Corso Fortinet, Corso Fortinet NSE, Corso NSE Professional, Corso Security, Corso CyberSecurity, Corso Network Security Expert, Corso Fortinet NSE 4,Certificazione Fortinet NSE

Corso Fortinet NSE4 Network Security Professional

Panoramica Obiettivi Contenuti
Tipologia Prerequisiti Durata e Frequenza
Docenti Modalità di Iscrizione Calendario

PANORAMICA

Corso di preparazione al conseguimento della:
Certificazione Fortinet NSE4 Network Security Expert Professional

Sintesi Statistica :
Corsi realizzati: 31;
Numero Corsisti: 294;
Superamento Esame: 97,10%

Agevolazioni per Disoccupati Inoccupati e lavoratori a Termine

Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti Fortinet CLICCA QUI.
Oppure chiamaci subito al nostro numero verde 800-177596.

OBIETTIVI DEL CORSO

La cyber security è l’insieme delle pratiche e dei processi atti a proteggere le reti e I sistemi informatici. Le applicazioni e i dati devono essere difesi da attacchi, da interruzioni e da accessi non autorizzati. Come è stato ampiamente previsto, tutte queste problematiche, riguardano ormai qualsiasi realtà socio-economica indipendentemente dalle sue dimensioni. Tutte le statistiche indicano una mancanza cronica di competenze tecniche adeguate a contrastare le presenti e le future minacce. In tale contesto nasce il programma Fortinet academy che si propone di ridurre il notevole skills shortage che, in questo ambito professionale, si è venuto a manifestare. Le tecnologie Fortinet sono dedicate verticalmente alle tematiche di sicurezza e hanno avuto un’esponenziale diffusione tra le piccole e medie imprese fino ad aggredire realtà aziendali sempre più grandi. Il percorso formativo Fortinet NSE 4 fa parte del programma Network Security Expert Program ed è propedeutico alla Certficazione NSE Professional (Network Security Expert Professional). Al termine del percorso il partecipante avrà acquisito le competenze per implementare le principali tecnologie di security imprescindibili in ogni realtà aziendale. Benché esse siano veicolate attraverso tecnologie Fortinet, il corso mette nelle condizioni lo studente di operare su piattaforme diverse. Il corso è caratterizzato da una forte componente pratica sviluppata su laboratori Ufficiali Fortinet.

