FortiGate Firewall Version 6.4 NSE4 Training

Identify assets, vulnerabilities, threats, attacks, risks, and countermeasures in network security. Explore real examples of telnet, ssh, http, and https to illustrate secure versus insecure traffic.

Identify malware as the umbrella term for malicious software. Explore major malware types such as viruses, worms, trojans, rootkits, ransomware, spyware, botnets, and DDoS, with WannaCry as an example.

Explore firewall technologies from packet filtering to stateful and next-generation firewalls across hardware, software, and cloud deployments. See how app ID, user ID, and content ID enable deep packet inspection.

Explore Fortinet's FortiGate firewall as the flagship product, compare it with Palo Alto, and overview Fortinet operating system, FortiGate Manager, FortiGuard, and NSE4 certification paths.

Install FortiGate firewall on VMware workstations by importing FortiGate VM image and configuring management, internet, LAN, and DMZ interfaces, then perform a factory reset to enable the 14-day evaluation license.

Install FortiGate firewall in GNS3 by adding a FortiGate QEMU appliance and importing the FortiGate VM image (version 6.24). Use net cloud to provide internet access and obtain a 192.168.114.x management IP, then log in with admin 123.

Install FortiGate in EVE-NG by preparing the community edition, VMware, Windows client, and WinSCP; follow qemu naming conventions for Fortinet firewall 6.24 and run the opt unit lib command.

Explore the FortiGate firewall dashboard on first login, a responsive noc/soc view with widgets for monitoring network devices, top usage, security events, and customizable dashboards.

build an initial FortiGate lab topology in Gns3, configure interfaces, DNS, and static routes, create an IPv4 policy to allow LAN to WAN, and validate with traffic and dashboard views.

Explore FortiGate firewall interfaces and zones. Learn about physical, virtual, loopback, and VPN interfaces, VLANs, and how zones organize policy and traffic.

Configure a three vlan topology (vlan 10, 20, 30) on a Cisco switch and FortiGate firewall, then group them into a zone and implement a single policy.

Learn how to configure a one-armed sniffer on FortiGate as an IDS, using monitor and tape modes with a Cisco switch, to capture and analyze traffic with logs and Wireshark.

Configure redundant interfaces on a FortiGate firewall to provide failover between two switches, with one interface active at a time and not configured for dhcp, for point-to-point ethernet links.

Configure FortiGate aggregate interfaces to combine multiple ports into one logical port using lacp or pagp, and validate with show commands for port-channel status and spanning tree.

Configure a FortiGate virtual wire pair to bridge two ports in a transparent firewall. Assign the same subnet with no IPs and enable IPv4 policy visibility.

Enable administrative access on FortiGate interfaces by configuring https, http, ping, ssh, and snmp for management; note license limits affect https access during a 14-day trial and 40 manager integration.

Learn to configure dns on FortiGate, using it as a local dns server, with forward and reverse zones, a records and cname, plus recursive vs non-recursive modes and cli/gui setup.

Explore routing concepts, including static, default, and dynamic routing; understand routed vs routing protocols, interior/exterior gateway protocols, administrative distance, route metrics, redistribution, and policy based routing.

Explore configuring and verifying static and default routes in a FortiGate NSE4 lab using a mixed topology of routers and firewalls, with interface setup, management access, and route testing.

Configure policy based routing on FortiGate to redirect traffic from static routes using a VIP-style policy, test with a lab topology, and verify routing with policy-based routing monitor.

Learn how RIP, the routing information protocol, uses hop count and administrative distance to select paths, compare version 1 and version 2, and configure authentication and subnetting in FortiGate networks.

Learn how OSPF functions as a link-state dynamic routing protocol using SPF to determine the best path and multicast traffic. FortiGate configuration covers router ID, area zero, and advertising networks.

Learn how routing redistribution enables a border router to run multiple protocols, linking RIP, OSPF, and BGP, and how to advertise connected and static routes across networks.

Learn FortiGate firewall policies: create, view, and manage top-to-bottom accept or deny rules using interfaces, addresses, services, and schedules, including implicit deny and policy viewing modes.

Configure a mac address based policy in FortiGate by creating a mac address object for a PC and using it as the policy source to restrict access, with logs.

Create a local FortiGate user and apply a user-based policy to control internet access, verify login authentication, and monitor user activity and logs as you prepare for Active Directory integration.

