Introduction to Fortinet Unified Threat Management

Module Objectives
• By the end of this module participants will be able to:
• Identify the major features of the FortiGate Unified Threat
Management appliance
• Access and use the FortiGate administration interfaces

• Create administrators
• Configure the FortiGate unit for the lab environment used to
complete the hands-on exercises

Traditional Network Security Solutions

VPN
Intrusion Prevention
Application Control
Web Filtering
WAN Optimization
Antispam
Antivirus
Firewall

Traditional Network Security Solutions • Many single to cope with VPN Intrusion Prevention Application Controlneeded purpose systems Web Filtering a variety of threats WAN Optimization Antispam Antivirus Firewall .

Fortinet Solution and more… VPN Intrusion Prevention Application Control Web Filtering WAN Optimization Antispam Antivirus Firewall .

Fortinet Solution and more… • VPN Intrusion Prevention Application Control Filtering One device providesWeb a comprehensive WAN Optimization security and networking solution Antispam Antivirus Firewall .

Fortinet Solution Hardware Purpose-driven hardware .

Fortinet Solution FortiOS Hardware Specialized operating system .

Fortinet Solution Firewall AV Web Filter IPS … FortiOS Hardware Security and network-level services .

Fortinet Solution FortiGuard Subscription Services Firewall AV Web Filter IPS FortiOS Hardware Automated update service Click here to read more about the Fortinet solution … .

Fortinet Solution Headquarters Branch office Home office .

Fortinet Solution Headquarters Branch office Home office Click here to read more about the Fortinet solution .

reporting and analysis appliances • FortiGuard Subscription Services Home office Click here to read more about the Fortinet solution .Fortinet Solution Headquarters Branch office • FortiGate platform • Management.

FortiGate Capabilities Firewall .

FortiGate Capabilities Antivirus .

FortiGate Capabilities Email filtering .

FortiGate Capabilities Web filtering .

FortiGate Capabilities Intrusion prevention .

FortiGate Capabilities Application control .

FortiGate Capabilities Data leak prevention .

FortiGate Capabilities WAN optimization .

FortiGate Capabilities

Secure VPN

FortiGate Capabilities

Wireless

FortiGate Capabilities

Dynamic routing

FortiGate Capabilities Endpoint compliance .

FortiGate Capabilities Virtual domains .

FortiGate Capabilities Traffic shaping .

FortiGate Capabilities High availability .

FortiGate Capabilities Logging and reporting .

FortiGate Capabilities Authentication Click here to read more about the capabilities of the FortiGate device .

FortiGate Unit Components Intel CPU .

FortiGate Unit Components FortiASIC content processor .

0 .FortiGate Unit Components FortiOS 4.

FortiGate Unit Components DRAM and flash memory .

FortiGate Unit Components Hard disk .

FortiGate Unit Components Interfaces .

FortiGate Unit Components Console port .

FortiGate Unit Components USB port .

FortiGate Unit Components Wireless Module slot bays PC card slot .

Fortinet Appliances FortiAnalyzer FortiBridge FortiWifi FortiAP FortiMail FortiCarrier FortiWeb FortiGate-ONE FortiManager FortiDB FortiSwitch FortiScan FortiClient FortiVoice .

FortiGuard Subscription Services .

Device Administration Web Config Click here to read more about using the CLI CLI .

Administrators Full access Read-only access Customized access Scope: VDOM or Global .

Global Scope Super Admin Profiles .

Admin Profiles Read Read-Write System Configuration Network Configuration Firewall Configuration UTM Configuration VPN Configuration etc Admin Profile .

Administrators Full access Custom access super-admin profile custom profile Full access within a single virtual domain prof-admin profile .

Administrator Authentication Username and Password (one factor) + FortiToken (two factor) .

conf .Device Configuration Setting Setting Setting Setting Setting Setting Setting Setting *.

Device Configuration • Device configuration settings can be saved to an external file • Optional encryption • The file can be restored to rollback device to a previous configuration • SCP supported for configuration restore • FortiGate unit acts as SCP server set admin-scp enable • Example .conf scp <local config filename> <admin_username>@<FGT IP_Addr>:fgt-restore-config .Restore from Linux *.

Per VDOM Configuration File .

168.Configuration Restore using SCP Protocol • Must rename to sys_config during upload scp <fgt-upload.254:sys_config • Full configuration file • Includes all VDOMs .conf> admin@192.3.

DHCP Server – IP Reservation .

DHCP Server – IP Reservation • IP address reserved and always assigned to the same DHCP host • Select an IP address or choose an existing DHCP lease to add to the reserved list • Identify the IP address reservation as either DHCP over Ethernet or DHCP over IPSec • MAC address of the DHCP host is used to look up the IP address in the IP reservation table .

FortiGate DNS Server • Resolve DNS lookups from an internal network • Methods to set up DNS for each interface: • Relay DNS requests to the DNS servers configured for the unit • Resolve DNS requests using a FortiGate DNS database • Unresolved DNS requests are dropped • Split DNS configuration • DNS requests can be resolved using a FortiGate DNS database and any unresolved DNS requests can be relayed to DNS servers configured for the unit • One DNS database can be shared by all the FortiGate interfaces • If VDOMs are enabled. a DNS database needs be created in each VDOM .

DNS Server Configuration • DNS zones need to be added when configuring the DNS database • Each zone has its own domain name • DNS entries are added to each zone • An entry includes a hostname and the IP address it resolves to • Each entry also specifies the type of DNS entry • • • • • IPv4 address (A) or an IPv6 address (AAAA) name server (NS) canonical name (CNAME) mail exchange (MX) name IPv4 (PTR) or IPv6 (PTR) .

DNS Service • Add a new DNS Service to an interface and select a mode: • Recursive • Non-recursive • Forward to System DNS (forward-only) • CLI equivalent: config system dns-server edit wan1 set mode recursive .

DNS Zones • Create a new zone (Master) .

DNS Zones • Create a new zone (Slave) .

DNS Records • Add DNS entries .

Classroom Lab Topology .

Initial Setup • Exploring the CLI • Accessing Web Config • Configuring Network Interfaces • Configuring the FortiGate DNS Server • Enabling DNS Recursive • Configuring Global System Settings • Configuring Administrative Users Click here for step-by-step instructions on completing this lab .Labs • Lab – Virtual Lab Environment Basics • Logging in to the Virtual Lab Environment Click here for instructions on accessing the virtual lab environment • Lab .

Student Resources Click here to view the list of resources used in this module .