Scribd Logo
Hochladen

Willkommen bei Scribd!

  • 001 Intro UTM

    Hochgeladen von

    Mauricio Torres
    27 Ansichten62 Seiten
    sdgh

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    sdgh

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    27 Ansichten62 Seiten

    001 Intro UTM

    Hochgeladen von

    Mauricio Torres
    sdgh

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 62

    Introduction to Fortinet Unified Threat Management

    Module Objectives
    By the end of this module participants will be able to:
    Identify the major features of the FortiGate Unified Threat
    Management appliance
    Access and use the FortiGate administration interfaces

    Create administrators
    Configure the FortiGate unit for the lab environment used to
    complete the hands-on exercises

    Traditional Network Security Solutions

    VPN
    Intrusion Prevention
    Application Control
    Web Filtering
    WAN Optimization
    Antispam
    Antivirus
    Firewall

    Traditional Network Security Solutions

    Many single
    to cope with

    VPN
    Intrusion Prevention
    Application
    Controlneeded
    purpose
    systems
    Web Filtering
    a variety
    of threats
    WAN Optimization
    Antispam
    Antivirus
    Firewall

    Fortinet Solution
    and more
    VPN
    Intrusion Prevention
    Application Control
    Web Filtering
    WAN Optimization
    Antispam
    Antivirus
    Firewall

    Fortinet Solution
    and more

    VPN
    Intrusion Prevention
    Application Control
    Filtering
    One device providesWeb
    a comprehensive
    WAN Optimization
    security and networking
    solution
    Antispam
    Antivirus
    Firewall

    Fortinet Solution

    Hardware
    Purpose-driven hardware

    Fortinet Solution

    FortiOS
    Hardware
    Specialized operating system

    Fortinet Solution

    Firewall

    AV

    Web
    Filter

    IPS

    FortiOS
    Hardware
    Security and network-level services

    Fortinet Solution
    FortiGuard Subscription Services

    Firewall

    AV

    Web
    Filter

    IPS

    FortiOS
    Hardware

    Automated update service


    Click here to read more about the Fortinet solution

    Fortinet Solution
    Headquarters

    Branch office

    Home office

    Fortinet Solution
    Headquarters

    Branch office

    Home office

    Click here to read more about the Fortinet solution

    Fortinet Solution
    Headquarters

    Branch office

    FortiGate platform
    Management, reporting and analysis
    appliances
    FortiGuard Subscription Services
    Home office

    Click here to read more about the Fortinet solution

    FortiGate Capabilities

    Firewall

    FortiGate Capabilities

    Antivirus

    FortiGate Capabilities

    Email filtering

    FortiGate Capabilities

    Web filtering

    FortiGate Capabilities

    Intrusion prevention

    FortiGate Capabilities

    Application control

    FortiGate Capabilities

    Data leak prevention

    FortiGate Capabilities

    WAN optimization

    FortiGate Capabilities

    Secure VPN

    FortiGate Capabilities

    Wireless

    FortiGate Capabilities

    Dynamic routing

    FortiGate Capabilities

    Endpoint compliance

    FortiGate Capabilities

    Virtual domains

    FortiGate Capabilities

    Traffic shaping

    FortiGate Capabilities

    High availability

    FortiGate Capabilities

    Logging and reporting

    FortiGate Capabilities

    Authentication

    Click here to read more about the capabilities of the FortiGate device

    FortiGate Unit Components

    Intel CPU

    FortiGate Unit Components

    FortiASIC content processor

    FortiGate Unit Components

    FortiOS 4.0

    FortiGate Unit Components

    DRAM and flash memory

    FortiGate Unit Components

    Hard disk

    FortiGate Unit Components

    Interfaces

    FortiGate Unit Components

    Console port

    FortiGate Unit Components

    USB port

    FortiGate Unit Components

    Wireless

    Module slot bays

    PC card slot

    Fortinet Appliances
    FortiAnalyzer

    FortiBridge

    FortiWifi

    FortiAP

    FortiMail

    FortiCarrier

    FortiWeb

    FortiGate-ONE

    FortiManager

    FortiDB

    FortiSwitch

    FortiScan

    FortiClient

    FortiVoice

    FortiGuard Subscription Services

    Device Administration

    Web Config

    Click here to read more about using the CLI

    CLI

    Administrators

    Full access

    Read-only access

    Customized access

    Scope: VDOM or Global

    Global Scope Super Admin Profiles

    Admin Profiles

    Read Read-Write

    System Configuration
    Network Configuration
    Firewall Configuration
    UTM Configuration
    VPN Configuration
    etc

