Fortinet FortiGate Infrastructure Lab Guide for FortiOS 7.2

Change Log
Network Topology
Lab 1: Routing
VM Usernames and Passwords
Exercise 1: Configuring Route Failover
Verify the Routing Configuration
Configure a Second Default Route
Configure the Firewall Policies
View the Routing Table
Configure Link Health Monitors
Test the Route Failover
Restore the Routing Table
Exercise 2: Configuring Equal Cost Multipath and Policy Routing
Configure Administrative Distance
Change the ECMP Load Balancing Algorithm
Verify Traffic Routing
Configure Priority
Verify ECMP
Configure a Policy Route for HTTPS Traffic
Verify the Policy Route
Lab 2: VDOM Configuration
Exercise 1: Creating VDOMs and VDOM Objects
Create a VDOM
Create a Per-VDOM Administrator
Move an Interface to a Different VDOM
Add the DNS Service to an Interface
Test the Per-VDOM Administrator Account
Execute Per-VDOM CLI Commands
Exercise 2: Configuring an Inter-VDOM Link
Create an Inter-VDOM Link
Configure Routing Between VDOMs
Configure Firewall Policies for Inter-VDOM Traffic
Test the Inter-VDOM Link
Lab 3: Fortinet Single Sign-On Configuration
Exercise 1: Configuring FortiGate for FSSO Authentication
Review the FSSO Configuration on FortiGate
Assign FSSO Users to a Firewall Policy
Test FSSO
Lab 4: ZTNA
Lab 5: SSL VPN
Exercise 1: Configuring Web Mode SSL VPN
Configure the SSL VPN Settings
Create a Firewall Policy for SSL VPN
Test the SSL VPN Access
Add an Administrator-Based Bookmark to the SSL VPN Portal
Test SSL VPN Access Using the Predefined Bookmark
Examine the Web Mode Mechanism (Reverse HTTP Proxy)
Monitor an SSL VPN User
Exercise 2: Configuring SSL VPN Tunnel Mode
Add Tunnel Mode
Configure the Routing for Tunnel Mode
Configure FortiClient for SSL VPN Connections
Test SSL VPN in Tunnel Mode
Review VPN Events
Lab 6: IPsec VPN Configuration
Exercise 1: Configuring a Dial-Up IPsec VPN Between Two FortiGate Devices
Create Phase 1 and Phase 2 on Local-FortiGate (Dial-Up Server)
Create Firewall Policies for VPN Traffic on Local-FortiGate (Dial-Up Server)
Create Phase 1 and Phase 2 on Remote-FortiGate (Dial-Up Client)
Create a Static Route for VPN Traffic on Remote-FortiGate (Dial-Up Client)
Create the Firewall Policies for VPN Traffic on Remote-FortiGate (Dial-Up Cli...
Test and Monitor the VPN
Exercise 2: Configuring a Static IPsec VPN Between Two FortiGate Devices
Create Phase 1 and Phase 2 on Local-FortiGate
Create a Static Route for VPN Traffic on Local-FortiGate
Create Firewall Policies for VPN Traffic on Local-FortiGate
Test and Monitor the VPN
Exercise 3: Configuring Redundant Static IPsec VPN Tunnels Between Two FortiGate Devices
Prerequisites
Check the IPsec VPN Tunnel on Local-FortiGate
Review the VPN Configuration on Both FortiGate Devices
Test and Monitor the VPN
Create a Backup VPN Tunnel Using the IPsec Wizard
Review the Objects the IPsec Wizard Created
Adjust Routing for the Backup VPN Tunnel on Local-FortiGate
Review the Backup VPN Configuration on Remote-FortiGate
Test VPN Redundancy
Lab 7: High Availability
Lab HA Topology
Exercise 1: Configuring HA
Configure HA Settings on Local-FortiGate
Configure HA Settings on Remote-FortiGate
Observe and Verify the HA Synchronization Status
Verify FortiGate Roles in an HA Cluster
Verify Firewall Policy Configuration
View Session Statistics
Exercise 2: Triggering an HA Failover
Trigger a Failover by Rebooting the Primary FortiGate
Verify the HA Failover and FortiGate Roles
Trigger an HA Failover by Resetting the HA Uptime
Observe HA Leave and Join Messages Using Diagnostic Commands
Exercise 3: Configuring the HA Management Interface
Access the Secondary FortiGate CLI Through the Primary FortiGate CLI
Set Up a Reserved HA Management Interface
Configure and Access the Primary FortiGate Using the Reserved HA Management I...
Configure and Access the Secondary FortiGate Using the Reserved HA Management...
Disconnect Remote-FortiGate From the Cluster
Restore the Remote-FortiGate Configuration
Lab 8: Diagnostics Performance
Exercise 1: Determining What Is Happening Now
Run Diagnostic Commands
Exercise 2: Troubleshooting a Connectivity Problem
Identify the Problem
Use the Sniffer
Use the Debug Flow Tool
Fix the Problem
Test the Fix