FortiOS Administrator
In collaborazione con Vega Training
Il Corso FortiOS Administrator (FortiGate Administrator) è progettato per formare i partecipanti che devono gestire, configurare, amministrare e monitorare appliance FortiGate in contesti reali.
Attraverso lab pratici si lavora sulle funzionalità più comuni di FortiGate: configurazione iniziale di system e network settings, gestione dell’accesso amministrativo, utilizzo di GUI e CLI, logging e monitoring con analisi dei log anche tramite FortiAnalyzer, creazione di IPv4 firewall policies con NAT (source NAT, destination NAT e port forwarding), routing (static routing, route redundancy e load balancing), firewall authentication con integrazione di server LDAP e RADIUS e implementazione di Fortinet Single Sign-On (FSSO) integrato con Microsoft Active Directory (AD).
Il corso copre inoltre certificate operations, encryption basics, SSL inspection, e l’uso dei security profiles per la protezione della rete (IPS, antivirus, web filtering, application control).
Completano il percorso la configurazione di site-to-site IPsec VPN, SD-WAN configuration e monitoring, High Availability con FortiGate Clustering Protocol (FGCP), oltre a diagnostica e troubleshooting.
Vengono introdotti anche i principali scenari “FortiGate in Cloud” (FortiGate VM e FortiGate CNF) e i concetti base di FortiSASE.
Il Corso contribuisce alla preparazione dell’esame di Certificazione Fortinet NSE 4 – FortiOS Administrator, parte delle Certificazioni:
- FCP – Fortinet Certified Professional in Security Operations
- FCP – Fortinet Certified Professional in Secure Networking
- FCP – Fortinet Certified Professional SASE
Cosa imparerai a fare
I partecipanti impareranno a gestire, configurare, amministrare e monitorare appliance FortiGate in contesti reali.
Contenuti del corso
- Initial Setup
- Factory Default Settings
- Modes of Operation
- Interface IP Addresses
- FortiGate as a DHCP Server
- Log Types and Subtypes
- Log Severity Levels
- Log Message Layout
- Log Storage – Remote
- FortiAnalyzer – Centralized Log Repository
- Components and Policy Types
- Configuring Firewall Policies
- How Are Policy Matches Determined?
- Firewall Policy SNAT
- VIP Example – Port Forwarding / Incoming Connection
- RIB and FIB
- Route Attributes
- Routing Table – CLI
- Reverse Path Forwarding
- ECMP Routing
- FortiGate Methods of Firewall Authentication
- Configuring an LDAP Server on FortiGate
- RADIUS Overview
- Two-Factor Authentication
- Monitoring Users
- FSSO Deployment and Configuration
- DC Agent Mode
- Collector Agent-Based Polling Mode
- Agentless Polling Mode
- Group Filter
- Digital Certificate
- FortiGate Verifies a Digital Signature
- SSL Inspection Modes
- SSL Inspection Profile Configuration
- Invalid Certificates
- SD-WAN Basics
- SD-WAN Use Cases – Direct Internet Access
- SD-WAN Members and Zones
- Performance SLAs
- Firewall Policies with SD-WAN
- HA Operation Modes
- What Is FortiGate HA?
- Active-Passive
- Failover Protection
- Virtual MAC Addresses and Failover
- Monitoring Traffic Flows and Resource Usage
- System Information
- CPU and Memory
- Slowness
- Life of a Packet – Initial Session Packets
- Fortinet Cloud Security Solution
- FortiGate VM and FortiGate CNF
- Public Cloud Components
- Example Deployment of a Single FortiGate Instance
- Use Cases – Outbound Traffic Inspection
- Challenges of Work-From-Anywhere
- FortiSASE Use Cases
- User Onboarding with SAML SSO
- SPA with SD-WAN Integration
- CASB Use Case
- Configuring Administrator Accounts
- Registering Devices on FortiAnalyzer
- Creating Firewall Address Objects and Firewall Policies
- Reordering Firewall Policies and Firewall Policy Actions
- Configuring DNAT Settings Using a VIP
- Using Dynamic NAT With IP Pools
- Configuring Route Failover
- Configuring ECMP
- Configuring an LDAP Server
- Configuring a RADIUS Server on FortiGate
- Configuring FortiGate for FSSO Authentication
- Configuring Full SSL Inspection on Outbound Traffic
- Dealing With Anomalies
- Configuring Flow-Based Antivirus Scanning
- Using Antivirus Scanning in Proxy-Based Inspection Mode
- Configuring FortiGuard Web Filtering
- Configuring Static URL Filtering
- Blocking Known Exploits
- Controlling Application Traffic
- Configuring a Dial-Up IPsec VPN Between Two FortiGate Devices
- Configuring a Static IPsec VPN Between Two FortiGate Devices
- Configuring SD-WAN
- Monitoring the SD-WAN Setup
- Configuring HA
- Triggering an HA Failover
- Configuring the HA Management Interface
- Determining What Is Happening Now
- Troubleshooting a Connectivity Problem
Certificazioni
- Attestato di frequenza IFOA