Introduction to Fortinet Unified Threat Management Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Introduction to Fortinet Unified Threat Management 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Module Objectives By the end of this module participants will be able to: Identify the major features of the FortiGate Unified Threat Management appliance Access and use the FortiGate administration interfaces Create administrators Configure the FortiGate unit for the lab environment used to complete the hands-on exercises 01-431-0201-RTOL-20110729

Traditional Network Security Solutions Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Traditional Network Security Solutions VPN Intrusion Prevention Application Control Web Filtering WAN Optimization Antispam Antivirus Firewall Maintaining a secure network environment using existing network security technologies (firewall, VPN, virus scanners) is a challenge due to number of reasons. Increasingly sophisticated and rapidly evolving cyber threats evade one or more standalone security technologies. Many single purpose systems needed (spam, viruses, network attacks, block disallowed browsing etc…) to cope with variety of threats The costs and complexities associated with managing an increasingly distributed network with no clear perimeter adds strain to already taxed resources. Variety of systems to manage Variety of network security software interfaces to learn Potential variety of operating systems Manpower to manager multiple security systems The performance and processing power required to provide complete content level protection is difficult to achieve without purpose-built hardware. Software solutions on PC systems can not always provide the same performance as purpose-built hardware solutions for high-volume traffic situations or resource intensive operations like content scanning 01-431-0201-RTOL-20110729

