15 sections • 88 lectures •
Expand all sections
Collapse all sections
001. FortiGate SD-WAN Introduction
min
002. FortiGate SD-WAN Zones
min
003. FortiGate SD-WAN Members
min
004. FortiGate SD-WAN Components
min
005. Function of FortiManager and FortiAnalyzer
min
006. FortiGate Data Plane-Control Plane-Security
min
007. FortiAP & FortiSwitch
min
008. SD-WAN Pillars Part 1
min
009. SD-WAN Pillars Part 2
min
min
011. SD-WAN Terminologies-Data in Motion Part 1
min
012. SD-WAN Terminologies-Data in Motion Part 2
min
min
014. FortiGate ECMP vs SD-WAN
min
015. FortiGate Policy Routing
min
016. FortiGate Route Selection Process
min
017. FortiGate SD-WAN Configuration
min
1. Route Selection Components and ECMP load balance Part 1
min
2. Route Selection Components and ECMP load balance Part 2
min
1. FortiGate SD-WAN configuration
min
2. FortiGate SD-WAN load Balancing Methods
min
1. SDWAN Rules Strategy- MANUAL
min
2. SDWAN Rules Strategy- BEST QUALITY
min
3. SDWAN Rules Strategy- LOW COST
min
3. SDWAN Rules Strategy- MAXIMIZE BANDWIDTH
min
1. SDWAN Performance SLA part 1
min
2. SDWAN Performance SLA part 2
min
1.Cryptography Concept & Terminologies Part 1
min
2.Cryptography Concept & Terminologies Part 2
min
3 .Cryptography Concept & Terminologies Part 3
min
4 .Cryptography Concept & Terminologies Part 4
min
5 .Cryptography Concept & Terminologies Part 5
min
6 .DH Key Exchange-Calculation of Shared Secret
min
7. IPSec VPN & Features-CIA,Anti-Replay, ESP, AH Part1
min
8. IPSec VPN & Features-CIA, Anti-Replay, ESP, AH Part2
min
9. IPSec Mode-Tunnel & Transport
min
10. Internet Key Exchange Part 1
min
11. Internet Key Exchange Part 2
min
12. IPSec-Phase 1- Main Mode- Message 1
min
13. IPSec-Phase 1- Main Mode- Message 2
min
14. IPSec-Phase 1- Main Mode- Message 3
min
15. IPSec-Phase 1- Main Mode- Message 4
min
16. IPSec-Phase 1- Main Mode- Message 5 & 6
min
17. IPSec-Phase 2- Quick Mode- Message 1
min
18. IPSec-Phase 2- Quick Mode- Message 2
min
19. IPSec-Phase 2- Quick Mode- Message 3
min
1. Site-to-Site IPSec VPN Tunnel - Custom Based
min
2. Site-to-Site IPSec VPN Tunnel - Template Based
min
3. Site-to-Site-Aggregate Tunnel
min
1. Basic configuration of HQ-DC and BR-DUBAI with Static route & LAN-to-WAN Firewall Policy
min
2. Tunnel Configuration HQ-DC and BR-DUBAI
min
3. TUNNEL-ZONE and Membership ( Mapping of Redundant Tunnels with Zone )
min
4. Static Route for VPN Traffic with exit interface TUNNEL-ZONE ( LAN subnets of HQ-DC and BR-DUBAI )
min
5. LAN to TUNNEL-ZONE Firewall policy with Clone Reverse
min
6. Configuring Loopback Interface for Health Monitoring
min
7. Advertise Loopback subnet in Tunnel Phase-2
min
8. Static Route for Loopback with exit interface TUNNEL-ZONE
min
9. LOOPBACK-HM to TUNNEL-ZONE Firewall policy with Clone Reverse
min
10. Configuring Loopback as a source via CLI for Health Monitoring
min
11. Configuring Performance SLA for Loopback address
min
12. Define SDWAN RULES for VPN traffic ( LAN subnets of HQ-DC and BR-DUBAI
min
13. Verification of REDUNDANT TUNNELS
min
1. Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
min
2. Configuring Hub and Spoke Tunnel and Tunnel ip
min
3. Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
