Learn from industry professionals who bring real-world experience and expertise into the classroom, providing you with invaluable insights and guidance.

FortiGate Administration Fundamentals validates essential knowledge of FortiGate next-generation firewalls, equipping you with foundational skills in network security, firewall policies, VPNs, web filtering, and threat protection. It proves your readiness to support secure networks in modern IT environments and opens doors to advanced Fortinet certifications and cybersecurity roles across industries.

DISCLAIMER:

This training material was independently developed and is not affiliated with, endorsed by, or sourced from Fortinet, Inc. It is intended for educational purposes only and is based on real-world scenarios, hands-on experience, and publicly available FortiGate knowledge.

We are not an authorized Fortinet Training Center, nor are we affiliated with Fortinet, Inc. in any official capacity. This content is not part of any Fortinet-approved curriculum and does not use or reproduce any proprietary Fortinet training material, lab manual, or certification content.

All product names, logos, and trademarks mentioned are the property of their respective owners and are used strictly for identification and reference purposes.

FortiGate 7.6 Administration Fundamentals

Pre-requisite (Basic Networking and Security Principles):

• Understanding LAN Topology and IP Subnets
• IPv4 vs IPv6 Basics
• MAC vs IP Addressing
• Layered Networking Models (Reference and Practical)
• Core Protocols: ARP, ICMP, DNS, DHCP
• Packet Structure and Data Flow
• Switches, Routers, Firewalls, and Access Points
• Network Segmentation and Broadcast Domains
• Common Design Considerations and Bandwidth Planning
• Routing and Switching Fundamentals
• NAT and Port Forwarding Concepts
• Public vs Private Addressing
• vSwitches, and Interfaces 
• The CIA Triad: Confidentiality, Integrity, Availability
• Risk, Threats, and Vulnerabilities
• Security Controls and Defense-in-Depth
• Common Attack Types (DDoS, MITM, Phishing)
• Social Engineering and Insider Threats
• Malware Classifications: Virus, Worms, Ransomware
• Encryption Concepts and Key Management
• Secure Protocols: HTTPS, SSH, TLS
• Public Key Infrastructure (PKI) Overview
• Password Policy and Multi-Factor Authentication
• Endpoint Threat Detection
• Access Control Models (RBAC, ABAC)
• Shared Responsibility in the Cloud
• Secure Storage and Cloud-native Firewalls
• Container and API Security

FortiGate 7.6 Operations and Security Configuration

Initial Setup and System Familiarization

• FortiGate Interface Overview (GUI/CLI)
• Licensing, Updates, and Feature Visibility
• System Dashboard and Widgets

Building a Secure Network Foundation

• Interface Setup and IP Configuration
• Static Routes and Default Gateway
• DNS and NTP Settings

VLANs, Trunks, and Inter-VLAN Routing

• Understanding VLAN Concepts on FortiGate
• Creating VLAN Sub-interfaces (Tagged Interfaces)
• Configuring Switch Interfaces vs. VLAN Interfaces
• Setting Up Trunk Ports to Switches (802.1Q Tagging)
• Assigning VLANs to Different Network Segments
• Inter-VLAN Routing Using Firewall Policies
• Verifying VLAN Connectivity (Ping, Packet Capture)
• Troubleshooting VLAN and Trunk Configuration Issues

Static Routing

• Default Route and Administrative Distance
• Static Route for Internal and External Networks
• Route Monitoring and Blackhole Routes
• Verifying Routes Using CLI and GUI

Creating and Managing Access Policies

• Security Policies: Structure and Evaluation
• NAT and Policy Matching Order
• Logging and Policy Monitoring

User Identification and Authentication

• Local and Remote User Accounts
• User Groups and Identity-Based Rules
• Captive Portal Integration

Enhancing Visibility with SSL/TLS Inspection

• Certificate-Based Deep Packet Inspection
• Importing CA Certificates
• Troubleshooting SSL Issues

Threat Prevention with Antivirus and IPS

• Enabling Antivirus on Firewall Policies
• Real-time Scanning and File Blocking
• Intrusion Signatures and Exploit Protection

Controlling Access to Web Resources

• URL Filtering and Category-Based Control
• Safe Search and Block Override
• Logging Web Traffic

Managing Application Use

• App Control Database and Filters
• Blocking Risky or Non-Compliant Apps
• Monitoring App Usage

Site-to-Site VPN Deployment

• IPsec VPN Wizard and Tunnel Settings
• Authentication via Pre-Shared Key
• VPN-to-LAN Policy Rules

Remote Access via SSL VPN

• SSL VPN Modes: Web and Tunnel
• Portal Customization and IP Pools
• Access Permissions and Logging

FortiGate Health and Maintenance

• Backups, Restore, and Configuration Files
• Firmware Upgrade Best Practices
• Resource Monitoring and Logs

Security Fabric and Device Integration

• Security Fabric Enablement
• Device Discovery and Authorization
• Topology View and Fabric Telemetry

FortiGate 7.6 Administration Hands-On Lab Guide

Lab Equipment

• 1 × FortiGate Firewall
• 1 × Printed Lab Guide

Introduction to FortiGate Platform

Objective: Explore the FortiGate user interface and system menus.