Traditional Network Security Solutions Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Traditional Network Security Solutions VPN Intrusion Prevention Many single purpose systems needed to cope with a variety of threats Application Control Web Filtering WAN Optimization Antispam Antivirus Firewall 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution and more… VPN Intrusion Prevention Application Control Web Filtering WAN Optimization Antispam Antivirus Firewall Fortinet is a leading worldwide provider of Unified Threat Management network security solutions. Comprehensive security and networking solution Incorporates full suite of application (email filtering, data leak prevention), network-level (IPSec, SSL VPN, firewall) and management services (authentication, logging) Address specific needs with single platform Ease of deployment (one device instead of many) Purpose-driven hardware (FortiGate device) Specialized operating system (FortiOS) Dynamic update of services and filters (FortiGuard Subscription Services) Management, reporting, analysis and other network security products (FortiManager etc…) Protection must be provided against the next generation of threats and offer centralized management from a single console, all without impairing the performance of the network 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution and more… VPN Intrusion Prevention Application Control One device provides a comprehensive security and networking solution Web Filtering WAN Optimization Antispam Antivirus Firewall 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution Hardware Purpose-driven hardware 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution FortiOS Hardware Specialized operating system 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution Firewall AV Web Filter IPS … FortiOS Hardware Security and network-level services 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution FortiGuard Subscription Services Firewall AV Web Filter IPS … FortiOS Hardware Automated update service Click here to read more about the Fortinet solution 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution Headquarters Branch office Home office 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution Headquarters Branch office Home office Click here to read more about the Fortinet solution 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Solution Headquarters Branch office FortiGate platform Management, reporting and analysis appliances FortiGuard Subscription Services Home office Click here to read more about the Fortinet solution 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Firewall Firewall policies control all traffic passing through the FortiGate unit. When a packet is received, the FortiGate unit analyzes the content of the packet to determine if the information contained matches a firewall policy that is in place. Matched policies can accept or deny traffic for one or both directions as well as apply IPSEC and SSL VPN policies. Each policy can be configured to route connections or apply Network Address Translation (NAT) to translate source and destination IP addresses and ports. Threat management elements (AV, IPS, DLP etc.) are enabled in firewall policies to apply protection to traffic passing through the firewall. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Antivirus The Antivirus capabilities of the FortiGate unit detect and eliminate viruses, trojans, worms and spyware in real-time. The FortiGate unit scans incoming and outgoing email attachments (SMTP, POP3, IMAP) and FTP and HTTP traffic, including web-based email, without degrading web performance. Antivirus gateways close the vulnerability window by stopping security threats before they enter the network. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Email filtering Email filtering can be configured to manage unsolicited commercial email by detecting spam email messages and identifying spam transmissions from known or suspected spam servers. The FortiGate unit can detect, tag, discard, and quarantine spam. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Web filtering FortiGate web filtering processes all web content against known malicious URLs to block inappropriate material and malicious scripts including Java applets, cookies, and Active X scripts entering the network. Fortinet categorizes more than 40 million domains and billions of web pages to ensure its customers steer clear of malware on the Internet. Three main sections of the web filtering function, namely Web Content Filter, URL Filter and FortiGuard Web Filter, interact with each other in such a way as to provide maximum control and protection for Internet users. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Intrusion prevention IPS functions are responsible for examining traffic and comparing it against known or customized intrusion signatures. The IPS engine and signature database on the FortiGate unit are updated automatically through the FortiGuard Distribution Network. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Application control Application control is used to detect and take actions on network traffic based on the applications generating the traffic. Using FortiGate Intrusion Prevention protocol decoders, Application Control can log and manage the behavior of application traffic passing through the FortiGate unit. Application control can regulate the behavior of applications with a fine level of granularity including: Performing actions such as blocking, passing, traffic shaping, and adding user controls Blocking certain commands. For example, blocking the FTP PUT command Blocking file transfers for instant messaging Inspecting files for malicious content within instant messaging protocols Archiving content for instant messaging 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Data leak prevention The FortiGate Data Leak Prevention (DLP) system prevents sensitive data from leaving the network. An administrator can define sensitive data patterns, and data matching these patterns will be blocked and/or logged when passing through the FortiGate unit. Although the primary use of the DLP feature is to stop sensitive data from leaving the network, it can also be used to prevent unwanted data from entering the network. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities WAN optimization FortiGate WAN optimization applies a number of techniques to improve the efficiency of communication across the WAN. Optimizing the traffic flow between the clients and servers reduces bandwidth requirements, increases throughput, reduces latency and improves privacy. WAN optimization capabilities can also be expanded to remote PCs running FortiClient software and can also be used on secure SSL traffic. WAN optimization techniques built into the FortiGate device include: Protocol optimization Byte caching Web caching Transparent proxy 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Secure VPN FortiGate supports two VPN technologies: Secure Socket Layer (SSL) VPN Typically used for secure web transaction After secure HTTP link has been established between web browser and FortiGate unit, application data is transmitted between the client and device through a secure tunnel All client traffic is encrypted and sent to the FortiGate unit Includes traffic intended for private network and Internet traffic that is normally sent unencrypted Split tunneling can be used so that only traffic for the private network is sent to the SSL VPN gateway while Internet traffic is sent through the usual unencrypted route. SSL supports sign-on to a web portal front-end from which a number applications can be accessed Allow mobile employees, contractors, business partners, and/or customers access to certain administrator-specified corporate resources. Internet Protocol Security (IPSec) VPN IPsec VPNs provide users at geographically distributed locations access to all their usual corporate network resources as if they were on the LAN. Securely provides employees around the world with always-on connectivity and access to the corporate resources Well suited for legacy applications (not web-based) IP packets are encapsulated by the VPN client and server software running on the hosts IPSec VPN covered in separate module 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Wireless 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Dynamic routing Dynamic routing enables the FortiGate unit to automatically share information about routes with neighboring routers and learn about routes and network advertised by neighboring routers. The FortiGate unit supports the following dynamic routing protocols: Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Endpoint compliance The FortiGate unit can monitor client computers on the network to ensure their compliance to corporate standards for installed software. The device can detect software running on the client computer, including FortiClient and display the status for administrators. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Virtual domains Virtual domains divide a FortiGate unit into multiple separate units so that a single FortiGate appliance can be used to serve multiple organizations. Each VDOM has separate routing and firewall policies. Each interface, physical of virtual, belongs exclusively to one virtual domain. This simplifies administration because the administrator can only see the interfaces, routing tables and firewall policies for the VDOM being configured. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Traffic shaping Traffic shaping controls available bandwidth and priority of traffic. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities High availability FortiGate High Availability (HA) provides a solution for two key requirements of critical enterprise networking components: Enhanced reliability Increased performance FortiGate HA is implemented by configuring two or more FortiGate units to operate as an HA cluster. To the network, the HA cluster appears to function as a single FortiGate unit, processing network traffic and providing normal security services such as firewall, VPN, IPS, virus scanning, web filtering and spam filtering services. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Logging and reporting Logging and reporting can provide tools for historical and real-time analysis of network usage. 01-431-0201-RTOL-20110729

