Scribd
Upload
168 views121 pages

NSE4 Prep

Uploaded by

GROUP SOFT GROUP SOFT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
168 views121 pages

NSE4 Prep

Uploaded by

GROUP SOFT GROUP SOFT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 121

NETWORK SECURITY

Joël NGUINA
IT Engineer, NS8
FORTINET
CONTENT

01 INTRODUCTION ET CONFIGURATIONS INITIALES

02 FIREWALL POLICIES

03 NAT

04 METHODES D’AUTHETIFICATION

05 JOURNALISATION ET MONITORING

06 CERTIFICATE OPERATIONS
07 WEB FILTERING
08 APPLICATION CONTROL

09 ANTIVIRUS
10 IPS ET DOS

11 SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 2


FORTINET
I. INTRODUCTION ET CONF INITIALES

►FONCTIONNALITES
►SETUP DECISION
►ADMINISTRATION DE BASE
►MAINTENACE FONDAMENTAL

© Fortinet Inc. All Rights Reserved. 3


FORTINET
I. INTRODUCTION ET CONF INITIALES

Fortinet (Fortified Network), Multinationale


Américaine fondée par Ken et Michael XIE
Constructeurs des Appliances Fortigate

© Fortinet Inc. All Rights Reserved. 4


GAMME DE PRODUITS FORTIGATE
Les produits FortiGate sont principalement des pare-feu nouvelle génération (NGFW) qui offrent une
combinaison de sécurité réseau et de performance optimisée.
1. FortiGate Entry-level (petites entreprises et succursales) FortiGate 30E / 40F / 60F
2. FortiGate Mid-range (PME et entreprises de taille moyenne) FortiGate 100F / 200F / 400F
3. FortiGate High-end (grandes entreprises et datacenters) FortiGate 600F / 900G / 1800F
4. FortiGate Ultra High-end (grands datacenters, opérateurs et grandes entreprises)
FortiGate 3600E / 5000 series
5. FortiGate Rugged (environnements difficiles) FortiGate Rugged 30D / 60F
6. FortiGate Virtual Appliances (environnements virtualisés) FortiGate-VM
7. FortiGate Cloud Firewall (Firewall-as-a-Service) FortiGate Cloud
8. FortiGate Secure SD-WAN FortiGate SD-WAN

© Fortinet Inc. All Rights Reserved. 5


CHASSIS FORTIGATE
Les éléments d'une carte mère d'un pare-feu Fortinet FortiGate sont similaires à ceux d'autres appareils
réseau et de sécurité, mais sont optimisés pour offrir une performance réseau et des capacités de
sécurité avancées.
1. CPU (Central Processing Unit) :
2. NP (Network Processor)
3. CP (Content Processor)
4. RAM (Mémoire vive)
5. NVRAM (Non-Volatile RAM)
6. Stockage flash / SSD
7. Ports réseau
8. ASIC (Application-Specific Integrated Circuit)
9. Chipset de gestion
10. Connecteurs d'alimentation
© Fortinet Inc. All Rights Reserved. 6
DISPOSITIF DE SECURITE
1. FortiOS
2. SPU (Security Processing Unit)
 NP (Network Processor) , CP (Content Processor) , TPU (Threat Processing Unit)
3. Interfaces réseau
4. Modules d'extension
5. Disques de stockage
6. Fonctions de sécurité intégrées
 Firewall, IPS (Intrusion Prevention System),
 Antivirus, VPN (Virtual Private Network),
 Web Filtering , Application Control
7. FortiGuard Services
8. Console de gestion
9. Systèmes de rapport et d'analyse
10. Fonctions avancées
© Fortinet Inc. All Rights Reserved. 7
PRESENTATION DE L’EXAMEN FCP

© Fortinet Inc. All Rights Reserved. 8


DISPOSITIF DE SECURITE
•Exam series: FCP_FGT_AD-7.4
 Number of questions: 50
 Exam time: 90 minutes
 Language: English, Japanese, and French
 Product version: FortiOS 7.4.1
•Exam series: FCP_FMG_AD-7.4
 Number of questions: 35
 Exam time: 70 minutes
 Language: English, French, and Japanese
 Product version: FortiManager 7.4.1, FortiOS 7.4.1

