Fortinet Zero Trust Access Lab Guide for FortiOS 7.2

Network Topology
Lab 1: Legacy Architecture Challenges
	Exercise 1: Integrating FortiSwitch
		Add FortiSwitch to ISFW FortiGate Management
		Configure the Default FortiLink VLAN
		Test Connectivity
	Exercise 2: Configuring Microsegmentation
		Block traffic between endpoints in same VLAN
		Manage traffic between endpoints in the same VLAN
	Exercise 3: Configuring Macrosegmentation
		Create new VLAN segments for each department
		Restrict Access to the Data Center
	Exercise 4: Using a VPN for Remote Access
		Set up a Remote Access VPN
		Examine the Security Limitations of VPNs
Lab 2: Zero Trust Components
	Exercise 1: Configuring SSL VPN With Digital Certificates
		Configure SSL VPN for Certificate-Based Authentication
	Exercise 2: Creating a PKI User and Installing the CA-Signed User Certificate
		Create a PKI User
		Add the PKI User to the Existing SSL VPN Group
		Generate a CA-Signed User Certificate on FortiAuthenticator
		Test Two-Factor Authentication With a Digital Certificate for the SSL VPN User
	Exercise 3: Configuring FSSO Authentication for Domain Computers
		Create an FSSO Agent
		Enable FortiGate SSO Authentication and DC Polling (Event Log Polling)
		Create a DC Account
		Create a FortiGate Filter
		Add the FortiAuthenticator SSO Group to the FortiGate SSO Agent
		Create an FSSO User Group
		Configure an FSSO Firewall Policy
		Test FSSO Authentication
	Exercise 4: Configuring LDAP Authentication for Non-Domain Computers (BYOD)
		Create an LDAP User and User Group
		Configure Firewall LDAP Authentication
		Test LDAP Authentication
	Exercise 5: Adding FortiClient EMS to the Security Fabric
		Integrate FortiClient EMS With the Security Fabric
Lab 3: Network Access Security With FortiNAC
	Exercise 1: Reviewing the Configuration Wizard and License Details
		Review the Configuration Wizard
		Review the License Information
	Exercise 2: Managing Certificates
		Generate a CSR
		Install SSL Certificates for the FortiNAC GUI
		Install the SSL Certificate for the Captive Portal
		Install the SSL Certificate for the Persistent Agent
	Exercise 3: Configuring Network Modeling
		Create Logical Networks
		Add FortiGate to the Inventory
		Restore the FortiGate Configuration
		Review FortiNAC Service and Captive VLANs
		Configure FortiGate Device Modeling
Lab 3B: Network Access Security With FortiNAC
	Exercise 1: Integrating FortiNAC With ISFW FortiGate and Active Directory
		Integrate With ISFW FortiGate Using Service Connectors
		Integrate Active Directory With FortiNAC
	Exercise 2: Configuring Device Profiling and Registration
		Configure Device Profiling for a Domain Connected PC
		Review FortiGate Policies for Captive Networks
		Test the Device Profiling Rule
	Exercise 3: Configuring Role-Based Access
		Configure an Access Policy for Corporate Devices
		Configure an Access Policy for BYOD Devices
		Configure an Access Policy for Guest Devices
		Configure the Self-Registration Portal
		Test Role-Based Access
Lab 4: Application Security Using ZTNA
	Exercise 1: Configuring On-Fabric Rules on FortiClient EMS
		Verify the Connection Between FortiClient, FortiClient EMS, and FortiGate
		Configure On-Fabric Detection Rules
		Verify On-Fabric Detection Rules
	Exercise 2: Configuring ZTNA Tags, Tagging Rules, and Features
		Enable ZTNA on the FortiGate GUI
		Configure FortiClient EMS ZTNA Tagging Rules
		Verify That ZTNA Tags Are Synced
	Exercise 3: Configuring a Basic HTTPS Access Proxy With SSL Certificate-Based Authentication
		Configure a Basic HTTPS Access Proxy With Certificate-Based Authentication
		Test Remote Access to the HTTPS Access Proxy
		Understand the Default Behavior of the set empty-cert-action Option
	Exercise 4: Configuring an HTTPS Access Proxy With Basic Local User Authentication and ZTNA Tags
		Configure an HTTPS Access Proxy With Basic Local User Authentication and ZTNA...
		Test the Connection for Users
	Exercise 5: Configuring a TCP Forwarding Access Proxy for RDP and SSH
		Configure a TCP Access Proxy With ZTNA Tags
		Test the Connection for Users
	Exercise 6: Configuring Basic ZTNA IP/MAC Filtering
		Configure a ZTNA IP/MAC Filtering Firewall Policy
		Test Endpoint Access Using the IP/MAC Filtering Firewall Policy
Lab 5: Secure Access With Endpoint Posture and Compliance Checks
	Exercise 1: Configuring Endpoint Compliance
		Configure User and Host Profiles
		Configure Compliance Scans
		Configure Endpoint Compliance
		Configure Endpoint Compliance Policies
	Exercise 2: Testing Endpoint Compliance for Managed Corporate Devices
		Install a Persistent Agent and Validate the Settings
		Test a Persistent Agent
	Exercise 3: Testing Endpoint Compliance for Guest and BYOD Devices
		Test Guest Device Compliance
		Test BYOD Device Compliance
	Exercise 4: Integrating MDM With Network Access
		Integrate FortiNAC With FortiClient EMS
		Modify the User/Host Profile for MDM Compliance
	Exercise 5: Configuring FortiClient EMS ZTNA Tagging Rules to Block Remotely Controlled Machines
		Configure the FortiClient EMS ZTNA Tagging Rule for Detecting an RDP Connection
	Exercise 6: Checking Compliance Using FortiClient EMS Zero-Trust Tags
		Configure the FortiClient EMS ZTNA Tagging Rule for OS Version and Antivirus ...
		Configure Firewall Policies for Compliance Checks
		Test Access Based on Endpoint Compliance
Lab 6: ZTA Enforcement and Incident Response
	Exercise 1: Manually Quarantine Off-Fabric FortiClient Endpoints
		Configure an SMTP Server and Enable Endpoint Alerts on FortiClient EMS
		Test Email Alerts and Manually Quarantine an Endpoint on FortiClient EMS
	Exercise 2: Configuring FortiAnalyzer Playbooks to Trigger Automatic Quarantine
		Enable the EMS Connector on FortiAnalyzer
		Configure Playbooks on FortiAnalyzer
		Test FortiAnalyzer Playbooks
	Exercise 3: Configuring Automated Response With FortiNAC
		Configure Security Incident Rules
		Test Automated Response