Arrow Electronics, Inc.

NSE 6 Web Application Firewall Class - FortiWeb


LENGTH: 3 dage

PRICE: kr 12.310,00


In this 3-day class, you will learn to deploy, configure, and troubleshoot Fortinet's web
application firewall: FortiWeb. Instructors explain key concepts of web application security, and lead lab exercises where you will explore protection and performance features. Through traffic and attack simulations with real web applications in the lab, you will learn how to distribute load from virtual servers to real servers while enforcing logical parameters, inspecting flow, and securing HTTP session cookies.

Product Version
FortiWeb 5.3

? Instructor-led classroom
? Instructor-led online*
? Self-paced online


  • Understand application-layer threats?
  • Fight defacement & DoS disrupting live trafficwithout Prevent zero-day attacks compliance with OWASP Topex post facto Give apps 10 for 2013 & PCI DSS 3.0
  • Discover vulnerabilities in your servers & hosted web apps for tailored, efficient protection
  • Configure FortiGate together with FortiWeb for stronger HTTP and XML application security
  • Prevent accidental scan circumvention, yet allow FTP, and SSH
  • Configure blocking & reporting for an external
  • FortiADC/FortiGate & FortiAnalyzer
  • Choose the right operating mode?
  • Balance load among a server pool?
  • Enforce SSL/TLS, authentication, & sophisticated access control for “naked” apps
  • Train FortiWeb to defend your specific apps?
  • Blacklist suspected hackers, DDoS participants, and content scrapers
  • Troubleshoot traffic flow, including for FTP/SSH?
  • Diagnose false positives & customize signatures?
  • Optimize performance


Anyone who is responsible for day-to-day management of a FortiWeb appliance.



  • Knowledge of OSI layers & HTTP protocol dynamic page languages such as PHP
  • Basic knowledge of HTML, JavaScript, and server-side
  • Basic experience with FortiGate port forwarding


1 WAF Concepts
2 Basic Setup
3 Integrating External SIEM
4 Integrating Front-End SNAT & Load Balancers

5 DoS & Defacement
6 Signatures, Sanitization & Auto-learning
8 Authentication & Access Control
9 PCI DSS 3.0 Compliance
10 Caching & Compression
11 Rewriting & Redirects
12 Troubleshooting

Session Dates