Scribd
Upload
231 views

02 Fortinet FortiWeb Workshop v1 (Non-Certification) PDF

This document outlines the modules covered in a Fortinet FortiWeb workshop syllabus. The syllabus includes 7 modules that cover topics such as functional overviews of web application attacks and FortiWeb features, system configuration including interfaces and policies, web protection profiles and signatures, application delivery and denial of service protection, auto-learning to generate protection profiles, and troubleshooting techniques.

Uploaded by

Amirul Syakilla AO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
231 views

02 Fortinet FortiWeb Workshop v1 (Non-Certification) PDF

This document outlines the modules covered in a Fortinet FortiWeb workshop syllabus. The syllabus includes 7 modules that cover topics such as functional overviews of web application attacks and FortiWeb features, system configuration including interfaces and policies, web protection profiles and signatures, application delivery and denial of service protection, auto-learning to generate protection profiles, and troubleshooting techniques.

Uploaded by

Amirul Syakilla AO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

FORTINET

FORTIWEB WORKSHOP SYLLABUS


Module 1: Functional Overview

• Introduction to web application attacks


• Most common categories of web application attack techniques
• Benefits of using a Web Application Firewall
• FortiWeb characteristics and features
• FortiWeb family of appliances and Virtual Machines
• Operation modes

Module 2: System Configuration

• Accessing the Graphical User Interface (GUI) and the Command Line Interface (CLI)
• Real-time Dashboard
• Context Sensitive On-Line Help
• Configuring the network interfaces and V-zones
• FortiWeb routing
• IP-based forwarding
• Creating admin accounts and access profiles
• Introduction to FortiGuard subscription services
• Fail-open configuration
• High-availability (HA)
• Upgrading the firmware

Module 3: Policies and Profiles

• Server policies
• Web protection profiles
• Configuration steps
• Policy behavior by operational mode
• Virtual server
• Physical server
• Server farm
• Load balancing
• Certificate management
• SSL offloading
• SSL inspection
• Customized services
• Protected host groups

Module 4: Web Protection

• Standalone and shared IP


• IP list
• Brute force
• Cookie poison detection
• HTTP protocol constraints
• Start page and page order rules
• Parameter validation
• Upload restriction
• IP reputation
• Signature polices Anti-defacement
• URL access
• Known search engines Cross site scripting (XSS)
• SQL injection
• Bad robots
• Credit card detection
• AV scanning
• Generic attacks and known exploits Tuning the signature policy

Module 5: Application Delivery and DoS

• Authentication offloading
• Local users
• Remote authentication servers
• File compression offloading
• Introduction to DoS protection
• HTTP access limit
• Real browser enforcement
• Malicious Ips
• HTTP flood prevention
• TCP flood prevention
• SYN cookie

Module 6: Auto-Learning

• Introduction to auto-learning
• Data type group
• Suspicious URL
• Application policy
• Auto-learn profile
• Auto-learn report overview
• Generating the web protection profile from the auto-learn report
• Auto-learn best practices

Module 7: Troubleshooting

• FortiWeb unit storage structure


• Storage Maintenance
• FortiGuard troubleshooting
• Checking the system status
• Monitoring the system performance
• Network interface statistics
• Checking the ARP table
• Connectivity test commands Packet sniffer
• Event logs
• Attack logs
• Data analytics
• Bot analysis
• Blocked IPs
• Troubleshooting false-positive issues
• UDP and TCP port for outgoing and incoming connections

You might also like