About this course

Course code TPFPT_NGFW
Duration 4 Days

During this four day training course, you will learn how to install, configure, administer, and support Stonesoft NGFW.

Through instruction, demonstrations, and hands-on lab practice exercises, you will learn the requirements and recommendations to successfully deploy Stonesoft NGFW in a variety of network environments. You will develop expertise in creating security rules and policies, managing users and authentication, understanding multi-link technology, configuring VPNs, deep traffic inspection, performing common administration tasks including status monitoring and reporting.

Prerequisites

  • Working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services

Delegates will learn how to

  • Understand the fundamentals of NGFW
  • Understand different installation methods
  • Understand SMC capabilities
  • Understand FW/VPN roles and clustering
  • Configure routing
  • Configure security policies
  • Understand Multi-Link technology
  • Configure Multi-Link VPNs
  • Manage users and authentication
  • Configure IPsec and SSL VPNs
  • Perform traffic and deep inspection
  • Perform common administration tasks
  • Understand monitoring capabilities
  • Configure reporting

Outline

Day 1

  • Introductions
  • Participant introductions
  • Logistics
  • Course Objectives


Next Generation Firewall Engine

  • NGFW History & Background
  • Key Benefits and Differentiators
  • Operating Modes
  • Hardware Platforms and Virtualization
  • Installation Methods
  • Licensing and Add-ons


SMC Overview

  • NGFW System Architecture
  • SMC Components / Supported Platforms
  • Management & Log Server Properties
  • WebPortal Server Properties
  • Deployment Options
  • Status View / Configuration View
  • Management Client Tools
  • Local Manager


FW/VPN Role and Clustering

  • NGFW FW/VPN Role & Requirements
  • Multi-layer Inspection
  • Single NGFW Overview
  • Clustering Technology
  • Firewall Cluster
  • IPS Serial Clustering
  • Additional Firewall Features
  • NGFW Engine Architecture


Routing and Anti-Spoofing

  • Static Routing Configuration
  • Special Routing Conditions
  • Policy Routing
  • Dynamic Routing Overview


Security Policies

  • Policy Types
  • Packet Processing Flow
  • Firewall Templates and Policy
  • Structure
  • Firewall Policy
  • Policy Tools & Rule Options
  • NAT Definition
  • Address Translation Options
  • Proxy ARP and NAT


Day 2


Log Data Management

  • Purpose of Logs
  • Log Entry Types
  • Logging Generation
  • Log Data Pruning
  • Logs View
  • Visualizing Logs
  • Filters
  • Third Party Logs


Multi-Link Technology

  • Outbound Traffic Management
  • Link Selection Methods
  • Outbound Multi-Link Configuration
  • Server Pools
  • Multi-Link for Inbound Traffic
  • Configuring Server Pools and
  • Inbound Multi-Link


Multi-Link VPN

  • Overview of VPNs
  • VPN Topologies
  • VPN High Availability
  • Policy-Based VPN Configuration
  • VPN Tools
  • Route-Based VPN


Users and Authentication

  • Managing Users
  • Directory Servers
  • Supported Authentication Methods
  • User Authentication Process
  • Browser Based Authentication


Day 3


IPsec VPN Client

  • Mobile VPN Connections
  • IPsec VPN vs SSL VPN Tunneling
  • VPN Client Configuration - Gateway Side
  • VPN Client Configuration - Client Side
  • Troubleshooting Tools


SSL VPN

  • Client Based and Clientless Access
  • SSL VPN Portal Overview
  • SSL VPN Services
  • Routing Methods
  • SSL VPN Portal Configuration


Traffic Inspection in Access Rules

  • Traffic Inspection
  • Protocol Agents
  • Applications
  • Web Filtering
  • Anti-Virus
  • Anti-Spam
  • GTI and ATD
  • Deep Inspection
  • TLS Inspection

Day 4

  • Inspection and File Policies
  • Deep Inspection
  • NGFW Policy Templates
  • Predefined Inspection Policies
  • Situation Concepts
  • Inspection Rules Tree
  • Fine-Tuning Inspection
  • Inspection Exception Rules
  • Rule Options
  • Blacklist
  • Packet Inspection Procedure


Administration Tasks

  • Role-Based Access Control
  • Alert Process
  • Log Management Tasks
  • Log Forwarding
  • System Upgrades and Backups
  • SMC High Availability
  • Location and Contact Addresses
  • Troubleshooting / Support


Monitoring, Statistics and Reports

  • Status Monitoring
  • Overviews
  • Reports
  • Report Designs, Sections, and Items
  • Geolocation Maps
  • Session Monitoring
  • Third-Party Monitoring

4 Days

Duration

This is a QA approved partner course

Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.