Create an IP-based policy on FortiGate to permit PC traffic by source IP instead of MAC. Build IP address objects, enable full-session logging, and compare with existing MAC-based policies.

Explore services and schedule based policy on FortiGate, configuring DHCP and multiple servers, including HTTP, HTTPS, FTP, TFTP, and SMTP, then restrict access using policies by destination and time.

Explore DHCP on FortiGate: configure as a server, client, or relay; learn DHCP options, pools, lease times, and the four message exchange (discover, offer, request, acknowledgement) across networks.

build hands-on expertise by configuring FortiGate firewall as a dhcp server across management, lan, and dmz interfaces, setting dhcp pools, dns, static routes, and mac address reservations.

Demonstrates configuring a FortiGate firewall as a DHCP relay, converting broadcast DHCP requests to unicast and delivering them to a Windows DHCP server across DMZ and LAN subnets.

License a FortiGate firewall by uploading a license file, enabling https, and rebooting to activate features such as FortiGuard web filtering, DNS, and security profiles.

Discover how security profiles elevate FortiGate to a next generation firewall by enabling antivirus, app control, web filtering, IDS/IPS, and content checks, with FortiGuard signature updates.

Learn to customize FortiGate replacement messages by editing banners, logos, and HTML/CSS, manage images, and preview block pages for web access, virus alerts, and security prompts within a security profile.

Configure FortiGate DNS filter profiles to block botnets, enable safe search and FortiGuard category-based filtering, and verify DNS queries and botnet activity through logs and dashboards.

Use FortiGate's application control to recognize apps by app ID and enforce allow, block, or quarantine actions. Tailor policies, review logs, and enforce ports via network protocol enforcement.

Explore how the intrusion prevention system blocks botnet, malware, and malicious URLs, configure IPS profiles, apply signatures, and review logs to prevent attacks on FortiGate firewall.

Configure FortiGate firewall security profile file filter to block targeted file types such as zip, pdf, jpg, gzip, tar, bmp, and seven zip, and verify outcomes via logs.

Explore FortiGate inspection mode, comparing flow-based packet-by-packet processing with proxy-based whole-packet analysis. Flow-based is fast and resource-efficient but risk of missed threats; proxy-based is thorough, trading speed for security.

Explore FortiGate firewall's next generation modes: profile based and policy based, comparing how security profiles attach to policies, central nets, and application controls enable centralized vs per-policy enforcement.

Block Facebook using policy-based mode on FortiGate firewall, creating a deny Facebook policy from inside to outside with application Facebook, then allow all, configure net, and verify via logs.

Explain FortiGate policy-based mode, default versus specify services, and how default ports like 80 and 443 compare with non-standard ports, with application control across outside and LAN interfaces.

FortiGate firewall modes include netted and transparent modes. Transparent mode acts like a bridge with no interface ip addresses, limiting vpn features and dhcp server options, while enabling plug-and-play deployment.

Configure and verify an IPv4 DoS policy on the FortiGate firewall to block flooding, scanning, and reconnaissance attacks, using thresholds, logs, and policy actions.

Understand network address translation with FortiGate firewall, translating private IPs to public IPs to protect internal devices. Learn source NAT, destination NAT, central NAT, and virtual IP with port forwarding.

Explore FortiGate source net overload NAT (static net) in policy environments, translating multiple inside addresses to a single exit IP and validating through a practical lab.

Explore FortiGate policy-based source NAT with a one-to-one NAT lab, comparing 1-to-1 and overload pools and how internal IPs map to public IPs.

Learn fixed port range NAT in FortiGate, allocating a per-internal-IP port range to avoid exhaustion. Compare 1-to-1 and dynamic pools and configure IP pools in policy NAT.

Explore dynamic policy and port block allocation in FortiGate 6.4 NSE4. Learn to configure IP pools and per-user block sizes with single or range external IPs in a NAT lab.

Configure central secure nat (snat) on FortiGate 6.4 using central net to translate internal sources to the outside IP, with dynamic pools for multiple sessions.

Learn how destination NAT and destination nets use virtual IPs to map external public IP requests to internal private servers, and configure FortiGate security policies with or without central net.

Explore how destination net and central net translate public IPs to private servers via virtual IPs, enabling access to services (telnet, ftp, http, https) from outside and supporting port forwarding.

