback interfaces and black hole routes
    • WAN link load balancing
    • How to diagnose broken routes
    • Lab – Router Configuration & Troubleshooting

    2. Virtual Domains

    • VLANs and VLAN tagging
    • Virtual Domains (VDOMs)
    • Global and per-VDOM resources
    • Per-VDOM administrative accounts
    • Inter-VDOM Links
    • Monitoring per-VDOM resources
    • VDOM topologies
    • Lab – Virtual Domains

    3. Transparent Mode

    • Transparent mode vs. NAT mode
    • Transparent bridging
    • Forwarding domains
    • Port pairing
    • STP configuration
    • Monitoring the MAC address table
    • Lab – Transparent Mode VDOMs

    4. High Availability

    • Active-passive vs. active-active mode
    • How and HA cluster elects the primary
    • Active-active traffic balancing
    • HA failover
    • Configuration synchronization
    • Session synchronization
    • Virtual clustering
    • FortiGate session life support protocol (FGCP)
    • Checking the status of a HA cluster
    • Lab – High Availability

    5. Advanced IPSec VPN

    • Main vs. aggressive mode negotiations
    • Extended authentication (Xauth)
    • Static vs. dynamic peers
    • Benefits and cost of VPN technologies
    • Dialup VPN configuration
    • Redundant VPNs
    • Troubleshooting
    • Lab – Advanced IPSec VPN

    6. Intrusion Prevention System (IPS)

    • Attacks vs. anomalies
    • Protocol Decoders
    • FortiGuard IPS Signatures and engines
    • CVSS & FortiGuard severity levels
    • Custom signature syntax
    • Denial of Service (DoS) attacks
    • One-arm deployment
    • IPS logs
    • Diagnostic commands
    • Expected IPS engine CPU usage
    • Lab – Intrusion Prevention System

    7. Fortinet Single Sign-On (FSSO)

    • DC agent mode vs. polling modes
    • NTLM authentication
    • Microsoft Active Directory access modes
    • Collector agent configuration
    • FortiGate FSSO configuration
    • Monitoring FSSO
    • Lab – Fortinet Single Sign On

    8. Certificate Operations

    • Securing traffic
    • Symmetric cryptography
    • Asymmetric cryptography
    • Digital Certificates
    • Certificate-based user authentication
    • SSL handshake
    • Generating and signing certificates
    • Importing certificates
    • Managing certificate revocation list
    • SSL content inspection
    • Certificate warnings
    • Installing the proxy certificate as a root authority
    • Configuration
    • Inline SSL decoding
    • Lab – Certificate Operations

    9. Data Leak Prevention (DLP)

    • Why use DLP ?
    • Files vs. messages
    • Sensors and filters
    • Document fingerprinting
    • Summary vs. full content archiving
    • Lab – Data Leak Prevention

    10. Diagnostics

    • Why do you need to know precisely what is normal ?
    • Network diagrams
    • Monitoring network usage & system resource usage
    • Physical layer troubleshooting
    • Network layer troubleshooting
    • Transport layer troubleshooting
    • Resources issues
    • Hardware testing
    • How to load firmware into RAM only, not disk

    11. Hardware Acceleration

    • How to find which chip(s) your FortiGate model has
    • Network Processor (NP) architecture
    • Offloading from CPU to NP
    • Session requirements for NP offloading
    • NP features
    • Security Processor (SP) features
    • Content Processor (CP) features
    • Integrated Processor, also called “system on a chip” (SoC)
    • How to determine if your system is taking advantage of offloading

    12. IPv6

    • Identify IPv6 fundamentals
    • Identify FortiOS IPv6 features
    • Differentiate between different transition technologies
    • Enable IPv6 on GUI and configure an IPv6 interface
    • Configure the FortiGate to announce an IPv6 prefix
    • Compare SLAAC and DHCPv6
    • Create a NAT64 policy
    • Create an 6in4 tunnel using IPSec
    • Identify new and revised diagnostic commands
    • Lab: IPv6 Transition Technologies

    Target Audience

    Networking and security professionals involved in the design, implementation, and administration of a security infrastructure using FortiGate appliances.

    This course assumes knowledge of basic yet FortiGate-specific fundamentals. As a result, if you know about firewalls, but are new to Fortinet, we do not recommend that you skip FortiGate I.

    Pre-Requisites

    • Knowledge of OSI layers
    • Good knowledge of firewalling concepts in an IPv4 network
    • Familiarity with all topics presented in the prerequisite FortiGate I course

    Kommende datoer

     Nov 29 to Dec 1, 2017
    Copenhagen
     Feb 14 to Feb 16, 2018
    Copenhagen
     May 16 to May 18, 2018
    Copenhagen
     Aug 22 to Aug 24, 2018
    Copenhagen
     Nov 21 to Nov 23, 2018
    Copenhagen