Description

FortiGate NSE-7 Syllabus

Fundamental of FortiGate SD-WAN

• Introduction
• SD-WAN Zone
• SD-WAN Members
• SD-WAN Components
• SD-WAN Layers
• Function of FortiManager and FortiAnalyzer
• FortiGate Data Plane, Control Plane and Security
• SD-WAN Pillars

           Underlay, Overlay, Routing, Security, Zone, Member, SLA, Rules

• SD-WAN Architecture

            Single Device, Single Hub, Dual Hub

• Data in Motion Terminologies

            Bandwidth, Congestion, Types of Delay, Jitter, Latency, Packet Loss

• FortiGate ECMP Load Balancing Methods

              Source IP based, Source and Destination IP based, Weight based, Usages based

• ECMP Vs SD-WAN
• FortiGate Policy Routing
• FortiGate Route Selection Process

FortiGate ECMP LAB

• Basic Configuration of FortiGate Firewall
• Configuring Static Route for both ISPs
• Verification of Routing Table ( Path Selection-AD & Priority)
• Configuring and Verification of Load Balancing Methods

1. 1. 1. Source-ip-based,
      2. Source-dest-ip-based,
      3. Weight-based, Usage-based

FortiGate SD-WAN LAB

• Basic Configuration of FortiGate Firewall
• Configuring SD-WAN Zone and its Membership
• Configuring Static route for SD-WAN
• Configuring and Verification of SD-WAN Load Balancing Methods

1. 1. 1. Source-ip-based
      2. Source-dest-ip-based,
      3. Sessions(Weight),
      4. Spillover(Usages), Volume

FortiGate SD-WAN Rules Strategy LAB

• Basic configuration, SD-WAN Zone, Membership, SD-WAN Static route, Firewall policy
• Configuring and Verification of SD-WAN Rules Strategy

1. 1. 1. Manual, Best Quality,
      2. Lowest Cost,
      3. Maximize Bandwidth

SD-WAN Performance SLA LAB

• Configuring and Verification of SD-WAN Performance SLA
  • 1. Probe mode( Active, Passive, Prefer Passive)
    2. Protocols ( Ping, HTTP,DNS), Target Server, Participants
    3. SLA Target ( Latency, Jitter, Packet Loss )
    4. Link Status ( Check Interval, failures before inactive, Restore link after)
    5. Action when inactive ( Update Static route)

IPSec Terminologies

• Plain Text
• Chiper Text
• Encryption and Decryption,
• Symmetric and Asymmetric Encryption,
• Hashing ( MD5, SHA), DH group, CIA, IPsec VPN

FortiGate IPsec Site-to-Site Tunnel LAB

• Site-to-Site IPSec VPN Tunnel - Custom Based
• Site-to-Site IPsec VPN Tunnel – Template Based
• Site-to-Site Aggregate Tunnel
• FortiGate IPSec Remote VPN LAB

1. 1. 1. FortiGate Remote-SSL -VPN-WEB-MODE
      2. FortiGate Remote-SSL -VPN-TUNNEL MODE

FortiGate ( Site-to-Site ) Redundant Tunnels LAB

• Basic configuration of HQ-DC and BRANCH with Static route & LAN-to-WAN Firewall Policy
• Tunnel Configuration HQ-DC and BRANCH TUNNEL-ZONE and Membership ( Mapping of Redundant Tunnels with Zone )
• Static Route for VPN Traffic with exit interface TUNNEL-ZONE ( LAN subnets of HQ-DC and BRANCH)
• LAN to TUNNEL-ZONE Firewall policy with Clone Reverse
• Configuring Loopback Interface for Health Monitoring
• Advertise Loopback subnet in Tunnel Phase-2
• Static Route for Loopback with exit interface TUNNEL-ZONE
• LOOPBACK-HM to TUNNEL-ZONE Firewall policy with Clone Reverse
• Configuring Loopback as a source via CLI for Health Monitoring
• Configuring Performance SLA for Loopback address
• Define SDWAN RULES for VPN traffic ( LAN subnets of HQ-DC and BR-DUBAI
• Verification of REDUNDANT TUNNELS

FortiGate Hub and Spoke Tunnel LAB

• Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
• Configuring Hub and Spoke Tunnel and Tunnel ip
• Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
• Configuring Lan to Tunnel Firewall policy with clone reverse
• Configuring Tunnel to Tunnel Policy on Hub and verification

FortiGate ADVPN ( Auto Discovery VPN ) LAB

• VPN Classification based on Deployment
• ADVPN and Logical Topologies
• ADVPN Messages
• Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
• ADVPN Configuration HUB-DC
• ADVPN Configuration SPOKES
• Configuring ADVPN Tunnel Interface IP via CLI
• Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
• Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet

FortiGate ADVPN Tunnel with SD-WAN LAB

• Basic configuration of HUB-DC and SPOKES with Static route for Underlay connectivity
• Dual ADVPN Tunnels Configuration on HUB-DC
• Dual ADVPN Tunnels Configuration on SPOKES
• Configuring ADVPN Tunnels Interface IP via CLI on HUB and SPOKES
• Configuring BGP with Dynamic peering for both ADVPN on HUB-DC and advertise HUB-DC LAN subnet
• Configuring BGP with Static peering for both ADVPN on SPOKES and advertise SPOKES LAN subnet
• Configuring SDWAN ZONES and Membership for ADVPN and INTERNET on HUB and SPOKES
• Configuring Static Route for INTERNET-ZONE
• LAN-to-INTERNET Firewall Policy on HUB and SPOKES
• LAN-to-ADVPN Firewall Policy and Clone Reverse on HUB and SPOKES
• ADVPN-to-ADVPN Firewall Policy on HUB only
• Configuring LOOPBACK on HUB, Advertise in ADVPN phase-1, LOOP-ADVPN policy with Clone Reverse
• Performance SLA for HUB and SPOKEs, and SDWAN RULES for the Data Traffic
• Verification of ADVPN-SDWAN

Interface Migration to SD-WAN and SD-WAN CLI LAB

• Fortigate Interface Migration to SD-WAN
• Fortigate SDWAN Configuration via CLI

Centralized Management via FortiManager

• Initial Configuration of FortiManager
• Integration of FortiGate Firewall
• Configure FotiGate via Fortimanager-GUI
• Configure FortiGate ADVPN with SD-WAN via FortiManager- CLI Script