CONTENUTI DEL CORSO

FortiGate Infrastructure

Routing on FortiGate
Identify the routing capabilities on FortiGate
Configure static routing
Implement policy-based routes
Control traffic for well-known internet services
Routing Monitor and Route Attributes
Interpret the routing table on FortiGate
Identify how FortiGate decides which routes are activated in the routing table
Identify how FortiGate chooses the best route using route attributes
ECMP Routing
Identify the requirements for ECMP
Implement route redundancy and load balancing
RPF
Identify how FortiGate detects IP spoofing
Block traffic from spoofed IP addresses
Differentiate between and implement the different RPF check methods
Best Practices
Configure the link health monitor
Implement route failover
Apply network design best practices
Apply static route configuration best practices
Use the forward traffic logs
Diagnostics
View active, standby and inactive routes
View policy routes on the CLI
Use the built-in packet capture tools
Introduction to SD-WAN
Identify use cases for SD-WAN
Identify the implementation requirements for SD-WAN
Configure the SD-WAN virtual link and load balancing
Configure static routes and firewall policies for SD-WAN
SD-WAN Performance SLA
Configure the SD-WAN performance SLA
Identify how FortiGate measures link quality
SD-WAN Rules
Identify SD-WAN rule matching criteria
Configure dynamic link selection based on link quality
SD-WAN Diagnostics
Monitor SD-WAN link usage
Monitor SD-WAN link quality status
Verify SD-WAN traffic routing
VDOM Concepts
Define and describe VDOMs
VDOM Administrators
Create administrative accounts with access link to one or more VDOMs
Configuring VDOMs
Configure VDOMs to split a FortiGate into multiple virtual devices
Inter-VDOM Links
Route traffic between VDOMs
Best Practices and Troubleshooting
Limit the resources allocated globally and per VDOM
Virtual Local Area Networks
Configurate VLANs to logically divide a Layer 2 network into multiple broadcast domains
Describe VLANs and VLAN tagging
Transparent Mode
Configure FortiGate interfaces to operate as a Layer 2 switch
Configure a virtual domain to operate in transparent mode
Virtual Wire Pairing
Segment the Layer 2 network into multiple broadcast domains
Software Switch
Configure a software switch
Spanning Tree Protocol
Install FortiGate in networks running spanning tree protocol
Best Practices
Understand best practices for using Layer 2 switching on FortiGate
VPN Topologies
Review IPsec and IKE
Select an appropriate VPN topology
Site-to-Site VPN Configuration
Deploy a site-to-site VPN between two FortiGate devices
Understand route-based VPN configuration
Configure redundant VPNs between two FortiGate devices
Understand hardware offloading requirements of IPsec VPN
Best Practices and Troubleshooting
Use best practices to deploy site-to-site IPsec VPNs
Verify the offload of IPsec VPN
Troublshoot common site-to-site IPsec VPN problems
FSSO Function and Deployment
Define single sign-on (SSO) and Fortinet single sign-on (FSSO)
Understand FSSO deployment and configuration
FSSO with Windows Active Directory
Detect user logon events in Windows AD using FSSO
Identify FSSO modes for Windows AD
NTLM Authentication
Define NT LAN manager (NTLM) authentication
Understand NTLM authentication for simple and multiple domains
Understand the interaction between FSSO and NTLM authentication
FSSO settings
Configure SSO settings on FortiGate
Install FSSO agents
Configure the Fortinet collector agent
Troubleshooting
Recognize and monitor FSSO-related log messages
Perform basics FSSO troubleshooting
HA Operation Modes
Identify the different operation modes for HA
Understand the primary FortiGate election in an HA cluster
HA Cluster Synchronization
Identify the primary and secondary device tasks in an HA cluster
Identify what is synchronized between HA cluster members
Configure session synchronization for seamless failover
HA Failover and Workload
Identify the HA failover types
Interpret how an HA cluster in active-active mode distributes traffic
Implement virtual clustering per virtual domain (VDOM) in an HA cluster
Monitoring and Troubleshooting
Verify the normal operation of an HA cluster
Configure HA management interface
Upgrade an HA cluster’s firmware
Web Proxy Concepts
Describe how a web proxy works
Use a PAC file and WPAD to configure explicit proxy settings in web browsers
Web Proxy Configuration
Configure FortiGate to act as a web proxy
Reduce WAN bandwidth usage and improve responsiveness using web cache
Apply security policies to web proxy traffic based on HTTP headers
Web Proxy Authentication and Authorization
Authenticate, authorize, and monitor web proxy users
General Diagnosis
Identify your network’s normal behavior
Monitor for abnormal behavior, such as traffic spikes
Diagnose problems at the physical and network layers
Debug Flow
Diagnose connectivity problems using the debug flow
CPU and Memory
Diagnose resource problems, such as high CPU or memory usage
Diagnose memory conserve mode
Diagnose fail-open session mode
Firmware and Hardware
Format the flesh memory
Load a firmware image from the BIOS menu
Run hardware tests
Display crash log information

