Somo 1Kanuni za muundo wa sera: haki ndogo, deny-by-default, sheria za kuruhusu waziSoma kanuni za msingi za muundo wa firewall kama haki ndogo, deny-by-default, na sheria za kuruhusu wazi. Jifunze kuweka sera kwa uwazi, kupunguza sheria zenye kivuli, na kuandika sababu za biashara kwa kila mahitaji ya upatikanaji.
Implementing deny-by-default at the edgeDesigning least-privilege access rulesAvoiding overlapping and shadowed policiesUsing address and service groups wiselyDocumenting and reviewing business rulesSomo 2Sera ya HQ LAN kwenda Internet: vyanzo, mambo ya mwisho, huduma, mipangilio ya NAT, kurekodiJifunze jinsi ya kujenga sera salama ya HQ LAN kwenda Internet, ikijumuisha vitu vya anwani na huduma, mpangilio wa NAT, chaguzi za kurekodi, na mpangilio wa sera. Elewa jinsi ya kuepuka sheria zenye ruhusa nyingi huku ukiweka upatikanaji wa mtumiaji ukifanya kazi.
Defining HQ LAN and Internet address objectsSelecting appropriate service objects and groupsConfiguring central or policy-based NATEnabling and tuning traffic logging optionsPlacing the policy correctly in rule orderSomo 3Sera za trafiki za tovuti-kwa-tovuti: wachagua, mpangilio wa sera, na bila NAT kwa mitandao iliyofungwaJifunze jinsi ya kuunda sera kwa trafiki ya VPN ya tovuti-kwa-tovuti, ikijumuisha wachagua anwani, mpangilio wa sera, na sheria zisizo na NAT. Elewa jinsi ya kutenganisha trafiki iliyofungwa na trafiki ya moja kwa moja ya Internet na kuepuka uelekezo usio sawa au mfidhuli usiotakiwa.
Defining local and remote VPN selectorsCreating non-NAT policies for tunnelsOrdering VPN policies vs Internet rulesSeparating management and user trafficTroubleshooting common VPN policy issuesSomo 4Profile za usalama: udhibiti wa programu—kuzuia programu zenye hatari, kuunda bandwidth, na uainishajiPangilia profile za udhibiti wa programu ili kutambua na kusimamia programu bila kujali bandari. Jifunze kuzuia programu zenye hatari, kuunda bandwidth, na kurekebisha jamii huku ukifuatilia magunia ili kuboresha sera bila kukatiza trafiki ya biashara.
Selecting base application control profilesBlocking high-risk and unwanted appsApplying per-application bandwidth limitsUsing categories and overrides wiselyReviewing logs to refine app policiesSomo 5Sera ya BR LAN kwenda Internet: vyanzo, mambo ya mwisho, huduma, mipangilio ya NAT, kurekodiPangilia sera salama ya tawi LAN kwenda Internet inayolingana na viwango vya HQ. Jifunze kutumia upya vitu, kutumia NAT, na kuwezesha kurekodi huku ukizingatia breakout ya ndani, bandwidth ndogo, na mahitaji tofauti ya kufuata au maudhui.
Reusing global vs local address objectsDefining branch-specific service policiesConfiguring NAT and IP pools for branchesAligning logging with central reportingHandling local Internet breakout trafficSomo 6Kurekodi na usimamizi wa kikao ndani ya sera: kuwezesha kurekodi, nyanja za syslog, na athari za matumizi ya diskiElewa jinsi ya kuwezesha na kurekebisha kurekodi kwenye sera, ikijumuisha aina za log, ukali, na mambo ya mwisho. Jifunze nyanja kuu za kikao, jinsi magunia yanavyoathiri matumizi ya diski, na mikakati ya uhifadhi wa log, offloading, na ripoti za kufuata.
Choosing log types and severity levelsSelecting local disk vs remote loggingUnderstanding key session log fieldsManaging disk usage and log rotationUsing logs for audits and forensicsSomo 7Sera ya HQ LAN kwenda HQ DMZ: upatikanaji uliodhibitiwa kwa seva za wavuti/barua, bandari ndogo, ukaguzi wa ndani ya zoneBuni sera za HQ LAN kwenda DMZ zinazodhibiti vikali upatikanaji kwa seva za ndani. Jifunze kuzuia bandari, kutumia profile za usalama, na kukagua trafiki ya ndani ya zone huku ukidumisha upatikanaji wa seva na kuunga mkono mtiririko wa ukaguzi au backup.
Defining DMZ server address objectsRestricting access to required ports onlyApplying security profiles to DMZ trafficAllowing monitoring and backup securelyTesting and validating DMZ access rulesSomo 8Profile za usalama: mpangilio wa uchunguzi wa wavuti, jamii, safe-search, na mazingatio ya ukaguzi wa SSLPangilia profile za uchunguzi wa wavuti na udhibiti unaotegemea jamii, kulazimisha safe-search, na chaguzi za ukaguzi wa SSL. Jifunze kusawazisha tija ya mtumiaji, faragha, na usalama huku ukipunguza maonyo ya cheti na makosa ya ukaguzi.
Building category-based web filter profilesEnforcing safe-search and YouTube controlsConfiguring SSL inspection for web trafficHandling certificate warnings and bypassesReporting and tuning blocked web activitySomo 9Profile za usalama: kurekebisha sera za IPS, sahihi, na maelewano ya utendaji dhidi ya ulinziChunguza muundo wa profile za IPS kwa aina tofauti za trafiki, rekebisha sahihi ili kupunguza kelele, na elewa jinsi hali za ukaguzi na rasilimali za vifaa zinavyoathiri uwezo. Jifunze kusawazisha kina cha kugundua na latency inayokubalika na matumizi ya CPU.
Choosing IPS default and custom profilesTuning signatures and severity thresholdsUsing flow-based vs proxy-based inspectionHandling false positives and exemptionsMeasuring IPS impact on performanceSomo 10Profile za usalama: kuweka antivirus na chaguzi za ukaguzi zinazopendekezwaElewa profile za antivirus za FortiGate, ikijumuisha ukaguzi wa wakati halisi, ufikaji wa aina za faili, na chaguzi za heuristic. Jifunze mipangilio inayopendekezwa kwa wavuti, barua pepe, na huduma za faili, pamoja na jinsi ya kushughulikia faili kubwa, akiba, na trafiki nyeti ya utendaji.
Selecting AV profiles for different policiesConfiguring full, quick, and flow-based scanHandling archives, large files, and timeoutsDealing with encrypted and compressed trafficLogging and alerting for malware eventsSomo 11Sera za inter-VDOM au inter-zone ikiwa unatumia VDOMs: utenganisho wa sera na upatikanaji wa usimamiziChunguza sera za inter-VDOM na inter-zone zinazotumiwa wakati VDOMs zinatenganisha mazingira. Jifunze kutenganisha usimamizi na trafiki ya mtumiaji, kudhibiti upatikanaji wa kiutawala, na kudumisha mipaka wazi ya sera kati ya vikoa vya usalama.
Planning VDOM roles and trust levelsCreating inter-VDOM link interfacesBuilding policies between VDOMs safelyRestricting management plane accessLogging and auditing cross-VDOM traffic
