Certification Fortinet FCNSP Intitulé du Cours Système de Sécurité FortiGate - Administration, Inspection du Contenu et VPN SSL - Déploiement d un réseau sécurisé et Réseaux Privés Virtuels Référence Cours 201 + 301 v5.0 Durée 5 jours Produits étudiés - FortiGate - FortiClient Certification Ce cours prépare à la certification FCNSP v5.0 Pré-Requis Avant de participer à ce cours, les étudiants doivent avoir des connaissances dans les domaines listés ci-dessous : Réseau TCP/IP Sécurité des réseaux Concept de «Firewall» Réseau privé virtuel (IPSECn SSL et PPTP) Bases sur les protocoles de messagerie (SMTP, POP3, IMAP) et web (http) Bases sur la détection et prévention d intrusion
Objectif des cours 201 et 301 Au cours de ces 2 jours, les participants appréhenderont la configuration et l'administration des fonctionnalités UTM du FortiGate. Grâce à des modules interactifs, les participants explorent les politiques de pare-feu, d'authentification de l'utilisateur, de VPN, de détection de virus, de filtrage de messagerie, de filtrage web, de contrôle des applications et plus encore. Les concepts fondamentaux d administration des FortiGate apportent une solide compréhension de la façon d'intégrer et d assurer la maintenance opérationnelle pour une performance optimale dans les entreprises. Au cours des 3 jours supplémentaires, l accent est mis sur le routage, les domaines virtuels, le mode transparent, la haute disponibilité, l IPSec VPN avancé, l IPS, le SSO Fortinet, la gestion des certificats, la protection contre les fuites d information, le contrôle applicatif et l'utilisation des ressources. A l'issue des 5 jours de cours, les participants pourront passer l examen de certification Fortinet Certified Network Security Professional afin d obtenir le statut d ingénieur certifié FCNSP v5.0. Cette certification reconnue par l'industrie a de nombreux avantages, notamment: l'accès direct au support technique Fortinet de niveau 2, la participation au programme Beta, et l utilisation du logo FCNSP. Contenu du cours 1er Jour : Modules 1 à 5 cours 201 Module 1 : Introduction à l UTM (Fortinet Unified Threat Management) o Unified Threat Management o La Solution Fortinet o Les Appliances FortiGate Fonctionnalités et Composants o Administration du boiter (Upgrade du Firmware, Downgrade) o Administrateurs o Configuration initiale du device (IPs, Gateway, DHCP, DNS) Module 2 : Logging and Monitoring o Les différents niveaux de Logs o Stockage des Logs o Les Types de Logs o Structure et comportement des Logs o Generation Traffic Log o Visualisation des fichiers de Logs (Log Viewer Filtering, Raw Logs) o Alert Email o SNMP o Event Logging o Monitoring o Personalization du Status Widgets (GUI)
Module 3 : Règles de Firewall o Règles de Firewall (Types, Sous-types, Actions) o Identification des Devices (Bring Your Own Device - BYOD) o Firewall Address Objects, Interfaces, Service Objects o Traffic Logging o Network Address Translation (Source NAT) o NAT Dynamic IP Pool (Source NAT) o Central NAT o Traffic Shaping o Source NAT IP Address and Port o Fixed Port (Source NAT) o Virtual IPs (Destination NAT) o Threat Management o Politiques Denial de Service o Endpoint Control o Firewall Policy Object Management (Object Tagging) o Monitoring des Politiques Module 4 : Authentification o Authentication locale des utilisateurs o Authentification utilisateurs via Remote Server o Groupes d Authentication Utilisateurs o Identity-Based Policies o Disclaimers o Password Policies o Authentication Bi-Factor o Policy Configuration o User Monitor Module 5 : SSL VPN o Virtual Private Networks o FortiGate Device VPNs o SSL VPN Operating Modes (Web-Only, Tunnel) o Groupes d utilisateurs o Authentication o SSL VPN Server Certificate o Encryption Key Algorithm o Web Portal Interface o Full-Access Web Portal Interface o Tunnel Mode Split-Tunnelling o Client Checking (Integrity Checks, Host Checks) o Tunnel Mode Connection o Client Port Forward o Policy de Desauthentication o Access Modes (Web Mode, Tunnel Mode, Port Forward Mode)
o SSL VPN Configuration 2 nd Jour : Modules 6 à 10 cours 201 Module 6 : IPSec VPN o IPSec VPN o Internet Key Exchange o Definition des Phase 1 and Phase 2 Parameters o IPSec VPN Modes (Interface Mode, Tunnel Mode) o Overlapping Subnets o Topologies IPSec o Monitor IPSec VPN o Configuration VPN IPSec Module 7 : Antivirus o Conserve Mode o Antivirus Fail-Open o Antivirus Overview o Scanning Order o Proxy-based Scanning o Flow-based Scanning o Virus Databases o Unknown and Known Viruses o Heuristic Scanning o Antivirus Profiles o UTM Proxy Options o Quarantine o Logging Module 8 : Filtrage Email o Email Filtering o Spam Actions o Email Filtering Methods o Email Filtering Order of Operations (SMTP) o Email Filtering Order of Operations (POP) o FortiGuard IP (Address, URL, Email Address and Email Checksum Check) o IP Address Black/White List (BWL) o Email Address Black/White List o HELO DNS Lookup o Return Email DNS Check o Banned Word Check o MIME Headers Check o DNSBL and ORDBL Check o Dealing with False Positives o FortiGuard Email Filtering Options o Email Filter Profile