© Fortinet Inc. All Rights Reserved. 9


FORTINET
II. CONFIGURATIONS INITIALES

© Fortinet Inc. All Rights Reserved. 10


FORTINET
II. CONFIGURATIONS INITIALES

© Fortinet Inc. All Rights Reserved. 11


FORTINET
II. CONFIGURATIONS INITIALES

© Fortinet Inc. All Rights Reserved. 12


ADMINISTRATION DE BASE
1. Modes d’administration
• CLI, GUI
2. Création d’un administrateur
3. Profil Admin
4. VDOMs
5. Procédure de bypass du mot de passe
6. Accès Adminitratif
7. Interfaces IP
8. VLAN
9. Route Statique
10. DHCP Server
1. DNS Server

© Fortinet Inc. All Rights Reserved. 13


ADMINISTRATION DE BASE : ADMIN USER

© Fortinet Inc. All Rights Reserved. 14


ADMINISTRATION DE BASE : LES PROFILS

© Fortinet Inc. All Rights Reserved. 15


ADMINISTRATION DE BASE : VDOMS

© Fortinet Inc. All Rights Reserved. 16


ADMINISTRATION DE BASE : VDOM, Création

© Fortinet Inc. All Rights Reserved. 17


ADMINISTRATION DE BASE : PWD recovery

© Fortinet Inc. All Rights Reserved. 18


ADMINISTRATION DE BASE : trusted sources

© Fortinet Inc. All Rights Reserved. 19


ADMINISTRATION DE BASE : Ports et MDP

© Fortinet Inc. All Rights Reserved. 20


ADMINISTRATION DE BASE : Protocols

© Fortinet Inc. All Rights Reserved. 21


ADMINISTRATION DE BASE : IP Interfaces

© Fortinet Inc. All Rights Reserved. 22


ADMINISTRATION DE BASE : Interface Role Vs Alias

© Fortinet Inc. All Rights Reserved. 23


ADMINISTRATION DE BASE : VLAN

© Fortinet Inc. All Rights Reserved. 24


ADMINISTRATION DE BASE : Route par Defaut

© Fortinet Inc. All Rights Reserved. 25


ADMINISTRATION DE BASE : Serveur DHCP

© Fortinet Inc. All Rights Reserved. 26


ADMINISTRATION DE BASE : Serveur DNS

© Fortinet Inc. All Rights Reserved. 27


MAINTENANCE FONDAMENTAL : Sauvegarde et restauration

© Fortinet Inc. All Rights Reserved. 28


MAINTENANCE DE BASE: format du fichier de conf

© Fortinet Inc. All Rights Reserved. 29


MAINTENANCE FONDAMENTAL : Sauvegarde et restauration YAML

© Fortinet Inc. All Rights Reserved. 30


MAINTENANCE FONDAMENTAL : mise à niveau

© Fortinet Inc. All Rights Reserved. 31


FORTINET
II. FIREWAL POLICIES

►POLITIQUE DE SECURITE DE FGT


►CONFIGURATION DE LA POLITIQUE DE SECURITE
►GESTION DES POLITIQUES DE SECURITE
►BONNES PRATIQUES ET DEPANNAGE

© Fortinet Inc. All Rights Reserved. 32


POLITIQUES DE SECURITE : Définition

© Fortinet Inc. All Rights Reserved. 33


POLITIQUES DE SECURITE : Composants et type de Police

© Fortinet Inc. All Rights Reserved. 34


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 35


POLITIQUES DE SECURITE : interfaces et zones

© Fortinet Inc. All Rights Reserved. 36


POLITIQUES DE SECURITE : assigner plusieurs Interfaces

© Fortinet Inc. All Rights Reserved. 37


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 38


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 39


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 40


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 41


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 42


POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 43


CONFIGURATION DES POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 44


CONFIGURATION DES POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 45


CONFIGURATION DES POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 46


CONFIGURATION DES POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 47


CONFIGURATION DES POLITIQUES DE SECURITE

© Fortinet Inc. All Rights Reserved. 48


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 49


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 50


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 51


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 52


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 53


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 54


MANAGEMENT DES POLITIQUES

© Fortinet Inc. All Rights Reserved. 55


BEST PRACTISES

© Fortinet Inc. All Rights Reserved. 56


BEST PRACTISES

© Fortinet Inc. All Rights Reserved. 57


BEST PRACTISES

© Fortinet Inc. All Rights Reserved. 58


BEST PRACTISES

© Fortinet Inc. All Rights Reserved. 59


BEST PRACTISES

© Fortinet Inc. All Rights Reserved. 60


NAT INTRO

© Fortinet Inc. All Rights Reserved. 61


NAT INTRO

© Fortinet Inc. All Rights Reserved. 62


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 63


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 64


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 65


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 66


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 67


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 68


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 69


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 70


