FortiGate Security Instructor Guide

for FortiOS 5.6.2

Fortinet Training
http://www.fortinet.com/training

Fortinet Document Library
http://docs.fortinet.com

Fortinet Knowledge Base
http://kb.fortinet.com

Fortinet Forums
https://forum.fortinet.com

Fortinet Support
https://support.fortinet.com 

FortiGuard Labs
http://www.fortiguard.com

Fortinet Network Security Expert Program (NSE)

https://www.fortinet.com/support-and-training/training/network-security-expert-program.html

Feedback
Email: [email protected]

2/13/2018
TABLE OF CONTENTS

Product Version 4
What’s New 5
General Changes 5
Hatsize Environment Changes 5
Changes in Labs 6
Changes in Lessons 6
Materials and System Requirements 9
Lab Setup 10
Prerequisite Configuration Objects 10
Class Size 10
Time to Complete 11
Product Version

This training covers FortiOS 5.6.2.

The FortiGate Security course is the first installment of the two-part NSE 4 curriculum. This course is delievered
in three different formats:

l Instructor-led classroom
l Instructor-led online
l Self-paced online
This course includes a facilitated lab. This course may be delivered as part of a custom, private training
engagement.

See the course descriptions for the lessons, as well as the course goals and objectives.

4 FortiGate Security 5.6.2 Instructor Guide

Fortinet Technologies Inc.
What’s New

This section highlights some of the key changes in this update of the FortiGate Security course.

General Changes

l This course, formerly known as FortiGate I, has been renamed FortiGate Security.
l This course is now a three-day course comprising 13 lessons. For more details about the lessons in this course, see
the course description.
l The course objectives are now listed at the beginning of each section (within a lesson), instead of at the beginning
of each lesson. Section-level objectives, are easier for students to consume and remember than lesson-level
objectives.
l Knowledge checks have been added to the end of each section to: :
l Ensure that students understand the material in that section before moving on to the next section.
l Increase interaction and student participation.
l Best practices and troubleshooting information are now included in most lessons.
l GUI buttons, menus, and options are now shown in bold.
l The former Student Guide has been split into two guides:
l Lab Guide (containing labs only).
l Study Guide (containing slides and notes).
These two guides come bundled together when they are ordered through Gilmore.

l Some lesson names have changed.

l The material in this course has been modified and enhanced to be more learner-centered and performance-based.

Hatsize Environment Changes

l The Certificate Operations lesson is now part of the FortiGate Security course, and the deep-inspection certificate
is installed during the Certificate Operations lab. If teaching NSE 4 as a custom course, be aware that), the
Certification Operation lesson should be taught before any labs that require SSL inspection (for example, Web
Filter, Antivirus, Application Control, IPS, and so on).
l The main Resources folder for the lab environment desktop has a new folder new structure. This main folder now
contains FortiGate Security and FortiGate Infrastructure sub-folders (to align with the new NSE 4 course
names). Each course folder contains a sub-folder for each lesson. The lesson folders contain the initial
configuration file for each lab, and any additional files needed to complete the lab. The lesson folders also include a
Solutions folder, which contains the backup of the final configuration for that lab.

FortiGate Security 5.6.2 Instructor Guide 5

Fortinet Technologies Inc.
Changes in Labs What’s New

Changes in Labs

l The Firebox browser on both the Local-Windows and Remote-Windows VMs include bookmarks on the bookmark
toolbar for the Local-FortiGate and Remote-FortiGate GUIs. As such, students do not have to type in the IPs for the
GUI every time they are asked to log in to a FortiGate GUI.

l Where applicable, the labs contain expert challenges for students who feel confident performing the task without
step-by-step guidance. However, the step-by-step instructions are provided immediately following the expert
challenge, if the students require assistance or want to verify their work.

Changes in Lessons

This section provides details about the new features and content added to the lessons.

6 FortiGate Security 5.6.2 Instructor Guide

Fortinet Technologies Inc.
 What’s New Changes in Lessons

Lesson 1—Introduction
l Added information about Fortinet Security Fabric

Lesson 2—Firewall Policies

l Add information about how firewall policy destination can use Internet Services

Lesson 3—Network Address Translation (NAT)

Added information about the following topics:

l Central SNAT support of source and destination as matching criteria

l Using diagnose commands to monitor NAT sessions
l Using VIP filters for central NAT

Lesson 5—Logging
Added information about the following topics:

l The effects of logging on performance

l FortiGate disk allocation–reserved space
l FortiGate behavior when the disk is full
l Hiding user names in logs
l Remote logging to FortiSIEM

Lesson 6—Certificate Operations

Made the following changes and additions:

l Reduced the amount of general theory

l Increased the amount of information focused on how and why certificates are used by FortiGate
l Added information about full SSL inspection on inbound traffic

Lesson 7—Web Filtering

Added information about the following topics:

l FortiGate inspection modes

l New NGFW modes in flow-based inspection mode
l The Botnet Command and Control Database is now part of DNS security profile
l Requires FortiGuard antivirus license
l Requires FortiGuard web filter license for DNS filtering

Lesson 8—Application Control

Added information about the following topics:

FortiGate Security 5.6.2 Instructor Guide 7

Fortinet Technologies Inc.
 Changes in Lessons What’s New

l Application control is now a free service

l Application control profile availability in only in the following modes:
l Flow-based with NGFW mode set to profile-based inspection mode
l Proxy-based inspection mode
l The ability to configure application control directly on the firewall policy when flow-based with NGFW mode is set to
policy-based inspection mode

Lesson 9—Antivirus
l Added information about hardware acceleration for antivirus scanning

Lesson 10—Intrusion Prevention and Denial of Service

l Added information about hardware acceleration for IPS scanning

Lesson 11—SSL-VPN
Added information abou the following topics:

l SSL-VPN timers
l Troubleshooting commands
l Hardware acceleration for SSL-VPN

Lesson 12 - Dialup IPsec VPN

Added information about how to deploy a dialup VPN:

l Between two FortiGate devices

l For FortiClient

8 FortiGate Security 5.6.2 Instructor Guide

Fortinet Technologies Inc.
Materials and System Requirements

This course has both on-location (classroom) and online versions.

