Introduction to Fortinet Unified Threat Management Module Objectives By the end of this module participants will be able to: Identify the major features of the FortiGate Unified Threat Management appliance Access and use the FortiGate administration interfaces Create administrators Configure the FortiGate unit for the lab environment used to complete the hands-on exercises Traditional Network Security Solutions Firewall Antivirus Antispam WAN Optimization Web Filtering Application Control Intrusion Prevention VPN Traditional Network Security Solutions Firewall Antivirus Antispam WAN Optimization Web Filtering Application Control Intrusion Prevention VPN Many single purpose systems needed to cope with a variety of threats Fortinet Solution Firewall Antivirus Antispam WAN Optimization Web Filtering Application Control Intrusion Prevention VPN and more Fortinet Solution Firewall Antivirus Antispam WAN Optimization Web Filtering Application Control Intrusion Prevention VPN and more One device provides a comprehensive security and networking solution Fortinet Solution Hardware Purpose-driven hardware Fortinet Solution Hardware FortiOS Specialized operating system Fortinet Solution Hardware FortiOS FirewallAV Web Filter IPS Security and network-level services Fortinet Solution Hardware FortiOS FortiGuard Subscription Services FirewallAV Web Filter IPS Automated update service Click here to read more about the Fortinet solution Fortinet Solution Headquarters Branch office Home office Home office Fortinet Solution Headquarters Branch office Click here to read more about the Fortinet solution Home office Fortinet Solution Headquarters Branch office FortiGate platform Management, reporting and analysis appliances FortiGuard Subscription Services Click here to read more about the Fortinet solution FortiGate Capabilities Firewall FortiGate Capabilities Antivirus FortiGate Capabilities Email filtering FortiGate Capabilities Web filtering FortiGate Capabilities Intrusion prevention FortiGate Capabilities Application control FortiGate Capabilities Data leak prevention FortiGate Capabilities WAN optimization FortiGate Capabilities Secure VPN FortiGate Capabilities Wireless FortiGate Capabilities Dynamic routing FortiGate Capabilities Endpoint compliance FortiGate Capabilities Virtual domains FortiGate Capabilities Traffic shaping FortiGate Capabilities High availability FortiGate Capabilities Logging and reporting FortiGate Capabilities Click here to read more about the capabilities of the FortiGate device Authentication FortiGate Unit Components Intel CPU FortiGate Unit Components FortiASIC content processor FortiGate Unit Components FortiOS 4.0 FortiGate Unit Components DRAM and flash memory FortiGate Unit Components Hard disk FortiGate Unit Components Interfaces FortiGate Unit Components Console port FortiGate Unit Components USB port FortiGate Unit Components WirelessModule slot bays PC card slot Fortinet Appliances FortiAnalyzer FortiMail FortiManager FortiScan FortiBridge FortiCarrier FortiDB FortiWifi FortiWeb FortiSwitch FortiVoice FortiAP FortiGate-ONE FortiClient FortiGuard Subscription Services Device Administration Web ConfigCLI Click here to read more about using the CLI Administrators Customized accessFull accessRead-only access Scope: VDOM or Global Global Scope Super Admin Profiles Admin Profiles System ConfigurationNetwork ConfigurationFirewall Configuration UTM Configuration VPN Configuration etc ReadRead-Write Admin Profile Administrators Full access within a single virtualdomain Full access super-admin profile Custom access custom profile prof-admin profile Administrator Authentication Username and Password (one factor) FortiToken (two factor) + Device Configuration Setting Setting Setting Setting Setting Setting Setting Setting *.conf Device Configuration *.conf Device configuration settings can be saved to an external file Optional encryption The file can be restored to rollback device to a previous configuration SCP supported for configuration restore FortiGate unit acts as SCP server set admin-scp enable Example - Restore from Linux scp @:fgt-restore-config Per VDOM Configuration File Configuration Restore using SCP Protocol Must rename to sys_config during upload scp admin@192.168.3.254:sys_config Full configuration file Includes all VDOMs DHCP Server IP Reservation IP address reserved and always assigned to the same DHCP host Select an IP address or choose an existing DHCP lease to add to the reserved list Identify the IP address reservation as either DHCP over Ethernet or DHCP over IPSec MAC address of the DHCP host is used to look up the IP address in the IP reservation table DHCP Server IP Reservation FortiGate DNS Server Resolve DNS lookups from an internal network Methods to set up DNS for each interface: Relay DNS requests to the DNS servers configured for the unit Resolve DNS requests using a FortiGate DNS database Unresolved DNS requests are dropped Split DNS configuration DNS requests can be resolved using a FortiGate DNS database and any unresolved DNS requests can be relayed to DNS servers configured for the unit One DNS database can be shared by all the FortiGate interfaces If VDOMs are enabled, a DNS database needs be created in each VDOM DNS Server Configuration DNS zones need to be added when configuring the DNS database Each zone has its own domain name DNS entries are added to each zone An entry includes a hostname and the IP address it resolves to Each entry also specifies the type of DNS entry IPv4 address (A) or an IPv6 address (AAAA) name server (NS) canonical name (CNAME) mail exchange (MX) name IPv4 (PTR) or IPv6 (PTR) DNS Service Add a new DNS Service to an interface and select a mode: Recursive Non-recursive Forward to System DNS (forward-only) CLI equivalent: config system dns-server edit wan1 set mode recursive DNS Zones Create a new zone (Master) DNS Zones Create a new zone (Slave) DNS Records Add DNS entries Classroom Lab Topology Labs Lab Virtual Lab Environment Basics Logging in to the Virtual Lab Environment Click here for instructions on accessing the virtual lab environment Lab - Initial Setup Exploring the CLI Accessing Web Config Configuring Network Interfaces Configuring the FortiGate DNS Server Enabling DNS Recursive Configuring Global System Settings Configuring Administrative Users Click here for step-by-step instructions on completing this lab Student Resources Click here to view the list of resources used in this module