FortiGate Security

High-Level Features:
Identify platform design features of FortiGate
Identify features of FortiGate in virtualized networks and the cloud
Understand Fortigate security processing units (SPU)
Setup Decisions:
Identify the factory defaults
Select an operation mode
Understand FortiGate’s relationship with FortiGuard and distinguish between live queries and package updates
Basic Administration:
Manage administrator profiles
Manage administrative users
Define the configuration method for administrative users
Control administrative access to the FortiGate GUI and CLI
Manage specific aspects of the network interfaces
Built-in Servers:
Enable the DHCP service on Fortigate
Enable the DNS service on FortiGate
Understand the configuration possibilities and some of their implications
Fundamental Maintenance:
Backup and restore system configuration files
Understand the restore requirements for plain text and encrypted configuration files
Identify the current firmware version
Upgrade firmware
Downgrade firmware
Introduction to the Fortinet Security Fabric:
Define the Fortinet Security Fabric
Identify why the Security Fabric is required
identify the Fortinet devices that participate in the Security Fabric, especially the essential ones
Deploying the Security Fabric:
Understand how to implement the Security Fabric
Configure the Security Fabric on root and downstream FortiGate
Understand how the device detection works
Understand how to extend your existing Security Fabric
Extending the Fabric and Features:
Extend the Security Fabric across your network
Understand automation stitches and threat responses
Configure fabric connectors
Understand the Security Fabric status widgets
Identify components of firewall policeis
Identify how FortiGate matches traffic to firewall policies
Configuring Firewall Policies:
Restrict access and make your network more secure using security profiles
Configure logging
Managing Firewall Policies:
Identify policy list views
Understand the use of policy IDs
Identify where an object is referenced
Best Practices and Troubleshooting:
Identify naming restrictions for firewall policies and objects
Reorder firewall policies for correct matching
Demonstrate how to find matching policies for traffic type
Introduction to NAT:
Understand NAT and port address translation (PAT)
Understand the different configuration modes available for (NAT)
Firewall Policy NAT:
Configure a firewall policy to perform SNAT and DNAT (VIP)
Apply SNAT with IP pools
Configure DNAT with VIPs or a virtual server
Central NAT:
Configure central NAT
Session Helpers:
Understand how session helpers work
Use a SIP session helper for VoIP
Sessions:
Understand the session table on FortiGate
Understand the session time to live (TTL)
Analyze session diagnose command output
Understand the TCP, UDP, and ICMP states on FortiGate
Best Practices and Troubleshooting:
Identify common NAT issues by reviewing traffic logs
Monitor NAT sessions using diagnos commands
Use VIP filters for central NAT
Use NAT implementation best practices
Methods of Firewall Authentication:
Describe firewall authentication
Identify the different methods of firewall authentication available on FortiGate devices
Identify supported remote authentication servers
Describe active and passive authentication and order of operations
Remote Authentication Service:
Configure remote authentication servers
Configure user authentication
Understand the roles of LDAP and RADIUS
User Groups
Configure user groups
Authentication Using Firewall Policies:
Configure firewall policies
Authenticating Through Captive Portal
Configure captive portal and disclaimers
Monitoring and Troubleshooting
Monitor firewall users
Use troubleshooting tools
Use best practices
Log Basics:
Describe the log workflow
Identify log types and subtypes
Describe the layout of a log message
Describe the effect of logging on performance
Local logging:
Identify local log storage options
Enable local logging
Understand disc allocation and reserved space
Monitor disk usage
Configure behavior when disk is full
Remote Logging:
Identify external log storage options
Configure remote logging
Understand how remote logging works with VDOMs
Understand log transmission
Enable reliable logging
Log Settings:
Configure log settings
Enable logging on firewall policies
Hide user names in logs
View, Search, and Monitor Logs
View and search for log messages on the GUI
View and search for log messages on the CLI
View logs through FortiView
Configure alert email
Configure threat weight
Protecting Log Data
Perform log backups
Configure log rolling and uploading
Perform log downloads
Authenticate and Secure Data Using Certificates:
Describe why FortiGate uses digital certificates
Describe how FortiGate uses certificates to authenticate users and devices
Describe how FortiGate uses certificates to ensure the privacy of data
Inspect Encrypted Data
Describe certificate inspection and full SSL inspection
Configure certificate inspection and full SSL/SSH inspection
Identify what is required to implement full SSL inspection
identify the obstacles to implementing full SSL inspection and possible remedies
Manage Digital Certificates in FortiGate
Generate a certificate request
Import CRLs
Backup and restore certificates
Inspection Modes:
Describe FortiGate inspection modes
Implement full SSL
Web Filtering Basics
Describe web filter profiles
Work with web filter categories
Configure web filter overrides
Configure custom categories
Submit a FortiGuard rating request
Additional Proxy-Based Web Filtering Features
Configure usage quotas
Configure web profile overrides
Configure web filter to support search engines
Configure web content filtering
DNS Filtering:
Apply DNS filter
Best Practices and Troubleshooting
Understand HTTP inspection order
Troubleshoot filter issues
Investigate FortiGuard connection issues
Apply web filter cache best practices
Monitor logs for web filtering events
Application Control Basics
Understand Application Control
Detect types of applications
Understand the FortiGuard application control services database
Use application control signatures
Application Control Configuration
Configure application control in profile mode
Configure application control in next generation firewall (NGFW) policy mode
Use the application control traffic shaping policy
Logging and Monitoring Application Control
Enable application control logging events
Monitor application control events
Use FortiView to see a detailed view of application control logs
Antivirus Basics
Use antivirus signatures
Review antivirus scanning techniques
Enable FortiSandbox with antivirus
Differentiate between available FortiGuard signature databases
Antivirus Scanning Modes
Apply the antivirus profile in flow-based inspection mode
Apply the antivirus profile proxy inspection mode
Compare all available scanning modes
Configuring antivirus
Configure antivirus profiles
Configure protocol options
Review virus statistics
Log and monitor antivirus events
Best Practices
Recognize recommended antivirus configuration practices
Log antivirus events
Monitor antivirus FortiSandbox events
Use hardware acceleration with antivirus scans
Troubleshooting
Troubleshoot common antivirus issues
Intrusion Prevention and Denial of Service
Intrusion Prevention System (IPS)
Differentiate between exploits and anomalies
Identify the different components of an IPS package
Manage FortiGuard IPS updates
Select an appropriate IPS signature database
Configure an IPS sensor
Identify the IPS sensor inspection sequence
Apply IPS to network traffic
Denial of Service (DoS)
Identify a DoS attack
Configure a DoS policy
Web Application Firewall (WAF):
Identify the purpose of WAF on FortiGate
Identify common web attacks
Configure a WAF profile
Best Practices
Identify the IPS implementation methodology
Enable full SSL inspection for IPS-inspected traffic
Identify hardware acceleration components for IPS
Troubleshooting
Troubleshoot FortiGuard IPS updates
Trouleshoot IPS high-CPU usage
Mangae IPS fail-open events
Investigate false-positive detection
Describe SSL-VPN
Define a virtual private network (VPN)
Describe the differences between SSL-VPN and IPsec VPN
SSL-VPN Deployment Modes
Describe the differences between SSL-VPN modes
Configuring SSL-VPNs
Define authentication for SSL-VPN users
Configure SSL-VPN portals
Configure SSL-VPN settings
Define firewall policies for SSL-VPN
Realms and Personal Bookmarks
Configure realms for the SSL-VPN
Configure personal bookmarks for the SSN-VPN portal
Hardening SSL-VPN
Configure client integrity checking
Apply two-factor authentication using security certificates
Restrict clients by IP and MAC address
Monitoring and Troubleshooting
Monitor SSL-VPN connected users
Review SSL-VPN logs
Configure SSL-VPN timers
Troubleshoot common SSL-VPN issues
Identify hardware acceleration components for SSL-VPN
IPsec Introduction
Describe the benefits of IPsec VPN
Be familiar with the IPsec protocol
Understand how IPsec works
IKE Phase 1 and Phase 2
Identify and understand the phases of IKEv1
Dialup IPsec VPN
Understand dialup IPsec VPN topology
Deploy a dialup VPN between two FortiGate devices
Deploy a dialup VPN for FortiClient
Best Practices and Logs
Use best practices for dialup IPsec deployments
Analyze VPN logs and VPN Monitor

