Go to Course Home
Building and scaling LAB
Building and scaling LAB
Join the conversation
Submit
Prev
Next
Table of Contents
Intro & Lab setup
In this topic we will take an overview for the course content, and do the LAB setup for the virtual and could environments.
Intro (who we are)
4m
Topics (what will we learn)
12m
Materials (how will do it)
10m
FortiGate as a NGFW
14m
Setup VMware and EVE community
8m
Fortigate images (2023 updates v7.2.0 and bellow vs v7.2.1 and above)
6m
[AWS] Account Free Tier
8m
[AWS] First EC2 Windows instance
12m
[AWS] LAB Promo
5m
[AWS] Setup AWS LAB (Part1)
9m
[AWS] Setup AWS LAB (Part2)
12m
[AWS] Setup AWS LAB (Part3)
9m
[AWS] Setup AWS LAB (Part4)
6m
Download Links
0s
FortiGate Security – Initial Configuration
In this topic we will start by access FortiGate device with multiple methods, Creating admin users/profile, Create VLANs, assign IP addresses, DHCP server, Configuration backup/restore, and finally to the limitation of 14-days VM license.
Access method and Default configuration
14m
Admin user and profile management
10m
Restrict access (Trusted hosts, interfaces, and ports)
6m
Interfaces and VLANs (Part1)
8m
Interfaces and VLANs (Part2)
8m
DHCP server
8m
Configuration backup, restore, and revision
10m
Firmware status and upgrade path
9m
[Lab setup] FGT 14-day trial limit
8m
FortiGate Security – Firewall Policies
In this topic we will create, manage, and tune FW policies. Introduce EVE-NG node Win-tiny10 as a light weight windows 10 VM for testing local web services.
Policy definition
9m
Configure policies (Single, multiple, and all interfaces)
12m
Configure policies (Objects as source and destination addresses)
10m
Configure policies (Geo location)
9m
[Lab setup] Setup Windows 10 node using (Win-tiny10)
10m
Configure policies (Services)
4m
Manage policies (Tune and CLI)
9m
FortiGate Security – Network Address Translation
In this topic we will configure most NAT types such as SNAT, DNAT (Virtual IP), and FortiGate Central NAT.
NAT overview
10m
Configure SNAT (IP Pool types)
9m
Configure DNAT (VIP objects and Port forwarding)
10m
Enabling Central NAT
7m
FortiGate Security – [AWS] Firewall Authentication
In this topic we will be introduced to the methods of authentication used by ForiGate, Setup Windows Server Active Directory Domain Services, and Configure LDAP between them.
Methods overview
9m
[Lab setup] Setup Windows Active Directory Domain Services
9m
LDAP configuration and Domain Admin authentication
9m
FortiGate Security – [AWS] Logging and Monitoring
In this topic we will start checking logs and filter them, in addition to configure a syslog server.
Log Basic
8m
Log Message
9m
Log Message LAB
11m
Syslog Configuration
6m
FortiGate Security – [AWS] Certificate Operation
In this topic we will be introduced to Digital Certification, setup Windows Certificate Services, securing FortiGate web admin page, setup the WIN22-Client joining WIN22-DC, and implement the first SSL Inspection Security Profile.
Digital Certification
8m
[Lab setup] Setup Windows Certificate Services
5m
Secure FortiGate web admin (Part1)
8m
Secure FortiGate web admin (Part2)
5m
[Lab setup] WIN22-Client join WIN22-DC
9m
SSL Inspection Security Profile
9m
FortiGate Security – [AWS] Web Filtering
In this topic we will start by doing a static URL filtering, going through the FortiGaurd Web Filter Categories, and ending with usage Quota.
NGFW Inspection Modes
9m
Static URL Filtering
5m
FortiGaurd WF Categories
8m
Enable proxy features and Quota
8m
FortiGate Security – [AWS] Application Control
In this topic we will apply our security features into the application level.
Application Control Basics
10m
So why did we use AWS? License!
8m
Profile-Based Application Control (Part1)
8m
Profile-Based Application Control (Part2)
7m
Policy-Based Application Control
7m
FortiGate Security – [AWS] Antivirus
In this topic we will start with the Antivirus scanning, moving forward to the inspections modes and behaviors.
Basics and Scanning
7m
Proxy vs Profile AV inspection
6m
AV profile configuration
11m
FortiGate Security – [AWS] Intrusion Prevention and Denial of Service
In this topic we will use the IPS engine and be introduced into some of it's security topics
IPS Systems
8m
Denial of Service
5m
Recommeded Configuration
6m
Advnaced Lab Setup
- Full virtual LAB setup EVE-NG - NETem to add latency and jitter
Building and scaling LAB
7m
Adding NETem
6m
FortiGate Infrastructure – Routing
In this topic we will start by the static routing configuration going through some routing concepts with FortiGate structure, creating objects and policy based routing, tweaking some routing attributes, Load balance and fail-over using ECMP, SD-WAN, and link health monitoring.
Static Routing
11m
Routing Concepts
7m
Object(s) & Policy Routing
8m
Route Attributes
9m
ECMP
6m
SD-WAN
11m
SD-WAN advanced
5m
Link Health Monitor
4m
FortiGate Infrastructure – VDOMs
In this topic we will be introduced into FortiGate Firewall Virtualization using VDOMs (Virtual Domains) and see in how we may make one firewall into multiple ones.
What are VDOMs
8m
Configure VDOMs
16m
Administrating VDOMs
4m
Inter-VDOM Links
10m
FortiGate Infrastructure – FSSO
In this topic we will see how FortiGate FW integrate using SSO technologies and provides the capabilities to have user based policy instead of just the IP based policies.
What is FSSO
8m
[Lab setup] Windows Server Active Directory
20m
Install, Configure, and Integrate FSSO
9m
User based firewall policy
5m
FortiGate Infrastructure – ZTNA
In this topic we will see how many VPN types does the FortiGate FW support, and we will start with ZTNA type and know that the ZTNA is not just a VPN method!
What is ZTNA
8m
IPsec vs SSLVPN vs ZTNA
6m
FortiGate Infrastructure – [AWS] SSL VPN
In this topic we will configure SSLVPN Tunnel mode and Web Mode.
Tunnel Mode vs Web Mode
9m
Configure Tunnel Mode (Part1)
8m
Configure Tunnel Mode (Part2)
8m
Configure Web Mode
4m
FortiGate Infrastructure – IPsec VPN
In this topic we will take a major concept for the traditional standard IPsec VPN, after that we will configure a site-to-site and a dial-up VPNs.
IPsec Concepts
10m
What is IKE
8m
Site-to-Site IPsec VPN
13m
Dialup IPsec VPN
11m
FortiGate Infrastructure – High Availability
In this topic we will be introduced to FortiGate HA technology, terminologies, and modes. Setting up the HA then doing and testing the Failover
HA Operation Part1
8m
HA Operation Part2
9m
Setup Active-Passive
9m
Failover
7m
AWS Cleaning! (Important)
AWS Cleaning
3m