During this four day training course, you will learn how to install, configure, administer, and support Stonesoft NGFW.
Through instruction, demonstrations, and hands-on lab practice exercises, you will learn the requirements and recommendations to successfully deploy Stonesoft NGFW in a variety of network environments. You will develop expertise in creating security rules and policies, managing users and authentication, understanding multi-link technology, configuring VPNs, deep traffic inspection, performing common administration tasks including status monitoring and reporting.
Course objectives
Understand the fundamentals of NGFW
Understand different installation methods
Understand SMC capabilities
Understand FW/VPN roles and clustering
Configure routing
Configure security policies
Understand Multi-Link technology
Configure Multi-Link VPNs
Manage users and authentication
Configure IPsec and SSL VPNs
Perform traffic and deep inspection
Perform common administration tasks
Understand monitoring capabilities
Configure reporting
Target Audience:
Channel Partners:
Consultants, system architects, integrators and planners who help customers with Stonesoft NGFW implementations.
Forcepoint Sales Engineers:
Forcepoint personnel who provide pre-sales and post-sales support for Stonesoft NGFW.
Next Generation Firewall Engine (6 topics)
NGFW History & Background
Key Benefits and Differentiators
Operating Modes
Hardware Platforms and Virtualization
Installation Methods
Licensing and Add-ons
SMC Overview (8 topics)
NGFW System Architecture
SMC Components / Supported Platforms
Management & Log Server Properties
WebPortal Server Properties
Deployment Options
Status View / Configuration View
Management Client Tools
Local Manager
FW/VPN Role and Clustering (8 topics)
NGFW FW/VPN Role & Requirements
Multi-layer Inspection
Single NGFW Overview
Clustering Technology
Firewall Cluster
IPS Serial Clustering
Additional Firewall Features
NGFW Engine Architecture
Routing and Anti-Spoofing (4 topics)
Static Routing Configuration
Special Routing Conditions
Policy Routing
Dynamic Routing Overview
Security Policies (9 topics)
Policy Types
Packet Processing Flow
Firewall Templates and Policy
Structure
Firewall Policy
Policy Tools & Rule Options
NAT Definition
Address Translation Options
Proxy ARP and NAT
Log Data Management (8 topics)
Purpose of Logs
Log Entry Types
Logging Generation
Log Data Pruning
Logs View
Visualizing Logs
Filters
Third Party Logs
Multi-Link Technology (7 topics)
Outbound Traffic Management
Link Selection Methods
Outbound Multi-Link Configuration
Server Pools
Multi-Link for Inbound Traffic
Configuring Server Pools and
Inbound Multi-Link
Multi-Link VPN (6 topics)
Overview of VPNs
VPN Topologies
VPN High Availability
Policy-Based VPN Configuration
VPN Tools
Route-Based VPN
Users and Authentication (5 topics)
Managing Users
Directory Servers
Supported Authentication Methods
User Authentication Process
Browser Based Authentication
IPsec VPN Client (5 topics)
Mobile VPN Connections
IPsec VPN vs SSL VPN Tunneling
VPN Client Configuration - Gateway Side
VPN Client Configuration - Client Side
Troubleshooting Tools
SSL VPN (6 topics)
Client Based and Clientless Access
SSL VPN Portal Overview
SSL VPN Services
Routing Methods
SSL VPN Portal Configuration
Traffic Inspection in Access Rules
Traffic Inspection (8 topics)
Protocol Agents
Applications
Web Filtering
Anti-Virus
Anti-Spam
GTI and ATD
Deep Inspection
TLS Inspection
Inspection and File Policies (10 topics)
Deep Inspection
NGFW Policy Templates
Predefined Inspection Policies
Situation Concepts
Inspection Rules Tree
Fine-Tuning Inspection
Inspection Exception Rules
Rule Options
Blacklist
Packet Inspection Procedure
Administration Tasks (8 topics)
Role-Based Access Control
Alert Process
Log Management Tasks
Log Forwarding
System Upgrades and Backups
SMC High Availability
Location and Contact Addresses
Troubleshooting / Support
Monitoring, Statistics and Reports (7 topics)
Status Monitoring
Overviews
Reports
Report Designs, Sections, and Items
Geolocation Maps
Session Monitoring
Third-Party Monitoring
