
Identify assets, threats, vulnerabilities, and exploits within an organization, and recognize how risks arise. Implement countermeasures to protect assets in a continuous security cycle.
Protect data by applying confidentiality, integrity, and availability to data in storage and in motion, using BitLocker, VPNs, and hash checks to verify integrity and ensure availability.
Learn about malware types such as viruses, trojans, ransomware, spyware, rootkits, botnets, and adware, plus attack techniques like esquivel injection, cross-site scripting, phishing, man-in-the-middle, and data breaches.
Explore firewall technologies and types, including stateful and stateless, packet-filter, proxy, application, and personal firewalls, plus cloud-based and virtual options, with next-generation and UTM distinctions and deep packet inspection.
Understand how a web application firewall protects web and mobile apps from HTTP-based attacks by blocking injections, cross-site scripting, and parameter tampering, complementing next-generation firewalls.
Learn how next-generation firewalls use application ID, user ID, and content ID to inspect traffic, enforce policies by application and user, and deliver high-performance threat and intrusion prevention.
Explore Fortinet's FortiGate next-generation firewall, its integrated operating system, and the NSE4 exam details, including structure, price, duration, and partner access.
Configure eve-ng on VMware Workstation using the community edition for multi-vendor testing, including FortiGate firewall images; compare community versus professional edition, set up networks, storage, and updates.
Configure the eve-ng client pack for Windows to run devices, installing putty, ultra bnc, and Wireshark as needed for routers, switches, and firewalls.
Upload FortiGate firewall images to eve-ng using the fcp utility, unzip and name folders per Fortinet conventions, set permissions, and attach the VM to management and cloud networks.
Upload and configure non-fortinet lab images in EVE-NG for FortiGate NSE4 by downloading router, switch, and Linux images, unzipping them into the proper bin directories, and applying licenses.
Create and configure the lab main topology for FortiGate NSE4 training using Eve-ng, deploying FortiGate images, switches, servers, and clients, linking management, DMZ, and WAN connectivity.
Build an initial FortiGate nse4 lab in eve-ng by configuring port roles, static IPs, dns, and a basic internet access policy; then verify connectivity via browser login and tests.
Explore the FortiGate dashboard as a collection of widgets, learn to view status, security, network, and user and device dashboards, resize and customize your own layouts.
Learn to use the FortiGate firewall monitor in the dashboard to view source, destination, application, websites, policies, and sessions, and to manage real-time and non real-time logs.
Explore FortiGate firewall interfaces, including physical and virtual types, traffic flow, and grouping with zones, redundant and aggregate interfaces, loopback, and one-armed sniffers.
Deploy VLANs on FortiGate firewall by configuring trunk links to DMZ VLANs (40 and 50), assign IPs, create VLAN interfaces, and implement firewall policies to govern traffic.
Learn how to group two interfaces into a zone in FortiGate firewall to minimize policies, creating a dmz server zone and a single policy from the zone to outside.
Learn to configure a FortiGate one-armed sniffer (span/mirror) to monitor traffic, collect logs, and display source, destination, sessions, and application activity on a dashboard.
Configure FortiGate redundant interfaces to ensure failover between two links. Verify failover by simulating one interface down and observing traffic switch to the remaining interface with management IP and DNS.
Configure aggregate interfaces in FortiGate to combine two links for higher bandwidth and redundancy. Set up a port-channel with LACP on the switch, assign IPs, and apply firewall policies.
Explore how FortiGate software switch uses multiple interfaces to function as a single switch, enabling PC-to-PC communication without policies and outlining when to apply policies to reach the internet.
Build a FortiGate software switch lab topology, connect firewall, PCs, and clouds, configure interfaces as a software switch, and enable DHCP and DNS for inter-device communication.
Explore FortiGate's virtual wire pair for a plug-and-play, transparent deployment that needs no subnet changes and enables traffic control, antivirus, and web-server protection.
Enable administrative access on the FortiGate management interface by allowing protocols such as ping, ssh, and http or https, and set allowed access per interface via the cli.
Configure DNS on FortiGate by enabling the DNS database, creating A, AAAA, and CNAME records, and managing forward and reverse lookup zones, including NS and SOA records.
Master static and dynamic routing on FortiGate, including connected networks, default routes, and policy-based routing, with focus on administrative distance, metrics, and redistribution.
Configure and verify static and default routes across FortiGate firewalls, assign management and data interfaces, enable DNS, and implement LAN-to-WAN policies to ensure correct traffic forwarding and return routing.
Master policy routing in FortiGate firewall, where policy rules take precedence over the routing table. Route by destination, source, protocol, or services to forward or stop traffic.
Configure and verify policy routing on a FortiGate firewall, enabling equal-cost multi-path across two links and directing traffic by source or destination, with verification via traceroute and logs.
Learn equal cost multi-path routing (ECMP) to balance traffic across multiple links, and how FortiGate uses administrative distance, priority, and source IP-based or source-destination IP-based load balancing.
Configure and verify equal cost multi-path across two ISPs using FortiGate, enabling SMB mode by source and destination IP and link monitoring for automatic failover.
Learn the fundamentals of the routing information protocol (rip), a distance-vector dynamic routing protocol, including administrative distance, split horizon, poison reverse, updates, v1 and v2 differences, and hop-count metrics.
Configure and verify RIP across three FortiGate firewalls, disable static default routes, advertise core networks and DMZ to LAN interfaces, and test connectivity.
Discover ospf, a link-state dynamic routing protocol using ip protocol 89 and spf algorithm, with md5 authentication, area zero backbone, multiple areas, ipv4/ipv6, and multicast hello via 224.0.0.5 and 224.0.0.6.
