Fortinet

Fortinet's FortiGate firewalls and security appliances are widely used for network security, offering robust features like intrusion prevention, VPN, web filtering, and more. Fortinet offers various training courses and labs to help you become proficient with their devices, especially focusing on the FortiGate firewall. The most common certification path is the Fortinet Network Security Expert (NSE), and the corresponding labs are designed to cover everything from basic configuration to advanced security techniques.

Here’s a list of Fortinet labs you would typically encounter, especially as part of NSE 4 (the certification for FortiGate firewall configuration and management), but they also apply to earlier levels like NSE 3:

1. FortiGate Basic Configuration Labs

• Objective: Learn how to perform the initial setup of a FortiGate device.

• Topics:

1. Initial Configuration: Set up basic networking on a FortiGate firewall (IP addresses, interfaces, DNS).
2. Administrator Access: Learn how to configure admin accounts and access settings.
3. Basic Routing Setup: Configure static routes and interface routes for routing traffic.
4. System Backup and Restore: Learn how to back up and restore configurations.

• Labs:

1. Configure a FortiGate unit with a WAN and LAN interface, set IP addresses, configure access control for admin users, and back up the configuration.

2. FortiGate Security Policy Labs

• Objective: Configure security policies to control traffic through the firewall.

• Topics:

1. Firewall Policy Setup: Create policies to allow or block traffic between interfaces.
2. Application Control: Enable and configure application control for traffic inspection.
3. User Authentication: Set up user authentication to control access to the network.
4. Logging and Monitoring: Configure logging for firewall rules to track network activity.

• Labs:

1. Set up a firewall policy allowing HTTP traffic from the LAN to the WAN and block all other inbound traffic from the internet.
2. Implement application control to block access to social media apps on the network.

3. VPN Configuration Labs

• Objective: Set up and configure various VPN solutions to ensure secure communication between remote and local networks.

• Topics:

1. IPsec VPN: Configure site-to-site VPN using IPsec for secure communication between branch offices.
2. SSL VPN: Configure clientless SSL VPN for remote access to the network.
3. VPN Tunnel Monitoring: Monitor VPN tunnels to ensure proper functionality and troubleshoot when necessary.
4. High Availability in VPNs: Set up redundant VPN tunnels for failover.

• Labs:

1. Set up an IPsec VPN between two FortiGate firewalls at different locations to securely route traffic between them.
2. Configure an SSL VPN and verify that remote users can access internal resources through a secure web portal.

4. FortiGate High Availability (HA) Labs

• Objective: Learn how to configure high availability (HA) for FortiGate devices to ensure network reliability.

• Topics:

1. Active-Passive HA: Configure FortiGate devices in active-passive mode for failover.
2. Cluster Configuration: Set up a FortiGate cluster to ensure redundant firewall operation.
3. HA Monitoring: Monitor the HA status and troubleshoot cluster issues.

• Labs:

1. Configure two FortiGate firewalls in HA mode and verify that the passive unit takes over when the active unit fails.
2. Implement link monitoring to ensure that failover happens when the primary link goes down.

5. FortiGate Advanced Security Features Labs

• Objective: Master advanced security features for more granular control and enhanced network protection.

• Topics:

1. Intrusion Prevention System (IPS): Configure IPS to block known vulnerabilities and attacks.
2. Web Filtering: Implement web filtering policies to block access to malicious or non-productive websites.
3. Antivirus/Anti-spam: Set up antivirus and anti-spam protection to prevent malware and unwanted emails from entering the network.
4. Deep Packet Inspection (DPI): Use DPI to inspect application traffic for vulnerabilities and malware.

• Labs:

1. Configure IPS on a FortiGate unit to block specific types of attacks (e.g., DDoS, SQL Injection).
2. Set up web filtering to prevent access to social media sites and configure antivirus protection for HTTP traffic.

6. FortiGate NAT and Routing Labs

• Objective: Learn to configure NAT (Network Address Translation) and advanced routing techniques.

• Topics:

1. Source NAT and Destination NAT: Set up NAT rules to manage traffic between internal and external networks.
2. Policy-based Routing: Implement routing policies based on traffic source or destination.
3. Virtual Routers: Configure virtual routers on FortiGate for multi-homing.
4. Static and Dynamic Routing: Set up and troubleshoot static routes, and configure dynamic routing protocols such as OSPF.

• Labs:

1. Configure Source NAT for internet access, ensuring all internal devices share a single public IP address.
2. Set up OSPF on FortiGate devices for dynamic routing between multiple offices.

7. FortiGate User Authentication and Identity Management Labs

• Objective: Learn to integrate user identity management and control access based on user roles.

• Topics:

1. Local User Authentication: Set up local user authentication and define user roles.
2. RADIUS Integration: Configure RADIUS for centralized user authentication.
3. LDAP Authentication: Integrate FortiGate with an LDAP server to authenticate users.
4. User Groups: Create user groups and assign access rights based on roles.

• Labs:

1. Configure local authentication for VPN users, and use RADIUS to authenticate users against a central authentication server.
2. Create user groups that allow access to specific applications or networks based on the user's role.

8. FortiGate Logging and Monitoring Labs

• Objective: Master the logging and monitoring tools to track and analyze network activity.

• Topics:

1. Log Management: Set up logging for different types of traffic (e.g., web traffic, VPN connections).
2. FortiAnalyzer Integration: Integrate FortiGate with FortiAnalyzer for advanced logging and reporting.
3. SNMP Monitoring: Configure SNMP for remote monitoring of FortiGate devices.
4. Traffic Analytics: Use FortiGate’s traffic analytics to visualize and troubleshoot network traffic patterns.

• Labs:

1. Set up FortiGate to send logs to FortiAnalyzer, then generate reports on traffic trends.
2. Configure SNMP to send monitoring data to a network management system for performance tracking.

9. FortiGate Content Filtering Labs

• Objective: Implement content filtering to block unwanted or harmful content on the network.

• Topics:

1. URL Filtering: Set up URL filtering to block access to websites based on categories or specific URLs.
2. Application Control: Configure application control policies to manage specific apps and protocols.
3. FortiGuard Services: Integrate FortiGuard services to enhance content filtering and security.

• Labs:

1. Block access to specific categories of websites (e.g., adult content or social media) using FortiGate’s web filtering feature.
2. Use application control to restrict access to certain applications like Skype or BitTorrent.

10. FortiGate Troubleshooting Labs

• Objective: Develop troubleshooting skills to identify and resolve common network issues on FortiGate devices.

• Topics:

1. Diagnostics Tools: Use FortiGate’s built-in diagnostic tools (e.g., ping, traceroute, packet capture) to troubleshoot network problems.
2. System Logs: Analyze system logs and firewall logs to identify issues.
3. Packet Capture: Perform packet captures on interfaces to troubleshoot connectivity problems.

• Labs:

1. Use the FortiGate’s packet capture tool to troubleshoot a connectivity issue between two networks.
2. Analyze the logs to identify why a VPN tunnel is not coming up.

11. FortiGate SD-WAN Labs

• Objective: Set up and manage Software-Defined WAN (SD-WAN) features for efficient traffic distribution across multiple WAN links.

• Topics:

1. SD-WAN Configuration: Set up SD-WAN to intelligently route traffic across multiple WAN links based on real-time performance metrics.
2. Traffic Shaping: Configure traffic shaping for specific applications to ensure quality of service (QoS).
3. Link Health Monitoring: Monitor the health of WAN links and perform automatic failover.

• Labs:

1. Configure SD-WAN with multiple ISP links and set up load balancing and failover.
2. Implement traffic shaping to prioritize voice and video traffic over less time-sensitive traffic.