FortiGate Capabilities Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Capabilities Authentication Authentication controls access to protected resources and includes the following types: Authentication of local users. A local user is a user configured on a FortiGate unit. The FortiGate unit stores the user names and passwords of the users and uses them to authenticate users. Authentication of remote clients. Users who access the corporate network from home or while traveling could use the same user name and password that they use at the office. If using authentication servers, the servers must be configured before configuring FortiGate users or user groups that require them. The FortiGate unit can be configured to work with the following external authentication servers: LDAP RADIUS TACACS+ FSSO (Fortinet Single Sign On) Digital Certificates Tokens PKI Authentication for FortiGate administrative users. Click here to read more about the capabilities of the FortiGate device 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components Intel CPU 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components FortiASIC content processor 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components FortiOS 4.0 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components DRAM and flash memory 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components Hard disk 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components Interfaces 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components Console port 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components USB port 01-431-0201-RTOL-20110729

FortiGate Unit Components Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate Unit Components Wireless Module slot bays FortiGate unit components: Wireless FortiWifi devices for wireless communications Module slot bays Blade card installed in a chassis PC card slot PCMCIA card slot for expansion PC card slot 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Fortinet Appliances FortiAnalyzer FortiBridge FortiWifi FortiAP FortiMail FortiCarrier FortiWeb FortiGate-ONE FortiManager FortiDB FortiSwitch FortiManager: Manage all Fortinet products from a centralized console Minimize administration effort Collect all device configurations Configure, deploy changes and maintain devices FortiMail: Multi-layered email security Multiple filtering mechanisms (IP address, email address, black/white list, DNSBL…) Dedicated email spam filtering Email quarantining and archiving User-based quarantine Archiving for analysis and regulatory compliance support Server Mode for full messaging server functionality FortiAnalyzer: Centralized analysis and reporting Aggregates log data from multiples devices Comprehensive view of network usage Discover and address security vulnerabilities Quarantine and content archiving FortiScan: Integrates endpoint vulnerability management, compliance, patch management, remediation, auditing and reporting Identify vulnerabilities and exposures on hosts and servers FortiBridge: Automatically bridges network traffic, re-routing network traffic around inline security infrastructure in the event of a power outage or system fault. FortiCarrier: Extend integrated security to service provider’s IP network Supports the security requirements of three unique businesses within the service provider industry: MSSPs, voice operators, and mobile operators. GTP (General Radio Service Tunneling Protocol) firewall, secure MMS with scanning of all interfaces, SIP/IMS signaling firewall FortiDB: Solution to secure databases and applications such as ERP, CRM and SCM Addresses vulnerability management, Database Activity Monitoring, data loss prevention, auditing and compliance FortiClient: Endpoint security for desktops, laptops, mobile devices Personal firewall, IPSec VPN, antivirus, email filtering, web content filtering FortiGuard keeps FortiClient up-to-date FortiWiFi: Protects wireless-enabled remote locations, branch offices, and retail networks with Fortinet's market-leading security FortiWeb: Protect, balance and accelerate web applications, databases and information transfers Protect web-based applications XML security enforcement, application acceleration and server load balancing Assists in compliance with industry or government mandates such as PCI DSS FortiSwitch: Designed to meet needs of high-speed interconnected applications Server virtualization, data center consolidation, cloud computing Build high speed, resilient, scalable networks Multi-path switching, Dynamic Congestion Avoidance Switch data flows to lowest latency path Avoid congestion while maintaining full Ethernet compliance FortiGate Voice: Combines the functionality of a multi-threat security gateway, VoIP gateway, IP PBX, router and switch into a single, integrated device FortiAP: Secure Wireless Access Extend the FortiGate Unified Threat Management (UTM) advantages to wireless network FortiAP tunnels all its traffic to the wireless controller integrated into every FortiGate platform (above model 50.) This traffic undergoes identity-aware firewall policies and UTM engine inspection and only authorized wireless traffic is forwarded. FortiGate-ONE: Enables HP ProCurve customers to deploy a single blade with integrated firewall, antivirus/antispyware, IPS, IPSec and SSL VPN, web filtering, antispam, application control, data loss prevention and dynamic routing for IPv4 and IPv6 FortiScan FortiClient FortiVoice 01-431-0201-RTOL-20110729

