- Lectures: 33
- Students: 4
Fortinet FortiWeb WAF Administration – Complete Hands-On Training (Self-Paced)
Course Description:
This Fortinet FortiWeb WAF Administration course is a comprehensive, self-paced training designed to help IT and security professionals deploy, configure, manage, and troubleshoot FortiWeb Web Application Firewall solutions effectively.
The course covers both theoretical concepts and practical administration tasks, enabling learners to protect web applications against common and advanced threats such as SQL injection, XSS, bots, and OWASP Top 10 vulnerabilities. You will gain hands-on knowledge of FortiWeb architecture, deployment modes, security policies, signatures, traffic inspection, logging, and monitoring.
By the end of this course, you will be able to confidently administer FortiWeb in real-world enterprise environments, implement strong web application security controls, and optimize WAF policies for performance and protection.
This is a pre-recorded, self-paced course, allowing you to learn anytime and progress at your own speed.
Who This Course Is For:
This course is ideal for:
- Network & Security Engineers
- SOC Analysts and Security Analysts
- Firewall & WAF Administrators
- Network Administrators working with Fortinet products
- Cybersecurity professionals managing web application security
- IT professionals preparing for Fortinet WAF–related roles
- Students and professionals looking to specialize in Web Application Firewall (WAF) technologies
Prerequisites:
To get the most out of this course, learners should have:
- Basic understanding of networking concepts (TCP/IP, HTTP/HTTPS)
- Fundamental knowledge of web applications and web security
- Familiarity with firewalls and security devices (FortiGate knowledge is a plus)
- Basic understanding of cybersecurity concepts
No prior hands-on experience with FortiWeb is required
Course Topics:
Module 1-NGFW Vs Web Application Firewall
Module 2-FortiWeb Overview
Module 3-FortiWeb Deployment
Module 4-Performing initial configuration
Module 5-Setting up Lab (eve-ng)
Module 6-Configuring Traffic Flow to the Web Servers through FortiWeb
Module 7- Understating VS , Pool and Health Monitors
Module 8 – Load balancing methods and Persistence
Module 9-HTTP Content Routing
Module 10-Fortiweb Operation Modes
Module 11-Server Policy and Web Protection Profile
Module 12-SQL Code Injection Attack
Module 13-URL Encryption Policy
Module 14-Link Cloaking
Module 15 – Hidden Field Manipulation
Module 16- XSS and CSRF Protection
Module 17-Man in the Browser Protection
Module 18-Syntax Based Detection
Module19-Limiting File Uploads and Web Shell Detection
Module20-HTTP Allow Method Policy
Module21-URL Access Policy
Module22-IP Protection (IP List, GeoIP and IP Reputation)
Module23-User Tracking Policy
Module24-DOS Protection
Module25-Bot Mitigation
Module26-Web Acceleration and Web Caching
Module27-Web Vulnerability Scan
Module28-SSL Offloading
Module29-Packet capture
Module30-Backup and Restore
Module31-Logs and Reports
Module32-Sequence of Scans
-
Module 1 - NGFW Vs Web Application Firewall
-
Module 2 - FortiWeb Overview
-
Lecture 2.1FortiWeb Overview
-
-
Module 3 - FortiWeb Deployment
-
Lecture 3.1FortiWeb Deployment
-
-
Module 4 - Performing initial configuration
-
Lecture 4.1Performing initial configuration
-
-
Module 5 - Setting up Lab (eve-ng)
-
Lecture 5.1Setting up Lab (eve-ng)
-
-
Module 6 - Configuring Traffic Flow to the Web Servers through FortiWeb
-
Lecture 6.1Configuring Traffic Flow to the Web Servers through FortiWeb
-
-
Module 7 - Understating VS , Pool and Health Monitors
-
Lecture 7.1Understating VS , Pool and Health Monitors
-
-
Module 8 - Load balancing methods and Persistence
-
Lecture 8.1Load balancing methods and Persistence
-
-
Module 9 - HTTP Content Routing
-
Lecture 9.1HTTP Content Routing (PART1-Theory)
-
Lecture 9.2HTTP Content Routing (PART2-Lab)
-
-
Module 10 - Fortiweb Operation Modes
-
Lecture 10.1Fortiweb Operation Modes
-
-
Module 11 - Server Policy and Web Protection Profile
-
Lecture 11.1Server Policy and Web Protection Profile
-
-
Module 12 - SQL Code Injection Attack
-
Lecture 12.1SQL Code Injection Attack
-
-
Module 13 - URL Encryption Policy
-
Lecture 13.1URL Encryption Policy
-
-
Module 14 - Link Cloaking
-
Lecture 14.1Link Cloaking
-
-
Module 16 - XSS and CSRF Protection
-
Lecture 16.1XSS and CSRF Protection
-
-
Module 17 - Man in the Browser Protection
-
Lecture 17.1Man in the Browser Protection
-
-
Module 18 - Syntax Based Detection
-
Lecture 18.1Syntax Based Detection
-
-
Module 19 - Limiting File Uploads and Web Shell Detection
-
Lecture 19.1Limiting File Uploads and Web Shell Detection
-
-
Module 20 - HTTP Allow Method Policy
-
Lecture 20.1HTTP Allow Method Policy
-
-
Module 21 - URL Access Policy
-
Lecture 21.1URL Access Policy
-
-
Module 22 - IP Protection (IP List, GeoIP and IP Reputation)
-
Lecture 22.1IP Protection (IP List, GeoIP and IP Reputation)
-
-
Module 23 - User Tracking Policy
-
Lecture 23.1User Tracking Policy
-
-
Module 24 - DOS Protection
-
Lecture 24.1DOS Protection
-
-
Module 25 - Bot Mitigation
-
Lecture 25.1Bot Mitigation
-
-
Module 26 - Web Acceleration and Web Caching
-
Lecture 26.1Web Acceleration and Web Caching
-
-
Module 27 - Web Vulnerability Scan
-
Lecture 27.1Web Vulnerability Scan
-
-
Module 28 - SSL Offloading
-
Lecture 28.1SSL Offloading
-
-
Module 29 - Packet capture
-
Lecture 29.1Packet capture
-
-
Module 30 - Backup and Restore
-
Lecture 30.1Backup and Restore
-
-
Module 31 - Logs and Reports
-
Lecture 31.1Logs and Reports
-
-
Module 32 - Sequence of Scans
-
Lecture 32.1Sequence of Scans
-
There is no review for this course