نمونه کار PROJECTS & LAB SCENARIOS (pNetLab / NSE4-Level Hands-On Work)

1-Multi‑Layer Firewall Routing (DCFW / ISFW / NGFW / DEFW): Demonstrated security policy enforcement and routing control across multi‑layer firewalls in a Trust–Untrust model. Configured data‑center and internal segmentation firewalls to enforce north–south and east–west traffic inspection and applied strict access rules for authenticated clients only. Tools: Fortigate (NSE4), pNetLab, Wireshark Result: Verified end‑to‑end routing consistency and strong perimeter‑based isolation. 2-Two‑Arm Policy‑Based Routing with Web Application Firewall(waf): Designed a two‑arm WAF topology using PBR to provide deep inspection for HTTP/HTTPS traffic. Implemented dual‑stage DNAT for concealed addressing and HA links for redundancy. Tools: Putty, pNetLab via vmware Result: Achieved reliable, security‑focused web application delivery and validated anomaly detection through multi‑layer inspection. 3-IPsec + GRE Tunnel over OSPF Routing Mode: Configured IPsec and GRE tunnels to connect branch offices securely to HQ under a shared OSPF domain. Deployed OSPF area segmentation to restrict route propagation and maintain selective connectivity. Tools: Putty, pNetLab(Fortinet fws & cisco switches) on vmware Result: Validated secure branch‑HQ communication with granular route learning control and encrypted data flows. 4- BGP over IPsec Secure WAN: Implemented dynamic routing via BGP across IPsec tunnels for three branch offices connecting to HQ. Established inter‑AS BGP peering and route policies for controlled propagation. Tools: Putty, pNetLab(Fortinet fws & cisco switches) on vmware Result: Achieved scalability and flexibility in secure WAN routing with fully encrypted connectivity. 5-Final Integrated Enterprise Security Architecture: Comprehensive scenario integrating NSE4 and selected NSE7 concepts in a full enterprise simulation. Included multi-zone LAN/DC/DMZ layout, dual HA internal firewalls, PBR-based published server design, multi-circuit internet uplinks with multiple NAT strategies, and branch connectivity via IPsec. Configured limited outbound sessions for secure DC server updates and applied strict access segmentation across all user groups. Tools: Putty, pNetLab(Fortinet fws & cisco switches) on vmware Result: Delivered a complete enterprise-grade defensive architecture showcasing availability, segmentation, and compliance best practices.