NSE 4 is a certification from Fortinet for Network Security Professional who handles the FortiGate day-to-day configuration, troubleshooting and operations to support corporate network security policies. It is an entry level Network Security Professional certificate from Fortinet. Although we have NSE 2 and NSE 3, they are mainly for Sales Engineers to develop their skills required to sell the Fortinet Gateway Solutions & Fortinet Advanced Security. NSE 1 helps in learning the basic understanding of general Network Security Concepts.
- Name of the Exam: Fortinet NSE 4 – FortiOS 6.4
- Exam series: NSE4_FGT-6.4
- Number of questions: 60
- Time allowed to complete: 105 minutes
- Language: English and Japanese
- Scoring method: Answers must be 100% correct for credit. No partial credit is given. There are no deductions for incorrect answers.
- Type of questions: Multiple choice
- Transcript and certificate: Your Fortinet NSE Institute transcript is updated within five business days after you pass the exam. After that, you will be able to download a printable certificate from the NSE Institute.
Validity of the NSE4 Certification:
It is valid for two years from the date of passing the exam.
Exam Schedule and Retake Policy:
Exam appointments can be rescheduled or cancelled prior 24 hours to the exam appointment date through your Pearson Vue account, otherwise the exam will not be rescheduled or cancelled.
Candidates must wait for 15 days between the unsuccessful NSE4 certification attempts.
NSE4 Recertification Policy:
- Once the NSE 4 certification expires, you must recertify by taking the NSE4 examination in Pearson Vue test centre.
- NSE4 while on validation can be renewed by taking NSE 7 certification.
- Clearing NSE 8 certifications will renew all the Expired NSE certifications.
Syllabus has been divided into two modules FortiGate Infrastructure and FortiGate Security,
Under the FortiGate infrastructure module you will learn the basic topics that are necessary to set up the firewall and some of the advanced topics.
- Routing & Layer 2 Switching - In this Section, you will learn about Route lookup, static routes, policy routes, Internet service routing, Monitoring the route, ECMP methods, Configuring ECMP, RPF methods, Configuring RPF, RPF checking, best practices of Routing and troubleshooting routing issues. In the Layer 2 switching section, you will learn how to use the Layer 2 switching and transparent operation mode on FortiGate.
- VDOM - It briefs about the definition of Vdom, different modes of VDOM, Inter-vdom link, creating vdom administrators, best practices and troubleshooting common VDOM issues.
- SD-WAN - Introduction to SD-WAN, Configuring the SD-WAN virtual interfaces, SDWAN routes, Configuring Performance SLA, SD-WAN rules, Monitoring SD-WAN link usage, traffic routing.
- IPSEC VPN - It talks about the topics like How does IPsec work, Different VPN topologies, VPN modes, Redundant VPN, Monitor the IPsec logs and troubleshooting the IPsec issues.
- FSSO - FSSO topics explained on different modes of FSSO, Configuration of FSSO agent, NTLM authentication, Integration of FortiGate with Active Directory and Monitoring FSSO log messages and basic FSSO troubleshooting.
- HA - In this section you will learn about the fundamentals of FortiGate HA and how to configure it, HA operation modes, HA cluster synchronization, Failover, Monitoring and troubleshooting the HA related issues.
- Web Proxy - Understand the fundamentals of web proxy operations, Web proxy concepts, Configuration, Web proxy authorization and authentication.
- Diagnostics - Final Section of FortiGate Infrastructure module shows on how to read traffic logs, General Diagnosis, how to run hardware tests, High CPU and Memory Troubleshooting.
In the FortiGate Security module you will learn how to use the basic features of FortiGate including the Security profiles. In FortiGate Security labs, you will explore firewall policies, security fabric, user authentication, SSL VPN, and how to protect your network using security profiles such as IPS, antivirus, web filtering, application control, and more. Below are the topics being covered:
- Introduction and Initial Configuration: On this Section, you learn the steps required for initial setup of the FortiGate and basics of FortiGate. It also helps in understanding where the FortiGate fits in the network Architecture.
- Security Fabric: Security Fabric talks about how all of the Fortinet Network devices in the environment are integrated into a single console by which you can achieve central management, Greater Visibility, and automated defence.
