Fortinet FortiWeb WAF Administrator Training

Hands-on FortiWeb WAF Administration with EVE‑NG Labs for Web Security and Threat Protection with Workbook

What you'll learn
- Introduction to Web Application Security
- FortiWeb Configuration and Administration
- Configuring SSL offloading and inspection
- Performance Optimization
- Configure server pools, policies, and protected host names
- Build and configure a lab environment for FortiWeb step by step.
- Understand the fundamental concepts of Web Application Firewalls (WAF).
- Configure Content Routing
- Protect against DoS/DDoS attacks.
- Control traffic flow with Redirects & Rewrites.
- Control traffic flow with Redirects & Rewrites.
- Enable Bot Protection to stop malicious automated activities.
- Deploy FortiWeb in EVE‑NG and configure it for real web apps.
- Implement SSL offloading, load balancing, persistence, and health checks.
- Protect against common web vulnerabilities
- Configure Signatures — built‑in and custom signatures
- Configure Virtual Server, VIPs, and Server Pool
- Web App Vulnerabilities & Protection

Requirements
- Basic understanding of networking
- No prior FortiWeb experience required
- Access to a PC or virtual environment to build the lab
- Web Application Fundamentals
- Virtualization Lab Environment
- Basic knowledge of EVE‑NG
- Prior experience with Fortinet products FortiGate
- Basic Linux or Windows server administration knowledge

Description
Course Description:

Master Fortinet FortiWeb WAF administration withhands-on labsin EVE‑NG and learn how to secure web applications and APIs against real-world threats. This course takes you step by step through deployment, configuration, tuning, and advanced web protection techniques.

You’ll start bysetting up FortiWeb in EVE‑NG, adding virtual images, configuring servers and clients, and importing labs. From there, you’ll dive intocore WAF concepts, including server policies, virtual servers, VIPs, server pools, and web protection profiles.

Learn how toprotect web applications from vulnerabilitiessuch as SQL injection, XSS, CSRF, command injection, file uploads, and web shells. You’ll also configureSSL offloading, load balancing, persistence, content routing, and HTTP rewritingto optimize traffic and improve security.

Advanced sections coverDoS/BOT protection, API gateway security, JSON schema validation, and access control, giving you the practical skills to defend any web application or API. Each module includesrealistic labs, testing, verification, and troubleshooting exercises.

By the end of this course, you will be able to confidently deploy, configure, and manage FortiWeb WAFs to protect web applications, detect attacks, and ensure high availability and performance.

Who this course is for:

Network and security engineers seeking hands-on WAF experience.

Penetration testers and ethical hackers wanting to understand WAF deployment and tuning.

DevOps and application security professionals securing web apps and APIs.

IT professionals and system administrators enhancing web traffic monitoring and threat protection skills.

Requirements:

Basic networking knowledge (IP, routing, VLANs).

Understanding of web servers, HTTP/HTTPS, and web application basics.

A PC capable of running virtual labs (EVE‑NG, VMware, or VirtualBox).

Familiarity with Fortinet products, Linux/Windows server administration, or security tools like OWASP ZAP or Burp Suite.

Who this course is for:
- Network and Security Engineers
- Penetration Testers & Ethical Hackers
- DevOps and Application Security Professionals
- IT Professionals & System Administrators
- Students and Learners of Cybersecurity
- Cybersecurity students
- Individuals looking to enhance their expertise with FortiWeb
- IT Administrators
- Network and security professionals preparing for the FCP – FortiWeb 7.4 Administrator exam
More Info