FortiGate II

Instructor Guide
for FortiGate 5.4.1
  Product Version

Product Version
This training covers FortiGate 5.4.1.
The FortiGate II course is the second part of the two-part NSE 4 curriculum. It can be delivered as an
instructor-led course, or it can be taken online. This course includes a facilitated lab. This course may
be delivered as part of a custom, private training engagement.
See the course descriptions for the lessons, and the course goals and objectives.

What’s new
This section highlights some of the key changes in this update of the FortiGate II course.

General Changes
 16X9 layout for slides, which is better displayed in modern screens.
 Quizzes have been added to FLC using Quizmaker. This provides direct feedback with references
to source slides.
 The Firewall Policies lesson has been divided into two lessons:
o Firewall Policies
o Network Address Translation (NAT)
 FortiGate inspection mode is chosen at the VDOM level – proxy-based or flow-based.
 The student guide includes labs that are divided into exercises, and the exercises are divided into
procedures.
o Each procedure contains a short list of steps, and a description that explains what the student
will do and why.
 The GUI settings are now shown in bold.

Hatsize Environment Changes

 CA certificates for admin access and SSL inspection are pre-installed on a Firefox browser so that
SSL inspection can be used in the security profile lessons without a certificate warning.
 The resource folder has new structure. It contains the FortiGate-I and FortiGate-II course folders.
Each course folder contains subfolders for each of the lessons. The lesson folders contain the
initial configuration backups and other files needed for the associated labs. The lesson subfolders
now include a solutions folder, which contains the backup of the final configuration.
 Some VMs were renamed. The FortiGates are now called Local-FortiGate and Remote-FortiGate.
The Windows VMs are now called Local-Windows and Remote-Windows.
  Product Version

Changes in Lessons
This section provides details about changes and new feature information added to specific lessons.

Lesson 1 - Routing
New Features/Content
 Static routes with named addresses were added.
 Internet services were added.
 A debug command for listing the inactive routes was added.
 Packet sniffer was added.

Lesson 3- Transparent Mode and Layer 2 Switching

 Port pairing was renamed virtual wire pair.
 Virtual wire pair is now also supported in NAT mode.
New Feature/Content
 Software Switch

Lesson 4- High Availability

 FortiGate session life support protocol (FGSP) was removed.
New Feature/Content
 A new HA debug command was added:

diagnose sys ha checksum cluster

Lesson 5- Advanced IPsec VPN

New Feature/Content
 New option was added to extended authentication (XAuth): Inherit from policy.
 Auto discovery VPN (ADVPN) was added.

Lesson 6- Intrusion Prevention and Denial of Service

New Feature/Content
 Web application firewall (WAF) was added.
 Integration with FortiWeb was implemented.

Lesson 7- FSSO
New Feature/Content
 WMI pooling mode was added.

Lesson 8- Certificate Operations

 The description of inline SSL inspection was enhanced.
  Product Version

New Feature/Content
 Certificate-based authentication for users and administrators was added.
 HPKP
 An introduction to certificate authentication for SSL and IPsec VPNs was added.
 A new action for accepting untrusted certificates was added.

Lesson 9- DLP
 The manual document fingerprinting feature was removed in FortiOS 5.4.1. It was replaced by
network share for fingerprinting.

Lesson 10- Diagnostics

 This lesson now has a lab component.
 The explanation of debug flow was enhanced.
Content Removed
 Advance memory commands (covered in FGT III)
 Session table (covered in NAT lesson)
 Sniffer (covered in routing lesson)
 SNMP (covered in logging lesson)
New Feature/Content
 A description of crash logs was and the associated command was added.
 An description of running the hardware test from FortiOS was added.
  Materials and System Requirements

Materials and System Requirements

Prior to teaching this lesson, gather the materials.
This course has both on-location (classroom) and online versions.
When delivering the on-location version, you probably will be teaching most or all of the lessons.
(Each lesson is subject-specific.)
If you teach the online version of this class, you may be teaching one or all of the lessons. To access
online content, students must have a computer with:
 a high-speed Internet connection
 an up-to-date web browser that supports HTML 5
 a PDF viewer
 speakers or headphones
 a Java runtime environment (JRE) (optional)

Wi-Fi is not recommended due to packet loss. Firewalls (including FortiClient and Windows Firewall)
must allow connections with the virtual lab.
Students must be able to reach both the virtual lab hosted by Microtek/Hatsize (connectivity details are
in the Student Guide) and the Learning Management System (LMS).
(https://gm1.geolearning.com/geonext/fortinet/myhome.geo). From the LMS, students can download a
copy of the Student Guide for labs and exam study/preparation. They may also be able to view an
alternative video of the presentation.

Item Amount

Instructor Guide 1 per class

(this document)

Presentation Slides 1 per lesson

Virtual Lab Environment 1 per student

Student Guide 1 per student

(lab instructions and presentation notes)

Lab Setup
FortiGate VMs in the virtual lab are running FortiGate 5.4.1.
The lab topology is described in the Virtual Lab Setup Guide for FortiOS 5.4.1, and the FortiGate I
Student Guide for FortiGate 5.4.1.
  Materials and System Requirements

Class Size
The recommended class size for this course is 12 participants; however, smaller or larger class sizes
numbers are permitted.
  Time to Complete

Time to Complete
Schedules may vary by region and customer, but assuming a 9am to 5pm day with one hour for
breaks, there is a seven-hour study day. There are 12 lessons to deliver in this three-day course.
Try to avoid lectures longer than 30 minutes. Break lessons into two segments, if necessary..

Lesson Estimated Time

Lesson 1 Routing Lecture: 55 minutes

Lab (if purchased): 45 minutes
Total: 100 minutes

Lesson 2 Virtual Domains Lecture: 45 minutes

Lab (if purchased): 25 minutes
Total: 70 minutes

Lesson 3 Transparent Mode and Layer 2 Switching Lecture: 40 minutes

Lab (if purchased): 20 minutes
Total: 60 minutes

Lesson 4 High Availability Lecture: 45 minutes

Lab (if purchased): 45 minutes
Total: 90 minutes

Lesson 5 Advanced IPsec VPN Lecture: 45 minutes

Lab (if purchased): 60 minutes
Total: 105 minutes

Lesson 6 Intrusion Prevention and Denial of Service Lecture: 55 minutes

Lab (if purchased): 40 minutes
Total: 95 minutes

Lesson 7 Fortinet Single Sign-On (FSSO) Lecture: 45 minutes

Lab (if purchased): 25 minutes
Total: 70 minutes

Lesson 8 Certificate Operations Lecture: 60 minutes

Lab (if purchased): 25 minutes
Total: 85 minutes

Lesson 9 Data Leak Prevention (DLP) Lecture: 35 minutes

  Time to Complete

Lab (if purchased): 30 minutes

Total: 65 minutes

Lesson 10 Diagnostics Lecture: 45 minutes

Lab (if purchased): 30 minutes
Total: 75 minutes

Lesson 11 Hardware Acceleration Lecture: 55 minutes

Lesson 12 IPv6 Lecture: 60 minutes

Lab (if purchased): 30 minutes
Total: 90 minutes

Total Total: Approximately 16 hours