Create and reuse FortiGate address objects: single IPs, ranges, subnets, FQDNs, and country geography for granular policy control. Create address groups and include dynamic and Mac address objects.

Create, edit, and organize FortiGate service objects for TCP and UDP, categorize them into service groups, and reuse default policy categories such as web access, email, and remote services.

Discover how redundancy and high availability ensure continuous FortiGate firewall services through active-passive and active-active configurations, with failover, heartbeat monitoring, and session pickup.

Explore FortiGate high availability concepts, including active-active vs active-passive, master and slave roles, virtual IP and MAC, ARP and GLBP, heartbeat monitoring, and failover testing.

Explore FortiGate authentication with Active Directory, covering user ID policy, LDAP, RADIUS, TACACS+ options, and Fortinet single sign-on in a lab with DMZ and LAN.

Integrate FortiGate with Active Directory using ldap, configure ldap server and bind methods, map AD groups to firewall groups, and enable authentication for DMZ and LAN users.

Demonstrates setting up Fortinet single sign on for passive authentication with Active Directory, installing the FSO agent, integrating AD groups, and enforcing domain-joined clients access without prompts.

Explore FortiGate virtual domains (VDOMs) and learn how to partition a single device into multiple virtual firewalls for departments, with GUI and CLI enablement and licensing considerations.

Explore cryptography basics, including plaintext, ciphertext, encryption, and decryption, then compare symmetric and asymmetric encryption with RSA, public and private keys, and hash concepts.

Learn how Diffie-Hellman enables two parties to derive a shared key over an insecure channel using prime numbers, private keys, public keys, and modulus operations for vpn and ssl/tls security.

Learn how IPsec provides confidentiality, integrity, authentication, and anti-replay for vpn connections using esp or ah, in tunnel and transport modes with des, 3des, or aes.

Discover how VPNs create a private, encrypted path over the internet to protect data integrity, enabling site-to-site and remote access connections using FortiGate firewall.

Explore policy-based versus route-based VPNs on FortiGate, including tunnel interfaces, required security policies, and mode limitations, with lab-ready concepts like dead peer detection and VPN templates.

Explore site-to-site route-based IPsec VPN labs using FortiGate, building a tunnel-based topology, applying templates, testing encryption with telnet and web traffic, and validating with IPsec monitor.

Build a manual site-to-site ipsec route-based vpn lab on FortiGate, configuring interfaces, management dhcp, ike md5, phase 1 and 2, policies, static routes, and ipsec monitoring.

Compare policy-based and route-based site-to-site IPsec VPNs and demonstrate configuring a policy-based VPN and IPsec tunnel on both firewall sides.

Master backup and restore of FortiGate configurations via local pc, usb, ftp, and tftp, with encryption options and cli support. Understand configuration revision, factory reset, and firmware upgrade workflows.

Configure snmp v1/v2 and v3 on FortiGate firewall to monitor via snmp manager, agents, and mib queries; learn trap messages, get requests, and security options.

Configure FortiGate firewall syslog to central servers, choose log categories and levels from emergency to debug, and forward or store logs locally with filters and optional FortiManager or FortiAnalyzer integration.

Discover how traffic shaping with FortiGate controls bandwidth using share shaper and per IP shaper, assigns priority to applications or IPs, and tests effects on download and upload.

Configure FortiGate remote access vpn using ssl vpn web portal and client based vpn, leveraging ipsec and tls with labs on users, addresses, and policies.

Configure ssl vpn with FortiClient to encrypt entire pc traffic or use a web portal for browser access, and compare ipsec versus ssl vpn for internal resources.

Learn to use FortiGate cli basic commands to configure interfaces, policies, and routes with config system interface, set, show, git, and end, including next and abort workflows.

Master FortiGate firewall troubleshooting by isolating issues through the OSI model, using top-down or bottom-up methods, ping and traceroute, and documenting steps while escalating to vendors.

FortiGate firewall packet sniffer lets you diagnose traffic by capturing and analyzing packets with interface, filter, and verbose options, producing wireshark-like headers and data for troubleshooting.

Learn essential FortiGate CLI commands for troubleshooting, including system status, version, and databases. Use routing, DNS, VPN diagnostics, and packet capture for issue resolution.

Configure and verify packet capture on FortiGate, selecting the LAN interface, applying protocol and port filters, and exporting pcap files for analysis with Wireshark.