FortiGate SD-WAN NSE-7
FortiGate NSE-7 Syllabus
- Fundamental of FortiGate SD-WAN
- Introduction
- SD-WAN Zone
- SD-WAN Members
- SD-WAN Components
- SD-WAN Layers
- Function of FortiManager and FortiAnalyzer
- FortiGate Data Plane, Control Plane and Security
- SD-WAN Pillars
Underlay, Overlay, Routing, Security, Zone, Member, SLA, Rules
Single Device, Single Hub, Dual Hub
- Data in Motion Terminologies
Bandwidth, Congestion, Types of Delay, Jitter, Latency, Packet Loss
- FortiGate ECMP Load Balancing Methods
Source IP based, Source and Destination IP based, Weight based, Usages based
- ECMP Vs SD-WAN
- FortiGate Policy Routing
- FortiGate Route Selection Process
- FortiGate ECMP LAB
-
- Basic Configuration of FortiGate Firewall
- Configuring Static Route for both ISPs
- Verification of Routing Table ( Path Selection-AD & Priority)
- Configuring and Verification of Load Balancing Methods
- Source-ip-based,
- Source-dest-ip-based,
- Weight-based, Usage-based
- FortiGate SD-WAN LAB
-
- Basic Configuration of FortiGate Firewall
- Configuring SD-WAN Zone and its Membership
- Configuring Static route for SD-WAN
- Configuring and Verification of SD-WAN Load Balancing Methods
- Source-ip-based
- Source-dest-ip-based,
- Sessions(Weight),
- Spillover(Usages), Volume
- FortiGate SD-WAN Rules Strategy LAB
-
- Basic configuration, SD-WAN Zone, Membership, SD-WAN Static route, Firewall policy
- Configuring and Verification of SD-WAN Rules Strategy
- Manual, Best Quality,
- Lowest Cost,
- Maximize Bandwidth
- SD-WAN Performance SLA LAB
-
- Configuring and Verification of SD-WAN Performance SLA
- Probe mode( Active, Passive, Prefer Passive)
- Protocols ( Ping, HTTP,DNS), Target Server, Participants
- SLA Target ( Latency, Jitter, Packet Loss )
- Link Status ( Check Interval, failures before inactive, Restore link after)
- Action when inactive ( Update Static route)
- IPSec Terminologies
-
- Plain Text
- Chiper Text
- Encryption and Decryption,
- Symmetric and Asymmetric Encryption,
- Hashing ( MD5, SHA), DH group, CIA, IPsec VPN
- FortiGate IPsec Site-to-Site Tunnel LAB
-
- Site-to-Site IPSec VPN Tunnel - Custom Based
- Site-to-Site IPsec VPN Tunnel – Template Based
- Site-to-Site Aggregate Tunnel
- FortiGate IPSec Remote VPN LAB
-
- FortiGate Remote-SSL -VPN-WEB-MODE
- FortiGate Remote-SSL -VPN-TUNNEL MODE
- FortiGate ( Site-to-Site ) Redundant Tunnels LAB
-
- Basic configuration of HQ-DC and BRANCH with Static route & LAN-to-WAN Firewall Policy
- Tunnel Configuration HQ-DC and BRANCH TUNNEL-ZONE and Membership ( Mapping of Redundant Tunnels with Zone )
- Static Route for VPN Traffic with exit interface TUNNEL-ZONE ( LAN subnets of HQ-DC and BRANCH)
- LAN to TUNNEL-ZONE Firewall policy with Clone Reverse
- Configuring Loopback Interface for Health Monitoring
- Advertise Loopback subnet in Tunnel Phase-2
- Static Route for Loopback with exit interface TUNNEL-ZONE
- LOOPBACK-HM to TUNNEL-ZONE Firewall policy with Clone Reverse
- Configuring Loopback as a source via CLI for Health Monitoring
- Configuring Performance SLA for Loopback address
- Define SDWAN RULES for VPN traffic ( LAN subnets of HQ-DC and BR-DUBAI
- Verification of REDUNDANT TUNNELS
- FortiGate Hub and Spoke Tunnel LAB
-
- Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
- Configuring Hub and Spoke Tunnel and Tunnel ip
- Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
- Configuring Lan to Tunnel Firewall policy with clone reverse
- Configuring Tunnel to Tunnel Policy on Hub and verification
- FortiGate ADVPN ( Auto Discovery VPN ) LAB
-
- VPN Classification based on Deployment
- ADVPN and Logical Topologies
- ADVPN Messages
- Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
- ADVPN Configuration HUB-DC
- ADVPN Configuration SPOKES
- Configuring ADVPN Tunnel Interface IP via CLI
- Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
- Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
- Configuring BGP with Static Peering on Spokes and advertise HUB-DC LAN subnet
- Configuring LAN to ADVPN and Clone Reverse on HUB-DC and SPOKES
- Configuring ADVPN to ADVPN Firewall Policy on HUB-DC, Troubleshooting and Verification
- FortiGate ADVPN Tunnel with SD-WAN LAB
-
- Basic configuration of HUB-DC and SPOKES with Static route for Underlay connectivity
- Dual ADVPN Tunnels Configuration on HUB-DC
- Dual ADVPN Tunnels Configuration on SPOKES
- Configuring ADVPN Tunnels Interface IP via CLI on HUB and SPOKES
- Configuring BGP with Dynamic peering for both ADVPN on HUB-DC and advertise HUB-DC LAN subnet
- Configuring BGP with Static peering for both ADVPN on SPOKES and advertise SPOKES LAN subnet
- Configuring SDWAN ZONES and Membership for ADVPN and INTERNET on HUB and SPOKES
- Configuring Static Route for INTERNET-ZONE
- LAN-to-INTERNET Firewall Policy on HUB and SPOKES
- LAN-to-ADVPN Firewall Policy and Clone Reverse on HUB and SPOKES
- ADVPN-to-ADVPN Firewall Policy on HUB only
- Configuring LOOPBACK on HUB, Advertise in ADVPN phase-1, LOOP-ADVPN policy with Clone Reverse
- Performance SLA for HUB and SPOKEs, and SDWAN RULES for the Data Traffic
- Verification of ADVPN-SDWAN
- Interface Migration to SD-WAN and SD-WAN CLI LAB
-
- Fortigate Interface Migration to SD-WAN
- Fortigate SDWAN Configuration via CLI
- Centralized Management via FortiManager
-
- Initial Configuration of FortiManager
- Integration of FortiGate Firewall
- Configure FotiGate via Fortimanager-GUI
- Configure FortiGate ADVPN with SD-WAN via FortiManager- CLI Script