FortiGuard Subscription Services Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGuard Subscription Services Advantages of FortiGuard Subscription Services: Extend value of initial investment Always protecting with latest updates Dynamic updates Antivirus, intrusion prevention, web filtering, email filtering, application control, vulnerability assessment Updated 24 x 7 x 365 Data centers around the world Secure, high availability locations 01-431-0201-RTOL-20110729

Device Administration Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Device Administration Web Config CLI Two mechanisms for performing management tasks: Web Config: Configure and monitor FortiGate device through web browser CLI: Command line interface Serial connection between management computer and device Terminal emulation software required HyperTerminal, PuTTY etc The following settings must be configured in the terminal emulation software to connect to the CLI: Bits per second: 9600 Data bits: 8 Parity: None Stop bits: 1 Flow control: None Includes advanced configuration options not available in Web Config. The CLI is structured as follows: Commands config Objects config system Tables config system interface Sub-commands edit port1 Fields and values set ip 172.20.110.251 255.255.255.0 Command help ? config ? config system ? Command completion ? or <tab> c? config + <space> + <tab> Recalling commands Down arrow and up arrow Editing commands <CTRL> + <key> Beginning of line: CTRL+A End of line: CTRL+E Back one character: CTRL+B Forward one character: CTRL+F Delete current character: CTRL+D Previous command: CTRL+P Next command: CTRL+N Abort the command: CTRL+C Exit the CLI if used at the root prompt: CTRL+C Line continuation use \ at end of each line Command abbreviation get system status can be abbreviated to: g sy st IP address formats 192.168.1.1 255.255.255.0 192.168.1.1/24 Click here to read more about using the CLI 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Administrators Read-only access Full access Administrators are responsible for the configuration and operation functions of the FortiGate device. Default administrator name: admin Default password blank, should set password on first login Levels of administrative control: Full read/write control Read-only access Customized access VDOM and Global privileges for access profiles: CLI command scope provides the ability for access profiles to contain VDOM privileges or Global privileges (all VDOMS and global settings) Access profile privilege can be used to apply an access profile to an administrator account specific for VDOM configuration Example: config system accprofile edit "SpecialAdmin“ set admingrp read set authgrp read-write set endpoint-control-grp read-write set fwgrp read-write set loggrp read unset menu-file set mntgrp read set netgrp read set routegrp read set scope global set sysgrp read set updategrp read set utmgrp custom set vpngrp read-write config utmgrp-permission set antivirus read-write set application-control read-write set data-loss-prevention read-write set ips read-write set spamfilter read-write set webfilter read-write end Customized access Scope: VDOM or Global 01-431-0201-RTOL-20110729

Global Scope Super Admin Profiles Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Global Scope Super Admin Profiles 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Admin Profiles Read Read-Write System Configuration Network Configuration Firewall Configuration UTM Configuration VPN Configuration etc Admin Profile Admin profiles are used to define permissions assigned to administrators. Create new profile, assign permissions then apply the profile to any user who is to have these described administrative abilities. 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Administrators Full access Custom access Full access within a single virtual domain An identity must be created for each administrative user assigned to a FortiGate device. Pick profile for the admin: super_admin Full access Cannot be deleted prof_admin Allowed same access as super_admin, but can be modified as needed Tied to specific VDOMs Custom Select level of access (none, read only, read-write) super-admin profile custom profile prof-admin profile 01-431-0201-RTOL-20110729

