Blog Detail

blog
FortiGate SD-WAN NSE-7

FortiGate NSE-7 Syllabus

  1. Fundamental of FortiGate SD-WAN
    • Introduction
    • SD-WAN Zone
    • SD-WAN Members
    • SD-WAN Components
    • SD-WAN Layers
    • Function of FortiManager and FortiAnalyzer
    • FortiGate Data Plane, Control Plane and Security
    • SD-WAN Pillars

               Underlay, Overlay, Routing, Security, Zone, Member, SLA, Rules

  • SD-WAN Architecture

             Single Device, Single Hub, Dual Hub

  • Data in Motion Terminologies

            Bandwidth, Congestion, Types of Delay, Jitter, Latency, Packet Loss

  • FortiGate ECMP Load Balancing Methods

             Source IP based, Source and Destination IP based, Weight based, Usages based

  • ECMP Vs SD-WAN
  • FortiGate Policy Routing
  • FortiGate Route Selection Process
  1. FortiGate ECMP LAB
    • Basic Configuration of FortiGate Firewall
    • Configuring Static Route for both ISPs
    • Verification of Routing Table ( Path Selection-AD & Priority)
    • Configuring and Verification of Load Balancing Methods
    • Source-ip-based,
    • Source-dest-ip-based,
    • Weight-based, Usage-based
  1. FortiGate SD-WAN LAB
    • Basic Configuration of FortiGate Firewall
    • Configuring SD-WAN Zone and its Membership
    • Configuring Static route for SD-WAN
    • Configuring and Verification of SD-WAN Load Balancing Methods
      • Source-ip-based
      • Source-dest-ip-based,
      • Sessions(Weight),
      • Spillover(Usages), Volume
  1. FortiGate SD-WAN Rules Strategy LAB
    • Basic configuration, SD-WAN Zone, Membership, SD-WAN Static route, Firewall policy
    • Configuring and Verification of SD-WAN Rules Strategy
    • Manual, Best Quality,
    • Lowest Cost,
    • Maximize Bandwidth
  1. SD-WAN Performance SLA LAB
    • Configuring and Verification of SD-WAN Performance SLA
    • Probe mode( Active, Passive, Prefer Passive)
    • Protocols ( Ping, HTTP,DNS), Target Server, Participants
    • SLA Target ( Latency, Jitter, Packet Loss )
    • Link Status ( Check Interval, failures before inactive, Restore link after)
    • Action when inactive ( Update Static route)
  1. IPSec Terminologies
    • Plain Text
    • Chiper Text
    • Encryption and Decryption,
    • Symmetric and Asymmetric Encryption,
    • Hashing ( MD5, SHA), DH group, CIA, IPsec VPN
  1. FortiGate IPsec Site-to-Site Tunnel LAB
    • Site-to-Site IPSec VPN Tunnel - Custom Based
    • Site-to-Site IPsec VPN Tunnel – Template Based
    • Site-to-Site Aggregate Tunnel
  1. FortiGate IPSec Remote VPN LAB
    • FortiGate Remote-SSL -VPN-WEB-MODE
    • FortiGate Remote-SSL -VPN-TUNNEL MODE
  1. FortiGate ( Site-to-Site ) Redundant Tunnels LAB
    • Basic configuration of HQ-DC and BRANCH with Static route & LAN-to-WAN Firewall Policy
    • Tunnel Configuration HQ-DC and BRANCH TUNNEL-ZONE and Membership ( Mapping of Redundant Tunnels with Zone )
    • Static Route for VPN Traffic with exit interface TUNNEL-ZONE ( LAN subnets of HQ-DC and BRANCH)
    • LAN to TUNNEL-ZONE Firewall policy with Clone Reverse
    • Configuring Loopback Interface for Health Monitoring
    • Advertise Loopback subnet in Tunnel Phase-2
    • Static Route for Loopback with exit interface TUNNEL-ZONE
    • LOOPBACK-HM to TUNNEL-ZONE Firewall policy with Clone Reverse
    • Configuring Loopback as a source via CLI for Health Monitoring
    • Configuring Performance SLA for Loopback address
    • Define SDWAN RULES for VPN traffic ( LAN subnets of HQ-DC and BR-DUBAI
    • Verification of REDUNDANT TUNNELS
  1. FortiGate Hub and Spoke Tunnel LAB
    • Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
    • Configuring Hub and Spoke Tunnel and Tunnel ip
    • Configuring BGP Dynamic peering on Hub and Static Peering on Spokes
    • Configuring Lan to Tunnel Firewall policy with clone reverse
    • Configuring Tunnel to Tunnel Policy on Hub and verification
  1. FortiGate ADVPN ( Auto Discovery VPN ) LAB
    • VPN Classification based on Deployment
    • ADVPN and Logical Topologies
    • ADVPN Messages
    • Basic configuration of HUB-DC and SPOKES with Static route & LAN-to-WAN Firewall Policy
    • ADVPN Configuration HUB-DC
    • ADVPN Configuration SPOKES
    • Configuring ADVPN Tunnel Interface IP via CLI
    • Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
    • Configuring BGP Dynamic peering on HUB-DC and advertise HUB-DC LAN subnet
    • Configuring BGP with Static Peering on Spokes and advertise HUB-DC LAN subnet
    • Configuring LAN to ADVPN and Clone Reverse on HUB-DC and SPOKES
    • Configuring ADVPN to ADVPN Firewall Policy on HUB-DC, Troubleshooting and Verification
  1. FortiGate ADVPN Tunnel with SD-WAN LAB
    • Basic configuration of HUB-DC and SPOKES with Static route for Underlay connectivity
    • Dual ADVPN Tunnels Configuration on HUB-DC
    • Dual ADVPN Tunnels Configuration on SPOKES
    • Configuring ADVPN Tunnels Interface IP via CLI on HUB and SPOKES
    • Configuring BGP with Dynamic peering for both ADVPN on HUB-DC and advertise HUB-DC LAN subnet
    • Configuring BGP with Static peering for both ADVPN on SPOKES and advertise SPOKES LAN subnet
    • Configuring SDWAN ZONES and Membership for ADVPN and INTERNET on HUB and SPOKES
    • Configuring Static Route for INTERNET-ZONE
    • LAN-to-INTERNET Firewall Policy on HUB and SPOKES
    • LAN-to-ADVPN Firewall Policy and Clone Reverse on HUB and SPOKES
    • ADVPN-to-ADVPN Firewall Policy on HUB only
    • Configuring LOOPBACK on HUB, Advertise in ADVPN phase-1, LOOP-ADVPN policy with Clone Reverse
    • Performance SLA for HUB and SPOKEs, and SDWAN RULES for the Data Traffic
    • Verification of ADVPN-SDWAN
  1. Interface Migration to SD-WAN and SD-WAN CLI LAB
    • Fortigate Interface Migration to SD-WAN
    • Fortigate SDWAN Configuration via CLI
  1. Centralized Management via FortiManager
    • Initial Configuration of FortiManager
    • Integration of FortiGate Firewall
    • Configure FotiGate via Fortimanager-GUI
    • Configure FortiGate ADVPN with SD-WAN via FortiManager- CLI Script