This is a 3-day training, participants will gain a comprehensive understanding of the advanced networking and security functions of FortiGate appliances. With a focus on core feature skills, specific topics include routing, virtual domains, transparent mode, high availability, advanced IPSec VPN, intrusion prevention system, single sign on, certificate operations, data leak prevention, diagnostics and resource utilization. At the end of this course, students complete an interactive in-lab assessment of skills learned. Designed to demonstrate advanced use of FortiGate appliance features, this training is a continuation of the FortiGate Multi-Threat Security System I Course.
Audience: This course is intended for networking professionals involved in the design and implementation of a security infrastructure using FortiGate Unified Threat Management appliances. This advanced-level course is a continuation of the topics discussed in FortiGate Multi-Threat Security System I – Administration, Content Inspection and SSL VPN (Course 201). Content in the 301 course is geared to professionals with a sound knowledge of the concepts involved in the operation of a FortiGate device. It is assumed that students are familiar with the topics presented in the 201 course.
Course Detail: Module 11: Routing. This module introduces students to the logic used behind FortiGate device routing decisions. Students will learn how to read routing table entries, perform routing diagnostics and create routes on a FortiGate device. Module 12: Virtual Networking. This module introduces the concept of working with virtual network resources including VLANs, virtual domains and link aggregation. Module 13: Transparent Mode. This module familiarizes students with operating a FortiGate appliance in transparent mode and discusses aspects to consider in this type of deployment. Module 14: High Availability. This module discusses the functionality of a FortiGate unit operating in HA mode. Module 15: Advanced IPSec VPN. This module covers the advanced methods of VPN deployment (hub and spoke, star, full and partial meshed configurations), PPTP and in depth troubleshooting diagnostics. Module 16: Intrusion Prevention System. This module provides a detailed look at the configuration and operating behavior of the FortiGate appliance’s intrusion prevention system. Module 17: Fortinet Single Sign On (FSSO). In this module, Fortinet Single Sign On communications are explained and students will learn how to configure FSSO to link domain log in credentials to firewall policies in order to restrict access. Module 18: Certificate-Based Operations. This module builds the groundwork for all SSL based inspection that a FortiGate appliance is capable of performing.
Course Detail 1: Module 19: Data Leak Prevention. This module will introduce students to working with the data leak prevention (DLP) feature including configuration, methodology, diagnostics, and debugging. Module 20: Diagnostics. This module describes various basic troubleshooting commands that can be used to diagnose the most common technical issues. It explains how to interpret the output of the debug flow diagnostics, FortiGate session table, as well as CPU and memory diagnostic commands. Module 21: Putting It All Together. In this module, students will be given an opportunity to put their skills to the test. This multi-part interactive lab assesses the student’s ability to work with multiple FortiGate features at once to fulfill a set of customer needs and requirements.
Prerequisites: Previous experience working with FortiGate appliances. Solid knowledge of the web management interface and the FortiGate unit Command Line Interface (CLI). Knowledge of IPSec, VPNs and intrusion detection concepts. Successful completion of the FortiGate Multi-Threat Security System I course is highly recommended.