Module 9 : Filtrage Web o Vue globale du Filtrage Web o Types de Filtrage Web (Proxy-based, Flow-based, DNS-based) o Activation du Web Filtering o HTTP Inspection Order o Web Content Filtering o Web URL Filtering o Forcing Safe Search o FortiGuard Category Filter o FortiGuard Caching, Usage Quotas, Rating Submissions and Rating Overrides o Local Categories o Filtering Actions (Warning, Authenticate) o Web Filter Profiles Module 10 : Application Control o Application Control Overview o Application Control Lists o Application Control Profiles o Order of Operations o Implicit Rules o Creating Filter Rules o Application Categories o Proper Identification o Functional Overview (Under the Hood) o Peer-to-Peer Detection 3 ème Jour : Modules 11 à 14 cours 301 Module 11 : Routage o Routing Table Elements o Viewing Routing Information o Route Selection Process o Routing Table Refresh o Policy Routing o Black hole Routes o Reverse Path Forwarding o Equal Cost Multipath o Dead Gateway Detection o Reverse Path Forwarding Modes o Strict Reverse Path Forwarding o Dynamic Routes o Multicast Routing o Routing Diagnostic Commands o Packet Sniff Command
Module 12 : Virtual Networking o Virtual Local Area Networks o VLAN Tags o VLANs on a FortiGate Appliance o Virtual Domains and Settings o Enabling Virtual Domains o Accessing a Virtual Domain Configuration o VDOM Resource Limits o Per-VDOM Configurations o Virtual Domain Administrators o Inter-VDOM Links o Independent VDOM Configuration o Management VDOM Configuration o Meshed VDOM Configuration Module 13 : Transparent Mode o Operating Modes o NAT/Route Mode o Transparent Mode o Forwarding Domain o VLANs on a FortiGate Unit in Transparent Mode o Port Pairing o Transparent Bridge o Broadcasting Domain o Forwarding Domain o Spanning Tree Protocol o Link Aggregation Module 14 : Haute-Disponibilité o High Availability Overview o Cluster Membership o Cluster Units o Primary Unit Selection o Viewing Cluster Members o Modes of Operation (Active-Passive, Active-Active) o Primary Unit (Master) o Subordinate Unit (Slave) o Workload o Subordinate Unit Failure o FortiGate Clustering Protocol o Virtual MAC Addresses and Failover o FGCP Heartbeat o Heartbeat Interfaces and IP Addresses o HA Configuration Synchronization o Load Balancing AV Scan Sessions SYN
o Device Failover o Link Failover o Session Failover o Virtual Clustering o Firmware Upgrades o Full Mesh HA 4 ème Jour : Modules 15 à 18 cours 301 Module 15 : Advanced IPSec VPN o Dialup VPN o IPSec Topologies o Hub-and-Spoke VPN o Full/Martial Mesh VPN o FortiGate Device and Third-Party VPN o VPN Tunnel Name Behavior o Hub-and-Spoke Working Example o IPSec Debugging o VPN Troubleshooting Module 16 : Intrusion Prevention System o Aperçu Intrusion Prevention System o Protocol Decoders o Predefined Signatures o FortiGuard Intrusion Prevention System Service o Custom Signatures o Custom Signature Syntax and Examples o IPS Sensors and Filters o IPS Overrides o Denial of Service Attacks o Denial of Service Policies o SYN Flood Attacks o ICMP Sweep o DDoS Attacks o Logging o One-Arm (Sniffer) Module 17 : Fortinet Single Sign On (FSSO) o Directory Services Authentication o FSSO Overview o FSSO Components o FSSO Domain Controller Agent Mode o FSSO Polling Mode o FSSO Using NTLM Authentication
Module 18 : Certificate-Based Operations o Cryptography Overview o Symmetric and Asymmetric Cryptography o Diffie-Hellman o Digital Certificates o Secure Socket Layer Security o Generating a Certificate Request o Importing Certificates o Importing the CA Certificate o Backing Up and Restoring Certificates o Certificate Revocation List o SSL Content Inspection o Purpose of a Certificate o Enabling SSL Inspection 5 ème Jour : Modules 19 à 21 cours 301 Module 19 : Advanced Application Control o Instant Messenger o Fine Tuning Instant Messenger o Instant Messenger Users o Monitoring o Traffic Shaping Working Example o Investigating Lack of Resources o Memory Diagnostics o AV/IPS Troubleshooting o Process State o CPU Troubleshooting o Testing Hardware and Memory o Loading a Test Image Module 20 : Data Leak Prevention o Data Leak Prevention Overview o File Type Filtering o File Name Pattern o Message Filter o File Filter List o Document Fingerprinting o DLP Archiving o Data Leak Prevention Profile Module 21 : Putting It All Together