FW FireWall

IT Gate Academy

Youssef Mohamed

Technical consultant System Engineer

Information Security Specialist Network Manager

 Introduction

Network : Sharing of Resources

Hardware: Includes computers, servers, routers, switches, cables, and

other devices.
Software: Includes operating systems, routing software, hosting software,
and other software.
Protocols: A set of rules and agreements that define how data is
transmitted and exchanged.
Configuration: Involves configuring hardware, software, and protocols, as
well as setting IP addresses and other settings.
Security: Involves security measures like passwords, firewalls, and digital
certificates.
Services: Include email, websites, file sharing, remote printing, and online
gaming.
What is a firewall ?
Device or software used to protect Network or host from malicious traffic

Used to permit or deny packet based on policy

Place between Trusted network & untrussed Network

The FortiGate firewall is an advanced security device used to protect networks and
information systems from cyber threats. FortiGate is a product and integrated solution
provided by Fortinet, and it offers a range of multiple security services in a single
device.

In essence, the FortiGate device monitors the flow of data and communications into
and out of the network, verifies their integrity, and controls them based on predefined
policies. FortiGate utilizes techniques such as data filtering, threat analysis, intrusion
detection, encryption, and access management to provide strong network protection,
preventing hacking attempts, malware, and other threats.
 FW Type

Host Firewall : A Host Firewall is installed on an individual computer or host

(such as a server or desktop device) to directly protect that host. It operates at
the core system level of the host and guards it against unauthorized
connections and external threats. This type of firewall uses rules and policies to
control the inbound and outbound data traffic from the host itself

Network Firewall : A Network Firewall is installed on a dedicated device (such as

a FortiGate device ) and placed at the boundary between the trusted network
and the untrusted network (such as the Internet). It monitors and analyzes the
data traffic flowing to and from the internal network. This type of firewall uses
rules and policies to control the data traffic based on information such as IP
addresses, TCP/UDP ports, and utilized protocols
 The evolution of Network Firewall
IOS Based
ACL
ZBF (zone based firewall)

Hardware Appliance
Cisco : PIX - ASA - Firepower - FTD
Fortinet
Palo alto
Checkpoint
Sophos
Products
 Products
FortiGate: FortiGate is Fortinet's flagship product and is a next-generation firewall
(NGFW) that provides comprehensive threat protection. It combines firewall, VPN,
intrusion prevention, antivirus, and other security features in a single platform.

FortiAnalyzer: FortiAnalyzer is a centralized logging and reporting appliance. It

collects and analyzes log data from Fortinet devices, providing insights into
network traffic, security events, and user activity.

FortiManager: FortiManager is a centralized management platform that allows

administrators to configure, monitor, and manage multiple FortiGate devices from a
single interface. It helps streamline device management and policy enforcement.
FortiClient: FortiClient is an endpoint protection solution that includes antivirus,
web filtering, and VPN capabilities. It helps secure devices such as desktops,
laptops, and mobile devices.

FortiWeb: FortiWeb is a web application firewall (WAF) designed to protect web

applications from common security threats, including SQL injection, cross-site
scripting (XSS), and more.

FortiMail: FortiMail is an email security solution that provides protection against

email-borne threats, including spam, malware, phishing, and data loss.

It's important to check Fortinet's official website or contact Fortinet directly for the
most up-to-date information on their product offerings and functionalities.
Certificates
 FW Generation
First Generation Firewall:
Layer 1 Control (Link Layer):
Focuses on controlling data flow based on IP addresses and port numbers.
Packet Inspection:
Relies primarily on link layer and network layer information for rule-based allow or deny
decisions.
Limited Filtering Capabilities:
Primarily depends on link layer and network layer information.

Next-Generation Firewall (NGFW):

Enhanced Inspection and Filtering:
Integrates link layer control with application identification and content monitoring.
Application Inspection:
Examines data at the application level for more detailed control over data streams.
Response to Advanced Threats:
Includes advanced features like advanced threat detection and prevention of malware
attacks.
Unified Threat Management (UTM):
Multilayer Integration:
Integrates firewall features with email security, web monitoring, and threat
detection.
Single Management for Protection:
Provides a unified interface for managing all security aspects, making it easier for
users to handle protection.
Behavior Analysis:
Uses behavior analysis to detect unusual patterns or attacks.
Reporting and Statistics Provision:
Offers periodic reports on security activities and detected threats.

In conclusion, firewalls evolve from generation to generation to meet increasing security

requirements. Later generations provide improvements in areas such as application
inspection and advanced threat detection. UTM takes this a step further by offering
comprehensive integration of various security services.
Intrusion Detection System (IDS):
Role:
Used to monitor unauthorized activities and provide alerts upon detection, but it does not take automatic
actions to prevent attacks.
Alerting:
Sends alerts or notifications when suspicious activity or a potential attack is detected.
Integration with Firewalls:
Can be integrated with firewalls to enhance its detection capabilities.