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 71


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 72


NFW POLICY AT

© Fortinet Inc. All Rights Reserved. 73


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 74


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 75


FW POLICY NAT

© Fortinet Inc. All Rights Reserved. 76


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 77


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 78


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 79


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 80


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 81


CENTRAL NAT

© Fortinet Inc. All Rights Reserved. 82


MONITOR NAT

© Fortinet Inc. All Rights Reserved. 83


MONITOR NAT

© Fortinet Inc. All Rights Reserved. 84


MONITOR NAT

© Fortinet Inc. All Rights Reserved. 85


AUTHENTIFICATION : FW AUTH

© Fortinet Inc. All Rights Reserved. 86


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 87


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 88


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 89


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 90


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 91


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 92


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 93


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 94


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 95


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 96


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 97


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 98


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 99


AUTHENTIFICATION

© Fortinet Inc. All Rights Reserved. 100


USER GROUPS

© Fortinet Inc. All Rights Reserved. 101


USER GROUPS

© Fortinet Inc. All Rights Reserved. 102


USER GROUPS

© Fortinet Inc. All Rights Reserved. 103


USER GROUPS

© Fortinet Inc. All Rights Reserved. 104


USER GROUPS

© Fortinet Inc. All Rights Reserved. 105


USER GROUPS

© Fortinet Inc. All Rights Reserved. 106


USER GROUPS

© Fortinet Inc. All Rights Reserved. 107


USER GROUPS

© Fortinet Inc. All Rights Reserved. 108


USER GROUPS

© Fortinet Inc. All Rights Reserved. 109


SDWAN

© Fortinet Inc. All Rights Reserved. 110


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 111


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 112


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 113


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 114


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 115


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 116


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 117


SECURITY FABRIC

© Fortinet Inc. All Rights Reserved. 118


SECURITY FABRIC
VPN IPsec
La technologie de réseau privé virtuel (VPN) permet aux utilisateurs distants de se connecter à des réseaux informatiques privés
pour accéder à leurs ressources de manière sécurisée. Par exemple, un employé en déplacement ou travaillant à domicile peut
utiliser un VPN pour accéder en toute sécurité au réseau du bureau via Internet.
Au lieu de se connecter à distance à un réseau privé à l'aide d'une connexion Internet non cryptée et non sécurisée, l'utilisation
d'un VPN garantit que les parties non autorisées ne peuvent pas accéder au réseau du bureau et ne peuvent pas intercepter les
informations circulant entre l'employé et le bureau. Une autre utilisation courante d'un VPN consiste à connecter les réseaux
privés de plusieurs bureaux.
Le VPN IPsec utilise le protocole Internet Protocol Security (IPsec) pour créer des tunnels cryptés sur Internet. Le protocole IPsec
fonctionne au niveau de la couche réseau du modèle de système d'exploitation et s'exécute sur le protocole IP, qui achemine les
paquets. Toutes les données transmises sont protégées par le tunnel IPsec.
Les sections suivantes fournissent des instructions sur la configuration des connexions VPN IPsec dans FortiOS 7.6.0 .
•Configuration générale du VPN IPsec
•VPN de site à site
•Accès à distance
•VPN agrégé et redondant
•ADVPN
•Orchestrateur de superposition de tissu
•Autres sujets sur le VPN
•Dépannage VPN IPsec

© Fortinet Inc. All Rights Reserved. 119


SECURITY FABRIC
Configuration générale du VPN IPsec
Les sections suivantes fournissent des instructions sur les configurations VPN IPsec générales :
•Topologies de réseau
•Configuration de la phase 1
•Configuration de la phase 2
•Politiques de sécurité VPN
•Blocage des négociations IKE et des paquets ESP indésirables avec une politique locale
•Port IKE configurable
•Attributions d'adresses IP VPN IPsec
•Renommer les tunnels IPsec

© Fortinet Inc. All Rights Reserved. 120

You might also like