Introduction to Fortinet Unifed Threat ManagementModule ObjectivesBy the end of this module participants will be able to:Identify the major features of the FortiGate Unifed hreat Mana!ement appliance"ccess and use the FortiGate administration interfaces#reate administrators#onf!ure the FortiGate unit for the lab environment used to complete the hands$on e%ercisesraditional &etwor' (ecurity (olutionsFirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPNraditional &etwor' (ecurity (olutionsFirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPN Many sin!le purpose systems needed to cope with a variety of threatsFortinet (olutionFirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPNand moreFortinet (olutionFirewallAntivirusAntispamWAN OptimizationWeb FilteringApplication ControlIntrusion PreventionVPNand more One device provides a comprehensive security and networ'in! solutionFortinet (olutionHardwarePurposedriven !ardwareFortinet (olutionHardwareFortiO""pecialized operating s#stemFortinet (olutionHardwareFortiO"Firewall AVWebFilterIP""ecurit# and networ$level servicesFortinet (olutionHardwareFortiO"Forti%uard "ubscription "ervicesFirewall AVWebFilterIP"Automated update serviceClic$ !ere to read more about t!e Fortinet solutionFortinet (olutionHeadquartersBranch officeHome officeHome officeFortinet (olutionHeadquartersBranch officeClic$ !ere to read more about t!e Fortinet solutionHome officeFortinet (olutionHeadquartersBranch office FortiGate platform Mana!ement) reportin! and analysis appliances FortiGuard (ubscription (ervicesClic$ !ere to read more about t!e Fortinet solutionFortiGate #apabilitiesFirewallFortiGate #apabilitiesAntivirusFortiGate #apabilities&mail 'ilteringFortiGate #apabilitiesWeb 'ilteringFortiGate #apabilitiesIntrusion preventionFortiGate #apabilitiesApplication controlFortiGate #apabilities(ata lea$ preventionFortiGate #apabilitiesWAN optimizationFortiGate #apabilities"ecure VPNFortiGate #apabilitiesWirelessFortiGate #apabilities(#namic routingFortiGate #apabilities&ndpoint complianceFortiGate #apabilitiesVirtual domainsFortiGate #apabilities)ra''ic s!apingFortiGate #apabilitiesHig! availabilit#FortiGate #apabilities*ogging and reportingFortiGate #apabilitiesClic$ !ere to read more about t!e capabilities o' t!e Forti%ate deviceAut!enticationFortiGate Unit #omponentsIntel CP+FortiGate Unit #omponentsFortiA"IC content processorFortiGate Unit #omponentsFortiO" ,-.FortiGate Unit #omponents(/A0 and 'las! memor#FortiGate Unit #omponentsHard dis$FortiGate Unit #omponentsInter'acesFortiGate Unit #omponentsConsole portFortiGate Unit #omponents+"1 portFortiGate Unit #omponentsWireless 0odule slot ba#sPC card slotFortinet "ppliancesFortiAnalyzerFortiMailFortiManagerFortiScanFortiBridgeFortiCarrierFortiDBFortiWifFortiWebFortiSwitchFortioiceFortiA!Forti"ate#$%&FortiClientFortiGuard (ubscription (ervices*evice "dministrationWeb Con'ig C*IClic$ !ere to read more about using t!e C*I"dministratorsCustomized access Full access /eadonl# access"cope2 V(O0 or %lobalGlobal (cope (uper "dmin +rofles"dmin +rofles"#stem Con'iguration Networ$ Con'iguration Firewall Con'iguration+)0 Con'igurationVPN Con'igurationetc/ead/eadWriteAdminPro'ile"dministratorsFull access wit!ina single virtual domainFull accesssuper-adminpro'ileCustom accesscustompro'ileprof-adminpro'ile"dministrator "uthentication+sername and Password 3one 'actor4Forti)o$en 3two 'actor45*evice #onf!uration"etting "etting"etting "etting"etting "etting"etting "etting6-con'Device Configuration6-con'Device configuration settings can be saved to an external fileOptional encryptionThe file can be restored to rollback device to a previous configurationSC supported for configuration restore!orti"ate unit acts as SC serverset admin-scp enable#xample $ %estore from &inuxscp @:fgt-restore-config+er ,*OM #onf!uration File#onf!uration -estore usin! (#+ +rotocolMust rename to sys_confg durin! uploadscp admin@192.168.3.25:s!s"configFull conf!uration fleIncludes all ,*OMsDHC Server ' ( %eservation( address reserved and al)ays assigned to the same DHC hostSelect an ( address or choose an existing DHC lease to add to the reserved list(dentify the ( address reservation as either DHC over #thernet or DHC over (Sec*+C address of the DHC host is used to look up the ( address in the ( reservation tableDHC Server ' ( %eservationFortiGate *&( (erver-esolve *&( loo'ups from an internal networ' Methods to set up *&( for each interface: Relay *&( re.uests to the *&( servers conf!ured for the unit Resolve *&( re.uests usin! a FortiGate *&( databaseUnresolved *&( re.uests are dropped Split *&( conf!uration*&( re.uests can be resolved usin! a FortiGate *&( database and any unresolved *&( re.uests can be relayed to *&( servers conf!ured for the unit One *&( database can be shared by all the FortiGate interfaces If ,*OMs are enabled) a *&( database needs be created in each ,*OM*&( (erver #onf!uration*&( /ones need to be added when conf!urin! the *&( database 0ach /one has its own domain name*&( entries are added to each /one"n entry includes a hostname and the I+ address it resolves to0ach entry also specifes the type of *&( entryI+v1 address 2"3 or an I+v4 address 2""""3name server 2&(3canonical name 2#&"M03mail e%chan!e 2M53 nameI+v1 2+-3 or I+v4 2+-3*&( (ervice"dd a new *&( (ervice to an interface and select a mode:-ecursive&on$recursiveForward to (ystem *&( 2forward$only3#6I e.uivalent:config s!stem dns-ser#eredit $an1set mode recursi#e*&( 7ones#reate a new /one 2Master3*&( 7ones#reate a new /one 2(lave3*&( -ecords"dd *&( entries#lassroom 6ab opolo!y6abs6ab 8 ,irtual 6ab 0nvironment Basics6o!!in! in to the ,irtual 6ab 0nvironmentClic' here (or in)truction) on acce))ing the *irtual lab en*ironment6ab $ Initial (etup0%plorin! the #6I"ccessin! 9eb #onf!#onf!urin! &etwor' Interfaces#onf!urin! the FortiGate *&( (erver0nablin! *&( -ecursive#onf!urin! Global (ystem (ettin!s#onf!urin! "dministrative UsersClic' here (or )te+#by#)te+ in)truction) on com+leting thi) lab(tudent -esources#lic' here to view the list of resources used in this module