Your cart is empty.
Keep shopping
Fortinet FortiWeb WAF Administrator Training
493 students
Fortinet FortiWeb WAF Administrator Training
Hands-on FortiWeb WAF Administration with EVE‑NG Labs for Web Security and Threat Protection with Workbook
Created byAhmad Ali
Last updated 2/2026
English
What you'll learn
- Introduction to Web Application Security
- FortiWeb Configuration and Administration
- Configuring SSL offloading and inspection
- Performance Optimization
- Configure server pools, policies, and protected host names
- Build and configure a lab environment for FortiWeb step by step.
- Understand the fundamental concepts of Web Application Firewalls (WAF).
- Configure Content Routing
- Protect against DoS/DDoS attacks.
- Control traffic flow with Redirects & Rewrites.
- Control traffic flow with Redirects & Rewrites.
- Enable Bot Protection to stop malicious automated activities.
- Deploy FortiWeb in EVE‑NG and configure it for real web apps.
- Implement SSL offloading, load balancing, persistence, and health checks.
- Protect against common web vulnerabilities
- Configure Signatures — built‑in and custom signatures
- Configure Virtual Server, VIPs, and Server Pool
- Web App Vulnerabilities & Protection
Explore related topics
Course content
15 sections • 78 lectures • 9h 22m total length
Requirements
- Basic understanding of networking
- No prior FortiWeb experience required
- Access to a PC or virtual environment to build the lab
- Web Application Fundamentals
- Virtualization Lab Environment
- Basic knowledge of EVE‑NG
- Prior experience with Fortinet products FortiGate
- Basic Linux or Windows server administration knowledge
Description
Course Description:
Master Fortinet FortiWeb WAF administration with hands-on labs in EVE‑NG and learn how to secure web applications and APIs against real-world threats. This course takes you step by step through deployment, configuration, tuning, and advanced web protection techniques.
You’ll start by setting up FortiWeb in EVE‑NG, adding virtual images, configuring servers and clients, and importing labs. From there, you’ll dive into core WAF concepts, including server policies, virtual servers, VIPs, server pools, and web protection profiles.
Learn how to protect web applications from vulnerabilities such as SQL injection, XSS, CSRF, command injection, file uploads, and web shells. You’ll also configure SSL offloading, load balancing, persistence, content routing, and HTTP rewriting to optimize traffic and improve security.
Advanced sections cover DoS/BOT protection, API gateway security, JSON schema validation, and access control, giving you the practical skills to defend any web application or API. Each module includes realistic labs, testing, verification, and troubleshooting exercises.
By the end of this course, you will be able to confidently deploy, configure, and manage FortiWeb WAFs to protect web applications, detect attacks, and ensure high availability and performance.
Who this course is for:
Network and security engineers seeking hands-on WAF experience.
Penetration testers and ethical hackers wanting to understand WAF deployment and tuning.
DevOps and application security professionals securing web apps and APIs.
IT professionals and system administrators enhancing web traffic monitoring and threat protection skills.
Requirements:
Basic networking knowledge (IP, routing, VLANs).
Understanding of web servers, HTTP/HTTPS, and web application basics.
A PC capable of running virtual labs (EVE‑NG, VMware, or VirtualBox).
Familiarity with Fortinet products, Linux/Windows server administration, or security tools like OWASP ZAP or Burp Suite.
Who this course is for:
- Network and Security Engineers
- Penetration Testers & Ethical Hackers
- DevOps and Application Security Professionals
- IT Professionals & System Administrators
- Students and Learners of Cybersecurity
- Cybersecurity students
- Individuals looking to enhance their expertise with FortiWeb
- IT Administrators
- Network and security professionals preparing for the FCP – FortiWeb 7.4 Administrator exam