FORTINET

FORTIWEB WORKSHOP SYLLABUS

Module 1: Functional Overview

• Introduction to web application attacks

• Most common categories of web application attack techniques
• Benefits of using a Web Application Firewall
• FortiWeb characteristics and features
• FortiWeb family of appliances and Virtual Machines
• Operation modes

Module 2: System Configuration

• Accessing the Graphical User Interface (GUI) and the Command Line Interface (CLI)
• Real-time Dashboard
• Context Sensitive On-Line Help
• Configuring the network interfaces and V-zones
• FortiWeb routing
• IP-based forwarding
• Creating admin accounts and access profiles
• Introduction to FortiGuard subscription services
• Fail-open configuration
• High-availability (HA)
• Upgrading the firmware

Module 3: Policies and Profiles

• Server policies
• Web protection profiles
• Configuration steps
• Policy behavior by operational mode
• Virtual server
• Physical server
• Server farm
• Load balancing
• Certificate management
• SSL offloading
• SSL inspection
• Customized services
• Protected host groups

Module 4: Web Protection

• Standalone and shared IP

• IP list
• Brute force
• Cookie poison detection
• HTTP protocol constraints
• Start page and page order rules
• Parameter validation
• Upload restriction
• IP reputation
 • Signature polices Anti-defacement
• URL access
• Known search engines Cross site scripting (XSS)
• SQL injection
• Bad robots
• Credit card detection
• AV scanning
• Generic attacks and known exploits Tuning the signature policy

Module 5: Application Delivery and DoS

• Authentication offloading
• Local users
• Remote authentication servers
• File compression offloading
• Introduction to DoS protection
• HTTP access limit
• Real browser enforcement
• Malicious Ips
• HTTP flood prevention
• TCP flood prevention
• SYN cookie

Module 6: Auto-Learning

• Introduction to auto-learning
• Data type group
• Suspicious URL
• Application policy
• Auto-learn profile
• Auto-learn report overview
• Generating the web protection profile from the auto-learn report
• Auto-learn best practices

Module 7: Troubleshooting

• FortiWeb unit storage structure

• Storage Maintenance
• FortiGuard troubleshooting
• Checking the system status
• Monitoring the system performance
• Network interface statistics
• Checking the ARP table
• Connectivity test commands Packet sniffer
• Event logs
• Attack logs
• Data analytics
• Bot analysis
• Blocked IPs
• Troubleshooting false-positive issues
• UDP and TCP port for outgoing and incoming connections