FortiGate Firewall Training from Beginner to Expert 2026

Learn how a network firewall acts as the first line of defense, separating internal networks from the untrusted internet, and enforces security policies to permit or deny traffic.

Explain the limitations of legacy firewalls that rely on layer 3/4 rules. Show how next generation firewalls use multiple security parameters and content inspection to detect and drop malicious traffic.

Discover how a next-generation firewall surpasses legacy filtering with deep packet inspection, application control, user and content identification, and SSL inspection, plus IPS and advanced threat protection for modern threats.

Discover FortiGate firewall interface types, including aggregate, macvlan, loopback, redundant, software switch, and vlans. Learn how model and license affect availability and ip addressing options.

Configure two vlan networks on a FortiGate firewall using one interface, with vlan ten and vlan twenty gateways 172.16.10.1 and 172.16.20.1, and validate inter-vlan connectivity.

FortiGate zone configurations group interfaces into lan, wan, and dmz to simplify policy enforcement between zones. The lecture covers creating zones, attaching vlans, and implementing zone-based policies in a lab.

Explore the FortiGate one armed sniffer in passive mode, mirroring traffic for analysis without blocking or being in the traffic path, akin to CAP and span approaches.

Configure link aggregation on Fortigate firewall to bond multiple physical links into a single logical, high-bandwidth, active-active connection, boosting bandwidth and redundancy with LACP.

Explore Fortigate software switch, a firmware-level virtual switch that connects ports 2–4 for LAN traffic without firewall policy checks, while port 5 handles WAN with NAT and a security policy.

Explore administrative access in FortiGate firewalls by configuring interface-level protocols on management ports, including https, http, ssh, and ping, via graphical user interface or command line interface.

Explore Fortigate DNS features, enable the DNS database, and configure Fortigate as an internal DNS server with A records for devices like firewall, PC1, PC2, and web server.

Explore the basics of routing within FortiGate firewalls, including static, default, and dynamic routing, and see how IGP and BGP exchange routes.

Configure static and default routes in FortiGate to route between the LAN and WAN, using loopback LAN segments, a NAT network, and verified via ICMP and firewall policies.

Learn policy based routing in FortiGate firewall to steer traffic by source, destination, and service criteria. See a practical lab illustrating dual wan routing with PBR on top.

Configure and validate rip routing protocol on FortiGate to automatically learn routes within an igp, using version 1 or 2, with updates and authentication in a lan dmz lab.

Explore configuring BGP on FortiGate in a LAN–WAN lab, using iBGP with routers and eBGP with a WAN router, advertising networks and learning routes via TCP 179.

Explore dhcp fundamentals on FortiGate, including the Dora process and ports 67/68, and learn to configure dhcp server on multiple interfaces with pools, gateway, dns, and reservations.

Configure FortiGate port two as a dhcp relay agent to forward broadcast requests to a remote dhcp server and receive unicast responses.

Learn the fundamentals of network address translation, translating private ip addresses to public ip addresses to access the internet, and distinguish nat from port address translation on FortiGate.

Configure source NAT based on the outgoing interface for internet access. FortiGate translates private LAN addresses to the WAN IP and back with Wireshark.

Configure one-to-one source NAT with a dynamic IP pool to assign a dedicated translation IP to each client. Demonstrates per-client IP allocation and non-sharing via FortiGate IP pools.

Explore fixed port range NAT in FortiGate, defining internal and external IP ranges to allocate ports per usage and control traffic from specified subnets.

Master source NAT with port block allocation in FortiGate firewall training, using dynamic IP pool and 128 ports per block across 8 blocks per user to control translation IP mappings.

Configure centralized source NAT on FortiGate and compare policy-specific NAT profiles with device-wide NAT. Use the outgoing interface IP or a dynamic pool, with protocol options.

Translate destination IPs from external to internal using a virtual IP in Fortigate's destination NAT. Hide the real server address behind a public DNS and a firewall rule.

Explore destination NAT method 2 with or without centralized net, configure virtual IPs, NAT rules, and firewall policies to hide the real server IP using DNS and DMZ routing.

Explore Fortigate firewall policy basics: how top-to-bottom rule evaluation permits or denies traffic, and the default implicit deny, and how sessions enable bidirectional traffic.

Create and use address objects in FortiGate firewall policies, using Mac address, IP address, subnet, or range addresses to craft precise source rules and monitor policy hits.

Configure local user authentication on FortiGate by creating local users and groups, then apply firewall policies that permit traffic only after successful user authentication.

Learn how Fortigate security profiles provide deep packet inspection on allowed traffic, with antivirus, web filtering, application control, IPS, and SSL inspection to block threats.

Explore the SSL and TLS security protocols, including encryption, authentication, and data integrity, and walk through the TLS handshake with client hello, server hello, certificate exchange, and session key establishment.

