Scribd Logo
Upload

Welcome to Scribd!

  • 001 Intro UTM

    Uploaded by

    Youssef Fatihi
    76 views62 pages
    Intro UTM Fortinate

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Intro UTM Fortinate

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    76 views62 pages

    001 Intro UTM

    Uploaded by

    Youssef Fatihi
    Intro UTM Fortinate

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 62

    Introduction to Fortinet Unified Threat Management

    Module Objectives

    • By the end of this module participants will be able to:


    • Identify the major features of the FortiGate Unified Threat
    Management appliance
    • Access and use the FortiGate administration interfaces
    • Create administrators
    • Configure the FortiGate unit for the lab environment used to
    complete the hands-on exercises
    Traditional Network Security Solutions

    VPN
    Intrusion Prevention
    Application Control
    Web Filtering
    WAN Optimization
    Antispam
    Antivirus
    Firewall
    Traditional Network Security Solutions

    VPN
    Intrusion Prevention
    • Many single purpose systems
    Application Controlneeded
    Web Filtering
    to cope with a variety of threats
    WAN Optimization
    Antispam
    Antivirus
    Firewall
    Fortinet Solution
    and more…
    VPN
    Intrusion Prevention
    Application Control
    Web Filtering
    WAN Optimization
    Antispam
    Antivirus
    Firewall
    Fortinet Solution
    and more…
    VPN
    Intrusion Prevention
    Application Control

    • One device providesWeb Filtering


    a comprehensive
    WAN Optimization
    security and networking solution
    Antispam
    Antivirus
    Firewall
    Fortinet Solution

    Hardware

    Purpose-driven hardware
    Fortinet Solution

    FortiOS

    Hardware

    Specialized operating system


    Fortinet Solution

    Web
    Firewall AV
    Filter
    IPS …

    FortiOS

    Hardware

    Security and network-level services


    Fortinet Solution

    FortiGuard Subscription Services

    Web
    Firewall AV
    Filter
    IPS …

    FortiOS

    Hardware

    Automated update service


    Click here to read more about the Fortinet solution
    Fortinet Solution
    Headquarters Branch office

    Home office
    Fortinet Solution
    Headquarters
    Branch office

    Home office

    Click here to read more about the Fortinet solution


    Fortinet Solution
    Headquarters
    Branch office

    • FortiGate platform
    • Management, reporting and analysis
    appliances
    • FortiGuard Subscription Services
    Home office

    Click here to read more about the Fortinet solution


    FortiGate Capabilities

    Firewall
    FortiGate Capabilities

    Antivirus
    FortiGate Capabilities

    Email filtering
    FortiGate Capabilities

    Web filtering
    FortiGate Capabilities

    Intrusion prevention
    FortiGate Capabilities

    Application control
    FortiGate Capabilities

    Data leak prevention


    FortiGate Capabilities

    WAN optimization
    FortiGate Capabilities

    Secure VPN
    FortiGate Capabilities

    Wireless
    FortiGate Capabilities

    Dynamic routing
    FortiGate Capabilities

    Endpoint compliance
    FortiGate Capabilities

    Virtual domains
    FortiGate Capabilities

    Traffic shaping
    FortiGate Capabilities

    High availability
    FortiGate Capabilities

    Logging and reporting


    FortiGate Capabilities

    Authentication

    Click here to read more about the capabilities of the FortiGate device
    FortiGate Unit Components

    Intel CPU
    FortiGate Unit Components

    FortiASIC content processor


    FortiGate Unit Components

    FortiOS 4.0
    FortiGate Unit Components

    DRAM and flash memory


    FortiGate Unit Components

    Hard disk
    FortiGate Unit Components

    Interfaces
    FortiGate Unit Components

    Console port
    FortiGate Unit Components

    USB port
    FortiGate Unit Components

    Wireless Module slot bays

    PC card slot
    Fortinet Appliances
    FortiAnalyzer FortiBridge FortiWifi FortiAP

