Course objectives

The objective of the course is to provide the necessary knowledge to be able to integrate Fortinet security solutions into companies' perimeter networks.

Course duration

2 days

Audience profile

Administrators and security consultants.

Previous requirements

Participants are required to have completed the FTT-121 course as well as detailed knowledge of TCP/IP and communications. They must also be familiar with IPSec / SSL VPN concepts and dynamic routing protocols.

Course content

Virtual Networking

Virtual Local Area Networks

VLANs in the FortiGate environment

Activation, Creation and Configuration of Virtual Domains

Virtual Domain Management (VDOM)

VLANs in Virtual Domains subinterfaces

Routing and fw policies in VDOM

Inter-VDOM links

VDOM architectures and topologies

Diagnosis

Diagnostic Commands

NIC Hardware

Traffic Trace

Session Table

Flow Tracing

Packet Sniffer

Knowledge Center

Transparent Mode

Operation Modes NAT/Route Mode

Transparent Mode / Bridge Mode

Frame Ethernet

VLAN Tags

Broadcast Domain

Spanning Tree Protocol

Channel Aggregation

Multicast

Multiple VLANs

Advanced Firewall Policies

Routing

NAT/Route Operation Mode

Static Routes

Route Policy

Dynamic Routes

OSPF and BGP

Traffic Optimization

Network and Application Performance

WAN optimization techniques in FortiGate

Protocol Optimization

Transparent Proxy

WCCP – Web Cache Control Protocol

Quality of service

Traffic Policies

WAN Optimization with FortiClient

Threat Management

Content scanning techniques

Proxies

IPS

IDS

av

File Filter Protection Profile Configuration

Web Filtering

URL filtering

AntiSpam

Data Leak Prevention

NAC (Network Access Control) Quarantine

Application Control

Content inspection

SSL SSL Proxy

Advanced Authentication

Firewall Authentication

SSL VPN authentication

IPSec authentication

Administrative Authentication

Identity-Based Policies

Authentication Management and Monitoring

LDAP Authentication Certificate Authentication

Local Certificate Backup

FSAE

Login to a Windows Domain

NTLM-based authentication

Virtual Private Networks

Advanced SSL VPN

Advanced IPSec VPN

• S.A., I.K.E.
• IPSec Phases 1 and 2
• Site-to-Site and Client-to-Site
• VPN in Tunnel Mode
• VPN in Interface Mode
• Route-based VPN
• Policy-based VPN
• Internet Browsing
• Monitoring
• Debugging

High availability

Clusters

Primary Unit

Subordinate Unit

Members of a Cluster

FortiGate Clustering Protocol

Virtual Addressing

HeartBeat FGCP

HeartBeat Interfaces

Team and session synchronization

HA Active-Active and Active-Passive Virtual Clustering

Additional notes