    Admin
    Profile

    Administrators

    Full access

    Custom access

    super-admin
    profile

    custom
    profile

    Full access within


    a single virtual
    domain

    prof-admin
    profile

    Administrator Authentication

    Username and Password (one factor)


    +
    FortiToken (two factor)

    Device Configuration

    Setting
    Setting
    Setting
    Setting

    Setting
    Setting
    Setting
    Setting

    *.conf

    Device Configuration
    Device configuration settings can be
    saved to an external file
    Optional encryption
    The file can be restored to rollback
    device to a previous configuration
    SCP supported for configuration restore
    FortiGate unit acts as SCP server
    set admin-scp enable

    Example
    - Restore from Linux
    *.conf

    scp <local config filename>


    <admin_username>@<FGT
    IP_Addr>:fgt-restore-config

    Per VDOM Configuration File

    Configuration Restore using SCP Protocol


    Must rename to sys_config during upload
    scp <fgt-upload.conf> admin@192.168.3.254:sys_config

    Full configuration file


    Includes all VDOMs

    DHCP Server IP Reservation

    DHCP Server IP Reservation

    IP address reserved and always


    assigned to the same DHCP host
    Select an IP address or choose an existing
    DHCP lease to add to the reserved list
    Identify the IP address reservation as either
    DHCP over Ethernet or DHCP over IPSec

    MAC address of the DHCP host is used


    to look up the IP address in the IP
    reservation table

    FortiGate DNS Server


    Resolve DNS lookups from an internal network
    Methods to set up DNS for each interface:
    Relay DNS requests to the DNS servers configured for the unit
    Resolve DNS requests using a FortiGate DNS database
    Unresolved DNS requests are dropped

    Split DNS configuration


    DNS requests can be resolved using a FortiGate DNS
    database and any unresolved DNS requests can be relayed to
    DNS servers configured for the unit

    One DNS database can be shared by all the FortiGate


    interfaces
    If VDOMs are enabled, a DNS database needs be created in
    each VDOM

    DNS Server Configuration


    DNS zones need to be added when configuring the
    DNS database
    Each zone has its own domain name

    DNS entries are added to each zone


    An entry includes a hostname and the IP address it resolves to
    Each entry also specifies the type of DNS entry

    IPv4 address (A) or an IPv6 address (AAAA)


    name server (NS)
    canonical name (CNAME)
    mail exchange (MX) name
    IPv4 (PTR) or IPv6 (PTR)

    DNS Service
    Add a new DNS Service to an interface and select a
    mode:
    Recursive
    Non-recursive
    Forward to System DNS (forward-only)

    CLI equivalent:
    config system dns-server
    edit wan1
    set mode recursive

    DNS Zones
    Create a new zone (Master)

    DNS Zones
    Create a new zone (Slave)

    DNS Records
    Add DNS entries

    Classroom Lab Topology

    Labs
    Lab Virtual Lab Environment Basics
    Logging in to the Virtual Lab Environment
    Click here for instructions on accessing the virtual lab environment

    Lab - Initial Setup


    Exploring the CLI
    Accessing Web Config
    Configuring Network Interfaces
    Configuring the FortiGate DNS Server
    Enabling DNS Recursive
    Configuring Global System Settings
    Configuring Administrative Users
    Click here for step-by-step instructions on completing this lab

    Student Resources
    Click here to view the list of resources used in this
    module

    Das könnte Ihnen auch gefallen