• Access FortiGate through browser and CLI.
• Locate key sections: Dashboard, Network, Policy, Security Profiles.
• Customize widgets on the dashboard (e.g., sessions, CPU usage).
• Rename the device and set system time.

Setting Up Interfaces and Routing Paths

Objective: Build basic internal and external connectivity.

• Assign IP addresses to internal (LAN) and external (WAN) interfaces.
• Enable HTTPS and SSH for remote access.
• Configure VLAN Subinterfaces
  • Create VLAN interfaces (e.g., VLAN10 – Sales, VLAN20 – Admin).
  • Assign IP addresses to each VLAN interface.
  • Tag VLANs appropriately on the trunk port.
• Configure Inter-VLAN Routing
  • Create firewall policies to allow communication between VLANs.
  • Test connectivity between VLAN networks (ping test).
  • Verify routing behavior using CLI (get router info routing-table all).
• Configure Static Routes
  • Set a default route for outbound internet traffic (0.0.0.0/0 via WAN gateway).
  • Add static routes for additional internal or remote networks if needed.
  • Test connectivity using ping and traceroute from FortiGate and connected PCs.

Defining Traffic Access Rules (Firewall Policies)

Objective: Control traffic flow using custom rules.

• Create LAN-to-WAN policy with NAT enabled.
• Add logging and schedule (always-on).
• Observe policy hit counters and traffic logs.
• Adjust policy order to test rule matching.
• Validate routing and policy flow across VLANs (e.g., VLAN10 ↔ VLAN20 ↔ WAN).

Implementing User Access Controls

Objective: Set user-based restrictions for internet access.

• Create local user and group.
• Enable identity-based access in firewall policy.
• Set up a captive portal for login.
• Validate behavior with user login from test client.

Monitoring Encrypted Web Traffic (SSL Inspection)

Objective: Decrypt and inspect secure web traffic.

• Enable deep inspection profile.
• Import Fortinet certificate into test browser.
• Attach profile to LAN-to-WAN rule.
• Check decrypted logs and visit HTTPS sites.

Enabling Threat Prevention via Antivirus

Objective: Block virus-infected downloads.

• Create and apply AV profile to web traffic.
• Set all protocols to block mode.
• Simulate malware download using test file (eicar).
• View threat logs.

Restricting Web Usage with Content Filtering

Objective: Limit access to non-business websites.

• Create web filter profile with blocked categories.
• Apply safe search and logging.
• Test behavior by accessing restricted websites.

Adding Intrusion Detection and Blocking (IPS)

Objective: Guard against known exploits and scan attempts.

• Apply pre-defined IPS profile to internet access policy.
• Simulate port scan from test host.
• Review triggered IPS events in log section.

Regulating Use of Specific Applications

Objective: Control social media, file sharing, and unwanted apps.

• Apply Application Control profile.
• Block or monitor social platforms, streaming, or P2P.
• Access blocked app and review detection in logs.

Creating Encrypted Site-to-Site IPsec Tunnels

Objective: Connect two FortiGate devices securely.

• Configure IKE Phase 1 and 2 with matching settings on both sides.
• Use PSK authentication and appropriate subnets.
• Verify tunnel status and run ping tests.

Building Secure Remote Access (SSL VPN)

Objective: Allow remote users to connect to internal resources.

• Configure SSL VPN portal and IP pool.
• Assign user/group access.
• Create SSL VPN policies.
• Test connection using FortiClient or web portal.

Maintaining FortiGate Health

Objective: Ensure optimal performance and configuration safety.

• Back up configuration locally.
• Review logs and monitor resources (CPU, memory).
• Simulate and document firmware upgrade steps.

Deploying Security Fabric Integration

Objective: Link FortiGate with other Fortinet devices.

• Enable Security Fabric and assign role.
• Authorize connected FortiManager/FortiSwitch/FortiAP.
• Explore topology map and automation options.

​