min
4. Configuring Lan to Tunnel Firewall policy with clone reverse
https://vimeo.com/912143113min
5. Configuring Tunnel to Tunnel Policy on Hub and verification
min
1. ADVPN Terminologies part 1
min
2. ADVPN Terminologies part 2
min
3. ADVPN Terminologies part 3
min
4. Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
min
5. Configuring of ADVPN on Hub and Spoke and Tunnel ip
min
6. Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
min
7. Configuring LAN-to-ADVPN and ADVPN-to-ADVPN Firewall policy with clone reverse
min
8. ADVPN troubleshooting and Verification
min
1. Basic configuration of HUB-DC and SPOKES with Static route for Underlay connectivity
min
2. Configuring of Dual ADVPN Tunnel on Hub and Spoke and Tunnel ip
min
3. Configuring BGP Dynamic peering for both ADVPN on Hub and Static Peering on Spokes
min
4. Configuring SDWAN Zone for ADVPN and INTERNET, and route for INTERNET Zone
min
5. Configuring LAN-to-ADVPN and ADVPN-to-ADVPN Firewall policy with clone reverse
min
6. Configuring LOOPBACK on HUB, advertise in ADVPN phase1 and LOOP-to-ADVPN policy
min
7. Verification of ADVPN with SDWAN
min
1. Fortigate Interface Migration to SD-WAN
min
2. Fortigate SDWAN Configuration via CLI
min
2. Centralized Management via Forti Manager Part 2
min
1. Centralized Management via Forti Manager Part 1
min
3. Centralized Management via Forti Manager Part 3
min
Description
FortiGate NSE-7 Syllabus
Fundamental of FortiGate SD-WAN
Introduction
SD-WAN Zone
SD-WAN Members
SD-WAN Components
SD-WAN Layers
Function of FortiManager and FortiAnalyzer
FortiGate Data Plane, Control Plane and Security
SD-WAN Pillars
Underlay, Overlay, Routing, Security, Zone, Member, SLA, Rules
Single Device, Single Hub, Dual Hub
Data in Motion Terminologies
Bandwidth, Congestion, Types of Delay, Jitter, Latency, Packet Loss
FortiGate ECMP Load Balancing Methods
Source IP based, Source and Destination IP based, Weight based, Usages based
ECMP Vs SD-WAN
FortiGate Policy Routing
FortiGate Route Selection Process
FortiGate ECMP LAB
Basic Configuration of FortiGate Firewall
Configuring Static Route for both ISPs
Verification of Routing Table ( Path Selection-AD & Priority)
Configuring and Verification of Load Balancing Methods
Source-ip-based,
Source-dest-ip-based,
Weight-based, Usage-based
FortiGate SD-WAN LAB
Basic Configuration of FortiGate Firewall
Configuring SD-WAN Zone and its Membership
Configuring Static route for SD-WAN
Configuring and Verification of SD-WAN Load Balancing Methods
Source-ip-based
Source-dest-ip-based,
Sessions(Weight),
Spillover(Usages), Volume
FortiGate SD-WAN Rules Strategy LAB
Basic configuration, SD-WAN Zone, Membership, SD-WAN Static route, Firewall policy
Configuring and Verification of SD-WAN Rules Strategy
Manual, Best Quality,
Lowest Cost,
Maximize Bandwidth
SD-WAN Performance SLA LAB
Configuring and Verification of SD-WAN Performance SLA
Probe mode( Active, Passive, Prefer Passive)
Protocols ( Ping, HTTP,DNS), Target Server, Participants
SLA Target ( Latency, Jitter, Packet Loss )
Link Status ( Check Interval, failures before inactive, Restore link after)
Action when inactive ( Update Static route)
