Fortinet: FortiGate Next-Generation

Firewall Training

www.routehub.net

Michel Thomatis, CCIE #6778

Chief Network Architect and Lead Trainer
Type of Security Solutions
• Firewall Services (1st Generation Services, NGFW Services)
• Filtering based on Network, IP, Protocols
• Filtering based on Users Identity – (External Security Control)
• Filtering based on Applications, Micro-Applications, URL, OS, Web Browser, Device

• VPN Services
• Site VPN (IPSec), Client VPN (IPSec, SSL)

• IPS Services (NGFW)

• Passive, Active

• Content Filtering Services (NGFW)

• Anti-Virus, Malware, URL

• Identity Access Control Services

• User Identity, User Endpoint - (Internal Security Control)
Fortinet: FortiGate Firewall Series
• Business Size | Performance | Port Capacity | Features
Fortinet FortiGate : Features
• Advanced Routing
• Security Policies
• NAT
• SSL Decryption/Inspection
• UTM (Anti-Virus, IPS, Application Control, Web Filter, Endpoint Control)
• Two Factor Authentication
• File Blocking
• Email Filter
• Client VPN
• Site VPN
• Traffic Shaping
• WAN Optimization
Design : Overview
Design : Topology & Deployment
• LAN or Data Center Topology
• 1-Tier Topology (Collapsed Core)
• 2-Tier Topology (Collapsed Core, Access)
• 3-Tier Topology (Core, Aggregation, Access)

• Firewall Topology & Deployment

• In-line between LAN/Data Center & Internet Edge
• In-line between LAN/Data Center & Other network (e.g. Wireless)
Design : Networks
• WAN – Network connected to the external network ( Internet cloud)
• Public network – 172.31.106.0 /29

• LAN – Network connected to the internal network

• Transit to Internet Edge – 172.17.99.16 /29
• User Network – 172.17.101.0 /24 (VLAN 101)
• Server Network – 172.17.201.0 /24 (VLAN 201)

• Guests & BYOD – a restricted network for guest and BYOD users
• Guest/BYOD Wired – 172.17.11.0 /24 (VLAN 11)
• Guest/BYOD Wireless – 172.17.102.0 /24 (VLAN 102)

• VPN – a network dedicated for VPN user access

• Client Network – 172.17.250.0
Design : Routing
• Internal Routing - Routing between Internal network (LAN, Data Center) and Firewall
• OSPF, RIP, Static

• External Routing - Routing between Internet and Firewall

• Static, BGP
Design : VPN
• Client based VPN – VPN tunnel between the firewall and user’s computer/laptop
• IPSec VPN, SSL VPN

• Site based VPN – VPN tunnel between two VPN devices (routers, firewalls)
• IPSec VPN
Design : Security
• Basic Filtering
• Filtering based on Network (Protocol, IP, Port)
• Filtering based on Users Identity (Active, Passive)
• Filtering based on Device/Endpoint
• Two-Factor Authentication using Tokens

• Advanced Filtering
• Application Control (Filtering based on Application, Micro-Application)
• IPS
• Anti-Virus
• Web Filtering (URL Filtering)
• Endpoint Control
• File Blocking
• Traffic Shaping
Video Topics
Continue to practical videos