FortiGate Level 2

Level: 2
Total: 45hrs

I. Who should enroll?

In this course, you will learn how to use advanced FortiGate networking and
security. Topics include features commonly applied in complex or larger
enterprise or MSSP networks, such as advanced routing, transparent mode,
redundant infrastructure, site-to-site IPsec VPN, single sign-on (SSO), web
proxy, and diagnostics..

II. Course Outline

Chapter Topic
Routing
• Direct route
Module
• Static route
1 • Dynamic route
• Policy route

1
 Software-Defined WAN (SD-WAN)
• Application-aware routing
Module
• Centralized management
2 • Self-healing
• Cloud-based deployment
Virtual Domains
• Isolate different networks
Module • Segment applications
3 • Differentiate users
• Split-task VDOM
• Multi VDOM mode
Layer 2 Switching
• Segment their network into different VLANs
Module
• Improve network performance by aggregating links
3 • Monitor network traffic with port mirroring
• Protect their network from spanning tree loop
Site-to-Site IPsec VPN
• To configure a site-to-site IPsec VPN
Module
• creating a VPN tunnel between two networks
5 • shared secret key for the VPN tunnel
• configuring the IPsec policies on each network

Fortinet Single Sign-On (FSSO)

• Active Directory
Module
• LDAP
6 • RADIUS
• Local database

2
 Module High Availability (HA)
7 • Active-Passive
• Active-Active
Web Proxy
• Web filtering
• Data loss prevention
Module
• Antivirus
8 • Intrusion prevention
• Advanced threat protection
• Centralized management
Diagnostics
• System health check
Module • Log viewer
9 • System diagnostics
• Packet capture
• Forti Analyzer

III. Outcome
Upon completion of the FortiGate Level 2, students will be able to perform the following
tasks:

• Analyze a FortiGate route table

• Route packets using policy-based and static routes for multipath
and load -balanced deployments
• Configure SD-WAN to load balance traffic between multiple WAN
links effectively

3
• Inspect traffic transparently, forwarding as a Layer 2 device
• Divide FortiGate into two or more virtual devices, each operating
as an independent FortiGate, by configuring virtual domains
(VDOMs)
• Establish an IPsec VPN tunnel between two FortiGate devices
• Compare policy-based to route-based IPsec VPN
• Implement a meshed or partially redundant VPN
• Diagnose failed IKE exchanges
• Offer Fortinet Single Sign-On (FSSO) access to network services,
integrated with Microsoft Active Directory (AD)
• Deploy FortiGate devices as an HA cluster for fault tolerance and
high performance
• Deploy implicit and explicit proxy with firewall policies,
authentication, and caching
• Diagnose and correct common problems