Attività Laboratoriali

Routing
SD-WAN Configuration
VDOM Configuration
Transparent Mode Configuration
Site-to-Site IPsec VPN Configuration
Fortinet Single Sign-On (FSSO) Configuration
High Availability (HA)
Web Proxy Configuration
Diagnostics Performance
Introduction to FortiGate
Security Fabric
Firewall Policies
NAT
Firewall Authentication
Logging and Monitoring
Certificate Operations
Web Filtering
Application Control
Antivirus
Intrusion Prevention System (IPS) and Denial of Service (DoS)
SSL-VPN
Dialup IPsec VPN

TIPOLOGIA DEL CORSO

Lezioni frontali Presenza in Aula e Laboratorio;
Lezioni a distanza in Video Presenza Tempo Reale e Laboratorio;

INFRASTRUTTURA LABORATORIALE

Per tutte le tipologie di erogazione, il Corsista può accedere alle attrezzature e ai sistemi reali presenti nei Nostri laboratori o direttamente presso i data center internazionali in modalità remota h24. Ogni partecipante dispone di un accesso per implementare le varie configurazioni avendo così un riscontro pratico e immediato della teoria affrontata. Ecco di seguito alcuni scenari tratti dalle attività laboratoriali:

PREREQUISITI

I partecipanti dovranno avere una conoscenza scolastica della lingua Inglese e competenze sistemistiche e di networking di base;

DURATA E FREQUENZA

Durata Estensiva 42h;
Erogato anche in modalità Intensiva;
Varie tipologie di Frequenza Estensiva ed Intensiva.

DOCENTI

I docenti sono Istruttori Autorizzati Fortinet Academy, Microsoft, Cisco, VMware e in altre tecnologie IT, con anni di esperienza pratica nel settore e nella Formazione.

MODALITÀ DI ISCRIZIONE

Le iscrizioni sono a numero chiuso per garantire ai tutti i partecipanti un servizio eccellente.
L’iscrizione avviene richiedendo di essere contattati dal seguente Link, o contattando la sede al numero verde 800-177596 o inviando una richiesta all’email [email protected].