Вы находитесь на странице: 1из 11
Fortinet: FortiGate Next-Generation Firewall Training www.routehub.net Michel Thomatis, CCIE #6778 Chief Network

Fortinet: FortiGate Next-Generation Firewall Training

Fortinet: FortiGate Next-Generation Firewall Training www.routehub.net Michel Thomatis, CCIE #6778 Chief Network

www.routehub.net

Michel Thomatis, CCIE #6778 Chief Network Architect and Lead Trainer

Next-Generation Firewall Training www.routehub.net Michel Thomatis, CCIE #6778 Chief Network Architect and Lead Trainer
Next-Generation Firewall Training www.routehub.net Michel Thomatis, CCIE #6778 Chief Network Architect and Lead Trainer

Type of Security Solutions

Firewall Services (1 st Generation Services, NGFW Services)

Filtering based on Network, IP, Protocols

Filtering based on Users Identity – (External Security Control)

Filtering based on Applications, Micro-Applications, URL, OS, Web Browser, Device

VPN Services

Site VPN (IPSec), Client VPN (IPSec, SSL)

IPS Services (NGFW)

Passive, Active

Content Filtering Services (NGFW)

Anti-Virus, Malware, URL

Identity Access Control Services

User Identity, User Endpoint - (Internal Security Control)

Malware, URL • Identity Access Control Services • User Identity, User Endpoint - (Internal Security Control)

Fortinet: FortiGate Firewall Series

Business Size | Performance | Port Capacity | Features

Fortinet: FortiGate Firewall Series • Business Size | Performance | Port Capacity | Features
Fortinet: FortiGate Firewall Series • Business Size | Performance | Port Capacity | Features

Fortinet FortiGate : Features

Advanced Routing

Security Policies

NAT

SSL Decryption/Inspection

UTM (Anti-Virus, IPS, Application Control, Web Filter, Endpoint Control)

Two Factor Authentication

File Blocking

Email Filter

Client VPN

Site VPN

Traffic Shaping

WAN Optimization

• File Blocking • Email Filter • Client VPN • Site VPN • Traffic Shaping •

Design : Overview

Design : Overview

Design : Topology & Deployment

LAN or Data Center Topology

1-Tier Topology (Collapsed Core)

2-Tier Topology (Collapsed Core, Access)

3-Tier Topology (Core, Aggregation, Access)

Firewall Topology & Deployment

In-line between LAN/Data Center & Internet Edge

In-line between LAN/Data Center & Other network (e.g. Wireless)

between LAN/Data Center & Internet Edge • In-line between LAN/Data Center & Other network (e.g. Wireless)
between LAN/Data Center & Internet Edge • In-line between LAN/Data Center & Other network (e.g. Wireless)

Design : Networks

WAN Network connected to the external network ( Internet cloud)

Public network – 172.31.106.0 /29

LAN Network connected to the internal network

Transit to Internet Edge – 172.17.99.16 /29

User Network – 172.17.101.0 /24 (VLAN 101)

Server Network – 172.17.201.0 /24 (VLAN 201)

Guests & BYOD a restricted network for guest and BYOD users

Guest/BYOD Wired – 172.17.11.0 /24 (VLAN 11)

Guest/BYOD Wireless – 172.17.102.0 /24 (VLAN 102)

VPN a network dedicated for VPN user access

Client Network – 172.17.250.0

172.17.102.0 /24 (VLAN 102) • VPN – a network dedicated for VPN user access • Client

Design : Routing

Internal Routing - Routing between Internal network (LAN, Data Center) and Firewall

OSPF, RIP, Static

External Routing - Routing between Internet and Firewall

Static, BGP

and Firewall • OSPF , RIP, Static • External Routing - Routing between Internet and Firewall

Design : VPN

Client based VPN VPN tunnel between the firewall and user’s computer/laptop

IPSec VPN, SSL VPN

Site based VPN VPN tunnel between two VPN devices (routers, firewalls)

IPSec VPN

• IPSec VPN, SSL VPN • Site based VPN – VPN tunnel between two VPN devices
• IPSec VPN, SSL VPN • Site based VPN – VPN tunnel between two VPN devices

Design : Security

Basic Filtering

Filtering based on Network (Protocol, IP, Port)

Filtering based on Users Identity (Active, Passive)

Filtering based on Device/Endpoint

Two-Factor Authentication using Tokens

Advanced Filtering

Application Control (Filtering based on Application, Micro-Application)

IPS

Anti-Virus

Web Filtering (URL Filtering)

Endpoint Control

File Blocking

Traffic Shaping

• IPS • Anti-Virus • Web Filtering (URL Filtering) • Endpoint Control • File Blocking •

Video Topics

Continue to practical videos