    FortiMail FortiCarrier FortiWeb FortiGate-ONE

    FortiManager FortiDB FortiSwitch

    FortiScan FortiClient FortiVoice


    FortiGuard Subscription Services
    Device Administration

    Web Config CLI

    Click here to read more about using the CLI


    Administrators

    Full access Read-only access Customized access

    Scope: VDOM or Global


    Global Scope Super Admin Profiles
    Admin Profiles

    Read Read-Write
    System Configuration
    Network Configuration Admin
    Firewall Configuration
    UTM Configuration
    Profile
    VPN Configuration
    etc
    Administrators

    Full access Custom access Full access within


    a single virtual
    domain

    super-admin custom prof-admin


    profile profile profile
    Administrator Authentication

    Username and Password (one factor)


    +
    FortiToken (two factor)
    Device Configuration

    Setting Setting
    Setting Setting
    Setting Setting
    Setting Setting
    *.conf
    Device Configuration

    • Device configuration settings can be


    saved to an external file
    • Optional encryption
    • The file can be restored to rollback
    device to a previous configuration
    • SCP supported for configuration restore
    • FortiGate unit acts as SCP server
    set admin-scp enable
    • Example - Restore from Linux
    *.conf
    scp <local config filename>
    <admin_username>@<FGT
    IP_Addr>:fgt-restore-config
    Per VDOM Configuration File
    Configuration Restore using SCP Protocol

    • Must rename to sys_config during upload


    scp <fgt-upload.conf> admin@192.168.3.254:sys_config

    • Full configuration file


    • Includes all VDOMs
    DHCP Server – IP Reservation
    DHCP Server – IP Reservation

    • IP address reserved and always


    assigned to the same DHCP host
    • Select an IP address or choose an existing
    DHCP lease to add to the reserved list
    • Identify the IP address reservation as either
    DHCP over Ethernet or DHCP over IPSec
    • MAC address of the DHCP host is used
    to look up the IP address in the IP
    reservation table
    FortiGate DNS Server
    • Resolve DNS lookups from an internal network
    • Methods to set up DNS for each interface:
    • Relay DNS requests to the DNS servers configured for the unit
    • Resolve DNS requests using a FortiGate DNS database
    • Unresolved DNS requests are dropped
    • Split DNS configuration
    • DNS requests can be resolved using a FortiGate DNS
    database and any unresolved DNS requests can be relayed to
    DNS servers configured for the unit
    • One DNS database can be shared by all the FortiGate
    interfaces
    • If VDOMs are enabled, a DNS database needs be created in
    each VDOM
    DNS Server Configuration

    • DNS zones need to be added when configuring the


    DNS database
    • Each zone has its own domain name
    • DNS entries are added to each zone
    • An entry includes a hostname and the IP address it resolves to
    • Each entry also specifies the type of DNS entry
    • IPv4 address (A) or an IPv6 address (AAAA)
    • name server (NS)
    • canonical name (CNAME)
    • mail exchange (MX) name
    • IPv4 (PTR) or IPv6 (PTR)
    DNS Service
    • Add a new DNS Service to an interface and select a
    mode:
    • Recursive
    • Non-recursive
    • Forward to System DNS (forward-only)

    • CLI equivalent:
    config system dns-server
    edit wan1
    set mode recursive
    DNS Zones

    • Create a new zone (Master)


    DNS Zones

    • Create a new zone (Slave)


    DNS Records

    • Add DNS entries


    Classroom Lab Topology
    Labs

    • Lab – Virtual Lab Environment Basics


    • Logging in to the Virtual Lab Environment
    Click here for instructions on accessing the virtual lab environment

    • Lab - Initial Setup


    • Exploring the CLI
    • Accessing Web Config
    • Configuring Network Interfaces
    • Configuring the FortiGate DNS Server
    • Enabling DNS Recursive
    • Configuring Global System Settings
    • Configuring Administrative Users
    Click here for step-by-step instructions on completing this lab
    Student Resources

    Click here to view the list of resources used in this


    module

    You might also like