- Firewall Policies and NAT rules: Firewall Policies are the main core component of the firewall, this tells which traffic/source/destination are allowed or denied passing through the FortiGate. Also, it explains about various components in Firewall Policy. It also talks about basics and modes of NAT, Configuration of NAT rules and this provides you a good start for implementation of NAT rules in your organization. Also helps in understanding how the sessions are created, Session Diagnostics, Best Practice and Troubleshooting the NAT related issues.
- Firewall Authentication: This section outlines how to use authentication on firewall policies. Methods of authentication, Remote authentication servers, Authenticating using Captive Portal. Monitoring and troubleshooting the authentication issues.
- Logging and Monitoring: Talks about how to configure local and remote logging, View, search, monitor and protect, backing up, and downloading the logs. Configuring alert mail, Threat weight.
- Certificate Operations: Certificate Operations section talks on why does the FortiGate uses the certificate, how does the FortiGate manage certificate’s, how it uses the certificate for authentication, different SSL Inspection modes, Generating CSR, Installing and download the certificate.
- SSL VPN: This lesson describes the SSLVPN, Configuration of SSL VPN, Different modes of SSL VPN, Hardening the SSL VPN Access, Realms and Personal Bookmarks and Monitoring and Troubleshooting the SSL VPN access
- Security Profiles: Anti-Virus - How to use FortiGate to protect against viruses. Basics of Antivirus, scanning techniques & modes, configuring antivirus profile, best practices for anti-virus scanning, Monitoring, and troubleshooting the antivirus issues Intrusion Prevention System and Denial of Service - Talks about using the IPS, IPS Sensors, IPS signature databases, botnet detection, best practices of implementing the IPS, Troubleshooting the IPS issues. What is DoS, Types of Dos attack, Configuring Dos Policy to block Dos Attacks, how we can configure WAF feature to block the some of the OWASP top 10 attacks. Application Control - Learn how to configure application control profile to control or monitor the network applications that may use well known or custom ports. Scanning order and blocking behaviour, applying traffic shaping for the application control, best practice for implementation and troubleshooting the application control issues. Web Filtering - Inspection modes, different types of NGFW modes, how to use threat feed, DNS filtering, Search engine and web content filtering. Best practices for implementing the web filtering and troubleshooting the web filter issues.
Prerequisite for taking NSE4 certification:
Although there is no official prerequisite to take the NSE4 Exam, it is better to have a basic understanding of Network security concepts. Most of the NSE4 candidates have at least 6 months of experience in handling FortiGate day-to-day operations with a basic understanding of network and security concepts. However, anyone can appear for a NSE4 exam.
How do you prepare for the NSE4 exam?
We offer both Self-study and Live online/Offline courses. Some people prefer self-study and others may prefer to study in a Classroom. However, an online course with hands-on Lab will be good for anyone who is looking to pass the exam because practice helps in remembering the concepts well. It is however wise to choose the mode based on your experience with other courses.
Take NSE 4 – FortiGate Training bundle which offers practical labs where you could learn hands-on with the FortiGate topics on both FortiGate Infrastructure and FortiGate Security modules. This is a 5-day online instructor-led course where you get the opportunity to interact with the instructor and ask about any of your doubts. It helps in sharing the ideas and tools between fellow students which will encourage deep learning. Each student gets separate Lab pod for practicing the modules and each lab pod contains the below machines:
Self-Study materials, which offer the theory part of both the FortiGate Infrastructure and Security modules, allow the candidate to learn at their own pace. Fortinet provides administrative guide and CLI reference guide 6.4 which helps in understanding the topics in depth and helps in configuring the settings through CLI.
Fortinet offers Fuse Forum. It is a community where you can share insights, experience, and get answers to your questions from a product specialist. Also, you can form a study group for the discussion with people of similar interest. Sometimes members might post different types of study materials, which might be helpful for the preparation. Knowledge base helps you to find articles and technical tips for FortiGate. It also supports you in configuring settings and troubleshooting issues with FortiGate.
More Blogs for you:
Relevant Exams: Fortinet NSE 4