Understand why SSL/TLS decryption is needed in next-gen firewalls to inspect encrypted traffic by decrypting, scanning for viruses and malware, and re-encrypting to the destination.

Configures outbound and inbound ssl inspection on FortiGate, detailing flow and proxy modes, certificate creation with csr and ca signing, and applying a ssl inspection profile to inspect encrypted traffic.

Explore how the Fortigate antivirus security profile scans traffic for known threats using signature-based detection, configurable file types and actions, and how to balance protection with performance.

Configure a custom antivirus profile in Fortigate, enable SSL inspection, and associate it with the firewall policy to block malicious content and monitor antivirus events in logs.

FortiGate web filter profiles control web traffic by blocking malicious URLs, classifying content by category, and supporting static URL filtering with customizable messages and GUI/CLI management.

Configure a Fortigate DNS filter profile to block botnet and CNC domains, enforce safe search on Google, Bing, and YouTube, and apply custom, external dynamic, and local domain filters.

Learn how Fortigate's application control uses deep packet inspection and application signatures to identify and enforce policies on specific apps, improving security, bandwidth management, and productivity.

Configure FortiGate application control by creating a security profile, cloning, assigning to a firewall policy, blocking social media with override options, and using quarantine and logs to monitor results.

Explore how the FortiGate IPS intrusion prevention system inspects traffic, detects threats via signatures and anomaly detection, and enforces policies to block or log malicious activity with regular updates.

Discover how the FortiGate file filter security profile inspects file types and blocks or monitors transfers, applying policies to web, email, and ftp traffic.

Explore Fortigate's denial of service policy: the DDoS profile detects floods and blocks or logs attacks, applying thresholds on the WAN to DMZ traffic.

Configure ldap authentication on the FortiGate firewall by linking an Active Directory LDAP server, creating AD users and groups, and binding them to firewall policies for user-based access control.

Explore cryptography basics—encryption and decryption, hashing, and the goals of confidentiality, integrity, and authentication, with symmetric and asymmetric examples like Caesar and RSA.

Discover how a virtual private network creates a secure tunnel over the internet, enabling encrypted data transfer, integrity, and authentication between sites and remote users using IPsec.

Explore how IKE negotiates IPsec security associations, exchanges keys, and defines encryption and hashing algorithms across IKE v1 and v2, including phase one and phase two.

Configure a site-to-site vpn using Fortigate template-based IPsec to establish a secure tunnel over the internet between two sites.

Learn to configure a FortiGate site-to-site VPN in custom mode, detailing IPsec phase one and two, routes, and dual firewall policies for secure site connectivity.

Enable secure remote access to the corporate network with Fortigate remote access VPN, using SSL VPN or IPsec VPN for work from home users.

Configure remote access vpn with ssl web mode, enable port listening and http to ssl redirection, authenticate with local users, and access resources via browser-based ssl vpn.

Establish an SSL VPN tunnel mode on Fortigate, configuring FortiClient and post-authentication IP assignment, and switch from web access to tunnel access for specific user groups.

Explore VDOMs, Fortigate's virtual domains, to partition one firewall into multiple independent instances with separate policies and routing, requiring licenses, enabling centralized management and multi-tenancy.

Enable and configure vdom in a FortiGate firewall to partition a single device into multiple virtual domains with independent interfaces, routing, and policies, noting license limitations in the lab.

Fortigate high availability in an active-passive setup synchronizes configurations and heartbeats between devices to minimize downtime, enabling LAN and WAN failover with NAT.

explore active-active Fortigate high availability, configuring interfaces, routing, and policies, synchronizing two devices, enabling load balancing for traffic distribution and failover.

Learn how to export and restore FortiGate configuration backups to recover quickly from production impact, using GUI or CLI, with revisions and diffs.

Discover how FortiGate's packet sniffing diagnostic tool captures and analyzes traffic via CLI and GUI, using interface selection, filters, and verbose options to troubleshoot specific sources and destinations.

Learn to perform and refine packet captures on FortiGate's GUI, using interface, host, port, and protocol filters, saving as pcap for Wireshark analysis and targeted troubleshooting.

Learn to upgrade Fortigate firewall firmware from 7.2.4 to 7.2.9 and beyond using online fabric upgrade or offline manual methods, with scheduled upgrades, backups, and the approved upgrade path.

Deploy a network lab using the EVNT emulator by installing VMware Workstation, then set up the EVNT Community Edition and EVNT client package, and transfer images with WinSCP.

Launch evnt virtualization by downloading the eve ISO, installing VMware Workstation, and deploying an Ubuntu-based evnt lab with NAT networking, then access the web console to configure labs and nodes.

Set up an eve-ng lab from scratch: install VMware and WinSCP, upload qemu images with proper naming, and configure management cloud networking for Fortigate, Palo Alto, and Windows/Linux clients.