Administrator Authentication Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Administrator Authentication Username and Password (one factor) FortiToken (two factor) + 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Device Configuration Setting Setting Interface Addressing: Number of physical interfaces varies per model. Interface configuration options include: Manual (static) DHCP PPPoE DNS: Various functions of the FortiGate device make use of DNS services including alert emails, web filtering, etc. Lower end models can retrieve DNS server information automatically One interface must use DHCP FortiGate unit can provide DNS forwarding Backup and Restore: Backups can be saved to different locations. Local PC FortiManager USB disk Backup can also be encrypted. Required to backup VPN certificates Firmware Upgrades: Firmware file must be obtained from Fortinet Apply upgrade through: Web Config CLI Disk Usage: Track capacity of FortiGate device hard disk DHCP: The FortiGate unit can operate as a DHCP server to assign IP addresses to PCs on the network. The default DHCP server is called internal. Define a range of addresses Addresses leased to PCs as needed *.conf 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Device Configuration Device configuration settings can be saved to an external file Optional encryption The file can be restored to rollback device to a previous configuration SCP supported for configuration restore FortiGate unit acts as SCP server set admin-scp enable Example - Restore from Linux scp <local config filename> <admin_username>@<FGT IP_Addr>:fgt-restore-config *.conf 01-431-0201-RTOL-20110729

Per VDOM Configuration File Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Per VDOM Configuration File 01-431-0201-RTOL-20110729

Configuration Restore using SCP Protocol Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Configuration Restore using SCP Protocol Must rename to sys_config during upload scp <fgt-upload.conf> admin@192.168.3.254:sys_config Full configuration file Includes all VDOMs 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DHCP Server – IP Reservation 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DHCP Server – IP Reservation IP address reserved and always assigned to the same DHCP host Select an IP address or choose an existing DHCP lease to add to the reserved list Identify the IP address reservation as either DHCP over Ethernet or DHCP over IPSec MAC address of the DHCP host is used to look up the IP address in the IP reservation table 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management FortiGate DNS Server Resolve DNS lookups from an internal network Methods to set up DNS for each interface: Relay DNS requests to the DNS servers configured for the unit Resolve DNS requests using a FortiGate DNS database Unresolved DNS requests are dropped Split DNS configuration DNS requests can be resolved using a FortiGate DNS database and any unresolved DNS requests can be relayed to DNS servers configured for the unit One DNS database can be shared by all the FortiGate interfaces If VDOMs are enabled, a DNS database needs be created in each VDOM 01-431-0201-RTOL-20110729

DNS Server Configuration Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DNS Server Configuration DNS zones need to be added when configuring the DNS database Each zone has its own domain name DNS entries are added to each zone An entry includes a hostname and the IP address it resolves to Each entry also specifies the type of DNS entry IPv4 address (A) or an IPv6 address (AAAA) name server (NS) canonical name (CNAME) mail exchange (MX) name IPv4 (PTR) or IPv6 (PTR) 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DNS Service Add a new DNS Service to an interface and select a mode: Recursive Non-recursive Forward to System DNS (forward-only) CLI equivalent: config system dns-server edit wan1 set mode recursive 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DNS Zones Create a new zone (Master) 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DNS Zones Create a new zone (Slave) 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management DNS Records Add DNS entries 01-431-0201-RTOL-20110729

Classroom Lab Topology Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Classroom Lab Topology 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Labs Lab – Virtual Lab Environment Basics Logging in to the Virtual Lab Environment Click here for instructions on accessing the virtual lab environment Lab - Initial Setup Exploring the CLI Accessing Web Config Configuring Network Interfaces Configuring the FortiGate DNS Server Enabling DNS Recursive Configuring Global System Settings Configuring Administrative Users Click here for step-by-step instructions on completing this lab 01-431-0201-RTOL-20110729

Course 201 – Administration, Content Inspection and SSL VPN Introduction to Fortinet Unified Threat Management Student Resources Click here to view the list of resources used in this module 01-431-0201-RTOL-20110729