IPSec Terminologies
Plain Text
Chiper Text
Encryption and Decryption,
Symmetric and Asymmetric Encryption,
Hashing ( MD5, SHA), DH group, CIA, IPsec VPN
FortiGate IPsec Site-to-Site Tunnel LAB
Site-to-Site IPSec VPN Tunnel - Custom Based
Site-to-Site IPsec VPN Tunnel – Template Based
Site-to-Site Aggregate Tunnel
FortiGate IPSec Remote VPN LAB
FortiGate Remote-SSL -VPN-WEB-MODE
FortiGate Remote-SSL -VPN-TUNNEL MODE
FortiGate ( Site-to-Site ) Redundant Tunnels LAB
Basic configuration of HQ-DC and BRANCH with Static route & LAN-to-WAN Firewall Policy
Tunnel Configuration HQ-DC and BRANCH TUNNEL-ZONE and Membership ( Mapping of Redundant Tunnels with Zone )
Static Route for VPN Traffic with exit interface TUNNEL-ZONE ( LAN subnets of HQ-DC and BRANCH)
LAN to TUNNEL-ZONE Firewall policy with Clone Reverse
Configuring Loopback Interface for Health Monitoring
Advertise Loopback subnet in Tunnel Phase-2
Static Route for Loopback with exit interface TUNNEL-ZONE
LOOPBACK-HM to TUNNEL-ZONE Firewall policy with Clone Reverse
Configuring Loopback as a source via CLI for Health Monitoring
Configuring Performance SLA for Loopback address
Define SDWAN RULES for VPN traffic ( LAN subnets of HQ-DC and BR-DUBAI
Verification of REDUNDANT TUNNELS
FortiGate Hub and Spoke Tunnel LAB
Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
Configuring Hub and Spoke Tunnel and Tunnel ip
Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
Configuring Lan to Tunnel Firewall policy with clone reverse
Configuring Tunnel to Tunnel Policy on Hub and verification
FortiGate ADVPN ( Auto Discovery VPN ) LAB
VPN Classification based on Deployment
ADVPN and Logical Topologies
ADVPN Messages
Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
ADVPN Configuration HUB-DC
ADVPN Configuration SPOKES
Configuring ADVPN Tunnel Interface IP via CLI
Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
FortiGate ADVPN Tunnel with SD-WAN LAB
Basic configuration of HUB-DC and SPOKES with Static route for Underlay connectivity
Dual ADVPN Tunnels Configuration on HUB-DC
Dual ADVPN Tunnels Configuration on SPOKES
Configuring ADVPN Tunnels Interface IP via CLI on HUB and SPOKES
Configuring BGP with Dynamic peering for both ADVPN on HUB-DC and advertise HUB-DC LAN subnet
Configuring BGP with Static peering for both ADVPN on SPOKES and advertise SPOKES LAN subnet
Configuring SDWAN ZONES and Membership for ADVPN and INTERNET on HUB and SPOKES
Configuring Static Route for INTERNET-ZONE
LAN-to-INTERNET Firewall Policy on HUB and SPOKES
LAN-to-ADVPN Firewall Policy and Clone Reverse on HUB and SPOKES
ADVPN-to-ADVPN Firewall Policy on HUB only
Configuring LOOPBACK on HUB, Advertise in ADVPN phase-1, LOOP-ADVPN policy with Clone Reverse
Performance SLA for HUB and SPOKEs, and SDWAN RULES for the Data Traffic
Verification of ADVPN-SDWAN
Interface Migration to SD-WAN and SD-WAN CLI LAB
Fortigate Interface Migration to SD-WAN
Fortigate SDWAN Configuration via CLI
Centralized Management via FortiManager
Initial Configuration of FortiManager
Integration of FortiGate Firewall
Configure FotiGate via Fortimanager-GUI
Configure FortiGate ADVPN with SD-WAN via FortiManager- CLI Script