Intrusion Prevention System (IPS):

Role:
Performs the same role as an intrusion detection system but, in addition, takes automatic actions to
prevent detected attacks.
Alerting and Immediate Intervention:
Sends alerts similar to IDS but also has the ability to intervene immediately to prevent the attack.
Integration with Firewalls:
Integrates with firewalls to achieve maximum security.

In summary, an Intrusion Detection System detects and alerts, while an Intrusion Prevention System detects
and takes immediate actions to prevent attacks. Both can integrate with firewalls for enhanced overall
security.
 Gives rise to
Directly
affacts
COUNTERMEASURE THREAT AGENT THREAT

Exploits
Can be
safeguarded by

EXPOSURE Definition VULNERABILITY

Causes Loads to

ASSET RISK

Can damage
Security, What they are, and the function of each one ?
Information Security is a field that focuses on protecting information and data from
unauthorized access, unwanted use, damage, and manipulation. The goal of information
security is to ensure the confidentiality, integrity, and sustained availability of systems
and infrastructure.

The teams in the field of information security can be divided into two main groups: the
Red Team and the Blue Team.

Red Team: They work on testing the strength and vulnerabilities of systems, applications,
and networks. The Red Team uses system penetration techniques and penetration
testing to identify weaknesses and vulnerabilities in systems. The goal of the Red Team is
to discover vulnerabilities and control them before real attackers exploit them.

Blue Team: They work on developing and implementing protection strategies and
security measures to safeguard systems and data from attacks. The Blue Team analyzes
logs, activities, and verifies systems to detect any unauthorized or suspicious activities.
The goal of the Blue Team is to strengthen systems and ensure they are properly
protected to prevent attacks and intrusions.
 Track

1 2 3 4 LAB
Introduction What is a firewall ? FW Type The evolution of TROUBLESHOOT
Network Firewall

LAB 5 6 7 8
TROUBLESHOOT
FW Generation IDS & IPS What is the Security ? Hash & Encryption

9 10 11 LAB
TOPOLOGY
Certificates Install & Basic config config interface & zone TROUBLESHOOT
 Track

12 13 14 15 LAB
Config DHCP Manage object User authentication Routing TROUBLESHOOT

LAB 16 17 18 19
TROUBLESHOOT
NAT Access policy Web filter -SSL App filter & file control
inspection

20 21 22 23
Monitoring VDOM & HA FINAL LAB
DOS protection VPN
Network Protocols, What they are, and the function of each one ?
Protocols in networks are a set of rules and agreements that govern the exchange of
information and data between connected devices in a communication network. These
protocols determine how data is organized, routed, and delivered across the network.
Below is an explanation of some common network protocols and their functions

IP Address (IP Address): An IP address is a digital address assigned to each device connected to a network. It is used in the Internet Protocol (IP)
to identify and distinguish devices on the network. An IP address consists of a series of numbers that represent the network address and the
device address in that network. IPv4 addresses consist of 4 parts separated by dots, while IPv6 addresses consist of 8 parts separated by
colons.
MAC Address (MAC Address): A MAC address is a unique identifier for each network interface in a computer or network device. This address is
assigned by the device manufacturer and cannot be changed. MAC addresses are used in the Media Access Control (MAC) layer of the OSI
model (Layer 2) to identify the recipient or sender device in a local network.
Hypertext Transfer Protocol (HTTP): HTTP is one of the most important network protocols on the Internet. It is used to transfer
web pages and textual content between servers and clients (such as web browsers). It specifies the method for formatting and exchanging data
between the server and the client.
Simple Mail Transfer Protocol (SMTP): SMTP is used for sending and delivering email over the network. It defines the method for routing and
delivering email messages between different mail servers.
File Transfer Protocol (FTP): FTP is used for transferring files between computers over the network. It allows users to upload and download files
to and from remote servers.
Transmission Control Protocol (TCP): TCP works in conjunction with IP to ensure reliable and ordered delivery of data. TCP handles the
fragmentation of data into smaller packets, their sequencing, and reassembly upon reaching the intended destination.
User Datagram Protocol (UDP): UDP is a connectionless and unreliable transport protocol. It is used to transmit data packets over the network
without the need for delivery confirmation or reassembly of received data. UDP is typically used in applications that require fast
responsiveness, such as media streaming and network gaming, where low latency is more important than ensuring reliable data delivery.

NOTE : These are just some common examples of network protocols. There are many other protocols in use