FortiGate 2 – Multi Threat Security Systems

FortiGate 2 Training in UK - Multi Threat Security Systems
FortiGate 2 – Multi Threat Security Systems
  • FortiGate 2 – Multi Threat Security Systems

    1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.50 out of 5)
    Loading...

    3 Days Course

    Fortinet Technical Training

    Upcoming Dates

     Jun 7 to Jun 9, 2017
    New York

    Course Details

    FortiGate 2 – Multi Threat Security Systems

    In this 3-day class, you will learn advanced FortiGate networking and security. Topics include features commonly in complex or larger enterprise/MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, advanced IPsec VPN, IPS, SSO, data leak prevention, diagnostics, and fine-tuning performance.

    Associated Certification:

    This is part of the courses that prepare you for the NSE 4 certification exam.

    Course Price:
    • The course fee is 1800 GBP excluding VAT.

    After completing FortiGate 2 course, you will be able to:

    • Deploy FortiGate devices as an HA cluster for fault-tolerance & high performance
    • Inspect traffic transparently, forwarding as a Layer 2 device
    • Manage FortiGate device’s route table
    • Route packets using policy-based and static routes for multi-path and load-balance deployments
    • Connect virtual domains (VDOMs) without packets leaving FortiGate
    • Implement a meshed / partially redundant VPN
    • Diagnose failed IKE exchanges
    • Fight hacking & denial of service (DoS)
    • Diagnose IPS engine performance issues
    • Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory
    • Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
    • Understand encryption functions and certificates
    • Defend against data leaks by identifying files with sensitive data, and blocking them from leaving your private network
    • Diagnose and correct common problems
    • Optimize performance by configuring to leverage ASIC acceleration chips, such as CP or NPs, instead of only the CPU resources
    • Implement IPv6 and hybrid IPv4-IPv6 networks

    1. Routing

    • Routing table elements
    • How FortiGate matches each packet with a route
    • Static routes, policy routes, and dynamic routing
    • Equal cost multi-path (ECMP)
    • Link health monitor
    • Loose and strict reverse path forwarding (RPF)
    • Link aggregation
    • Loopback interfaces and black hole routes
    • WAN link load balancing
    • How to diagnose broken routes
    • Lab – Router Configuration & Troubleshooting

    2. Virtual Domains

    • VLANs and VLAN tagging
    • Virtual Domains (VDOMs)
    • Global and per-VDOM resources
    • Per-VDOM administrative accounts
    • Inter-VDOM Links
    • Monitoring per-VDOM resources
    • VDOM topologies
    • Lab – Virtual Domains

    3. Transparent Mode

    • Transparent mode vs. NAT mode
    • Transparent bridging
    • Forwarding domains
    • Port pairing
    • STP configuration
    • Monitoring the MAC address table
    • Lab – Transparent Mode VDOMs

    4. High Availability

    • Active-passive vs. active-active mode
    • How and HA cluster elects the primary
    • Active-active traffic balancing
    • HA failover
    • Configuration synchronization
    • Session synchronization
    • Virtual clustering
    • FortiGate session life support protocol (FGCP)
    • Checking the status of a HA cluster
    • Lab – High Availability

    5. Advanced IPSec VPN

    • Main vs. aggressive mode negotiations
    • Extended authentication (Xauth)
    • Static vs. dynamic peers
    • Benefits and cost of VPN technologies
    • Dialup VPN configuration
    • Redundant VPNs
    • Troubleshooting
    • Lab – Advanced IPSec VPN

    6. Intrusion Prevention System (IPS)

    • Attacks vs. anomalies
    • Protocol Decoders
    • FortiGuard IPS Signatures and engines
    • CVSS & FortiGuard severity levels
    • Custom signature syntax
    • Denial of Service (DoS) attacks
    • One-arm deployment
    • IPS logs
    • Diagnostic commands
    • Expected IPS engine CPU usage
    • Lab – Intrusion Prevention System

    7. Fortinet Single Sign-On (FSSO)

    • DC agent mode vs. polling modes
    • NTLM authentication
    • Microsoft Active Directory access modes
    • Collector agent configuration
    • FortiGate FSSO configuration
    • Monitoring FSSO
    • Lab – Fortinet Single Sign On

    8. Certificate Operations

    • Securing traffic
    • Symmetric cryptography
    • Asymmetric cryptography
    • Digital Certificates
    • Certificate-based user authentication
    • SSL handshake
    • Generating and signing certificates
    • Importing certificates
    • Managing certificate revocation list
    • SSL content inspection
    • Certificate warnings
    • Installing the proxy certificate as a root authority
    • Configuration
    • Inline SSL decoding
    • Lab – Certificate Operations

    9. Data Leak Prevention (DLP)

    • Why use DLP ?
    • Files vs. messages
    • Sensors and filters
    • Document fingerprinting
    • Summary vs. full content archiving
    • Lab – Data Leak Prevention

    10. Diagnostics

    • Why do you need to know precisely what is normal ?
    • Network diagrams
    • Monitoring network usage & system resource usage
    • Physical layer troubleshooting
    • Network layer troubleshooting
    • Transport layer troubleshooting
    • Resources issues
    • Hardware testing
    • How to load firmware into RAM only, not disk

    11. Hardware Acceleration

    • How to find which chip(s) your FortiGate model has
    • Network Processor (NP) architecture
    • Offloading from CPU to NP
    • Session requirements for NP offloading
    • NP features
    • Security Processor (SP) features
    • Content Processor (CP) features
    • Integrated Processor, also called “system on a chip” (SoC)
    • How to determine if your system is taking advantage of offloading

    12. IPv6

    • Identify IPv6 fundamentals
    • Identify FortiOS IPv6 features
    • Differentiate between different transition technologies
    • Enable IPv6 on GUI and configure an IPv6 interface
    • Configure the FortiGate to announce an IPv6 prefix
    • Compare SLAAC and DHCPv6
    • Create a NAT64 policy
    • Create an 6in4 tunnel using IPSec
    • Identify new and revised diagnostic commands
    • Lab: IPv6 Transition Technologies

    Networking and security professionals involved in the design, implementation, and administration of a security infrastructure using FortiGate appliances.

    This course assumes knowledge of basic yet FortiGate-specific fundamentals. As a result, if you know about firewalls, but are new to Fortinet, we do not recommend that you skip FortiGate 1.

    • Knowledge of OSI layers
    • Good knowledge of firewalling concepts in an IPv4 network
    • Familiarity with all topics presented in the prerequisite FortiGate 1 course