Fortinet FortiWeb Lab Guide for FortiWeb 6.4

Change Log
Network Topology
Lab 1: Initial Setup
Exercise 1: Configuring FortiWeb
Verify Basic Networking
Verify IP Connectivity
Configure FortiWeb Basic Settings
Exercise 2: Configuring Local Logging
Configure Local Logging
Lab 2: Basic Configuration
Exercise 1: Configuring Traffic Flow to the Web Servers Through FortiWeb
Verify Connectivity to the Web Servers
Configure a Virtual Server Pool for Web Servers
Insert a Persistent Cookie
Add a Health Check
Define the Web Servers
Configure FortiWeb Server Policies
Test the Virtual Server
Exercise 2: Configuring FortiGate Source NAT
Configure the FortiGate Virtual and Real Servers
Apply the Load Balancer
Test the FortiGate Virtual Server
Exercise 3: Configuring the Transmission of the X-Forwarded-For Header
Configure FortiWeb to Use X-Headers
Define a Group of Signatures
Test FortiWeb X-Headers
Exercise 4: Content Routing
Create a Content Routing Policy
Test the Content Routing Policy
Lab 3: Web Vulnerability Scanner
Exercise 1: Configuring the Web Vulnerability Scanner
Perform a Web Vulnerability Scan
Create and Run a Custom Scan
Exercise 2: Configuring HTTP Rewrite Rules
Create HTTP Rewrite Rules
Test HTTP Header Removal
Lab 4: Authentication and Access Control
Exercise 1: Configuring Advanced Access Control
Configure Web Protection Rules
Apply the Web Protection Rules
Test Access Control
Exercise 2: Enabling User Tracking
Configure User Tracking Rules
Create User Tracking Policies
Test User Tracking
Exercise 3: Configuring Web Authentication
Define Host Names and Users
Enable HTTP Authentication
Test the HTTP Authentication
Lab 5: Signature Configuration
Exercise 1: Blocking Common Attacks With Signatures
Attempt an XSS Attack
Attempt a SQL Injection Attack
Exercise 2: Blocking With Custom Signatures
Block Custom Attacks With FortiWeb
Test the Custom Signature
Lab 6: DoS Attack Mitigation
Exercise 1: Protecting Against a Slow Headers DoS Vulnerability
Configure the Server Policy
Test for a Slow Headers DoS Vulnerability
Distinguish Clients
Detect an Excessive Number of TCP Connections
Test TCP Floods Protection
Exercise 2: Protecting Against Defacement
Enable Defacement Detection
Deface a Website
Lab 7: Machine Learning
Exercise 1: Configuring Machine Learning Anomaly Detection
Configure the Server Policy
Configure Sample Limits
Exercise 2: Establishing the Model
Train FortiWeb
View the Learning Results
Generate an Anomaly
Exercise 3: Stopping Threats
Observe Machine Learning in Action
Review the Logs
Observe Application Changes
Review the Distribution of Anomalies
Lab 8: SSL/TLS
Exercise 1: Uploading a Server Certificate and Private Key
Upload the Server Certificate and Key to FortiWeb
Download Backup Files
Exercise 2: Implementing SSL/TLS
Offload HTTPS to FortiWeb
Test the HTTPS Offload
Lab 9: Application Delivery
Lab 10: Bot Mitigation
Exercise 1: Configuring Bot Mitigation
Configure FortiWeb Bot Mitigation
Test Bot Mitigation Protection
Lab 11: Additional Configuration
Lab 12: Troubleshooting
Exercise 1: Establishing a Baseline
Determine Baselines and Normal Use
Exercise 2: Mitigating False Positives
Reduce False Positives