When delivering the on-location version, you will probably be teaching most or all of the lessons. (Each lesson is
subject-specific.)

If you teach the online version of this class, you may be teaching one or all of the lessons. To access online
content, students must have a computer with:

l A high-speed Internet connection

l An up-to-date web browser that supports HTML 5
l A PDF viewer
l Speakers or headphones
l A Java runtime environment (JRE) (optional)

Due to potential packet loss, the use of Wi-Fi is not recommended.Firewalls (including
FortiClient and Windows Firewall) must allow connections with the virtual lab.

Students must be able to reach both the virtual lab hosted by Microtek/Hatsize (connectivity details are in the
Student Guide) and the NSE Institute. (https://training.fortinet.com/).

From the NSE Institute, students can download a copy of the Study Guide and Lab Guide for NSE4 exam
preparation. They may also be able to view a video of the presentation.

Prior to teaching this lesson, gather the materials listed in this table.

Item Amount

Instructor Guide
1 per class
(this document)

Presentation slides 1 per lesson

Virtual lab environment 1 per student

Study Guide*

(presentation and presentation notes)

1 per student
Provide a guide to each student regardless of whether it’s in-classroom or online
instructor-led training.

FortiGate Security 5.6.2 Instructor Guide 9

Fortinet Technologies Inc.
 Lab Setup Materials and System Requirements

Item Amount

Lab Guide*
(lab instructions)

Provide a guide to each student regardless of whether it’s in-classroom or online

instructor-led training. 1 per student

For self-paced training, provide the guide only if the student has purchased the virtual lab
environment, which is an additional charge. Virtualized lab sessions will be instructor-
facilitated.
* The Study Guide and Lab Guide are ordered as a bundle (kit) from Gilmore.

Lab Setup

FortiGate VMs in the virtual lab are running FortiGate 5.6.2.

The lab topology is described in the Virtual-Lab-Setup-Guide-FGT-5.6, and the Lab Guide.

Prerequisite Configuration Objects

If a specific configuration is required on any of the VMs prior to starting a specific lab, the lab will include a
Prerequisites section. This section explains which configuration file to upload to which VM.
In addition, each lab includes a solution configuration file. This file includes the completed configuration for any
given lab. This is useful if the student does not have enough time to finish the lab, or they are experiencing
difficultly.

All resources are available on the Local-Windows desktop in the Resources folder.

Class Size

The recommended class size for this course is 12 participants; however, smaller or larger class sizes numbers are
permitted.

10 FortiGate Security 5.6.2 Instructor Guide

Fortinet Technologies Inc.
Time to Complete

Schedules may vary by region and customer, but, assuming a 9am to 5pm day with one hour for breaks, there is a
seven-hour study day. There are 13 lessons to deliver in this three-day course.

Try to avoid lectures longer than 30 minutes. Break lessons into two segments, if necessary.

Lesson Estimated Time

Lecture: 50 minutes

Lesson 1: Introduction to FortiGate and the Security Fabric Lab (if purchased): 25 minutes

Total: 75 minutes

Lecture: 40 minutes

Lesson 2: Firewall Policies Lab (if purchased): 55 minutes

Total: 95 minutes

Lecture: 50 minutes

Lesson 3: Network Address Translation (NAT) Lab (if purchased): 50 minutes

Total: 100 minutes

Lecture: 50 minutes

Lesson 4: Firewall Authentication Lab (if purchased): 20 minutes

Total: 70 minutes

Lecture: 50 minutes

Lesson 5: Logging and Monitoring Lab (if purchased): 35 minutes

Total: 85 minutes

Lecture: 40 minutes

Lesson 6: Certificate Operations Lab (if purchased): 40 minutes

Total: 80 minutes

Lecture: 50 minutes

Lesson 7: Web Filtering Lab (if purchased): 25 minutes

Total: 75 minutes

FortiGate Security 5.6.2 Instructor Guide 11

Fortinet Technologies Inc.
 Time to Complete

Lesson Estimated Time

Lecture: 40 minutes

Lesson 8: Application Control Lab (if purchased): 35 minutes

Total: 75 minutes

Lecture: 45 minutes

Lesson 9: Antivirus Lab (if purchased): 20 minutes

Total: 65 minutes

Lecture: 45 minutes

Lesson 10: Intrusion Prevention and Denial of Service Lab (if purchased): 40 minutes

Total: 85 minutes

Lecture: 50 minutes

Lesson 11: SSL-VPN Lab (if purchased): 25 minutes

Total: 75 minutes

Lecture: 40 minutes

Lesson 12: Dialup IPsec VPN Lab (if purchased): 45 minutes

Total: 85 minutes

Lecture: 30 minutes

Lesson 13: Data Leak Prevention (DLP) Lab (if purchased): 30 minutes

Total: 60 minutes

Total: Approximately 17 hours and 5

Total
minutes

12 FortiGate Security 5.6.2 Instructor Guide

Fortinet Technologies Inc.
No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.