Configure and verify OSPF on FortiGate firewalls, replacing RIP due to lower administrative distance, set router-id, define area zero, advertise networks, and verify via routing tables.
Learn the border gateway protocol (BGP), a dynamic exterior routing protocol using autonomous systems, with eBGP and iBGP flavors, port 179, and policy-based route attributes for scalability.
Explore the two BGP flavors—iBGP and eBGP—and their use inside and between autonomous systems, including administrative distance, direct-connect requirements, and iBGP advertising rules.
Configure ibgp and ebgp on FortiGate firewalls, deleting ospf and rip, establishing multiple neighbors, advertising connected networks, enabling multi-hop for distant peers, and verifying routing via bgp.
Explore how FortiGate firewall can act as a dhcp server, client, or relay, automating ip, subnet, gateway, dns, and options with centralized management and reduced human error.
Configure and verify the dhcp server on FortiGate, enabling dhcp on the lan interface, setting ip ranges, gateway, and dns, then confirm client leases via dashboard and Wireshark.
Learn to configure a dhcp server on windows server, install the dhcp role, create and activate a 10.0.1.0/24 scope with gateway 10.0.1.254 and dns 8.8.8.8, then test ip assignment.
Configure dhcp relay on FortiGate when no dhcp server is available, forwarding requests as unicast to 192.168.130 and validating assignments through testing.
Explore how FortiGate firewall NAT translates private to public IPs, covering source NAT, destination NAT, central vs policy NAT, and overload, dynamic, and 1-to-1 configurations, plus virtual IP port forwarding.
Configure policy source interface overload NAT by translating internal source IPs to the outgoing interface addresses, across multiple interfaces, and verify with CLI or session view.
Explore configuring dynamic IP pools for FortiGate policies to implement source net overload, using pools instead of the interface IP, with pool creation and verification steps.
Configure a 1 to 1 ip pool in FortiGate policy and object, map 1 to 1 source nets, and observe ip exhaustion and session behavior.
Master fixed port range NAT on FortiGate using IP pools and export range to map internal sources to external IPs, with LAN-to-WAN policy and outbound traffic testing.
Configure a source port block allocation using an IP pool on a FortiGate firewall, set a 128-port block, assign ranges such as 192.168.1.130–192.168.1.132, and verify sessions via the dashboard.
Enable central source net in system settings to centrally manage source NAT across all policies, using a central IP pool and interface-based rules for LAN-to-WAN traffic.
Configure destination NAT and virtual IP on FortiGate to expose DMZ servers, translating a public IP to internal addresses and enabling port forwarding for external access.
Learn to configure vip without central snat on FortiGate, enable or disable central net, set destination net or vip for dmz policies, and verify traffic.
Create and manage FortiGate firewall policies, ordering rules top to bottom to permit or deny traffic, with implicit deny and controls over interfaces, sources, destinations, services, and schedules.
Create mac-address based firewall policies on FortiGate by locating a PC’s mac address, defining a mac address object, and applying it in a policy to allow or deny traffic.
Create a local user and a user- or group-based firewall policy on FortiGate NSE4, then test with browser prompts and explore IP, destination, and time-based rules.
Install and configure active directory domain services on Windows Server, promote the EC2 server to a domain controller for a new forest, and set static IP, DNS, and firewall settings.
Configure the local DNS on Windows Server 2012 by creating forward and reverse lookup zones, adding host records for firewalls, and enabling pointer records.
Create users and groups in Active Directory for a FortiGate lab, using a dedicated organizational unit and groups HR, IT, Sales, Support, and Admin for device administration.
Configure Windows Server 2012 as an ntp server to provide time to devices. Enable time providers, set the announce flag, and allow udp 123; verify with an ntp server tool.
Configures Windows Server 2012 as a certificate authority by installing Active Directory Certificate Services and enabling certificate enrollment, Web Enrollment, and Online Responder with SHA-256 and a new private key.
Master FortiGate Deployment, Security Profiles, VPNs, Routing, HA & Day‑to‑Day Administration
The Fortinet NSE4 Network Security Professional designation validates your ability to install, configure, manage, and troubleshoot FortiGate firewalls in real enterprise environments. This course is designed for network and security professionals who manage Fortinet security infrastructures and want to build strong, practical FortiGate skills aligned with the NSE4 certification.
You will learn how to deploy FortiGate devices, configure security profiles, implement VPNs, manage authentication, optimize routing, build redundant infrastructures, and troubleshoot effectively — all using FortiOS 7.x. The course covers every major feature used in day‑to‑day FortiGate administration.
What You Will Learn
FortiGate Deployment & Administration
Perform initial FortiGate configuration
Implement the Fortinet Security Fabric
Configure logging, monitoring, and diagnostics
Deploy and manage VDOMs for multi‑tenant environments
Configure High Availability (HA) modes and troubleshoot cluster issues
Diagnose resource, performance, and connectivity problems
Content Inspection & Security Profiles
Inspect encrypted traffic using certificates
Configure web filtering, DNS filtering, and inspection modes
Apply application control to monitor and restrict network applications
Configure antivirus scanning modes to block malware
Deploy IPS, DoS protection, and WAF to defend against attacks
Protect users and applications with comprehensive security profiles
Routing & Layer 2 Switching
Configure static routes and policy‑based routing
Deploy SD‑WAN for intelligent traffic steering across WAN links
Configure FortiGate interfaces or VDOMs as Layer 2 devices
Optimize routing behavior and troubleshoot routing issues
VPNs & Authentication
Configure site‑to‑site IPsec VPNs
Deploy SSL VPN for secure remote access
Implement Single Sign‑On (SSO)
Manage user authentication and identity‑based policies
Why This Course Is Valuable
Covers all major topics required for NSE4 certification
Step‑by‑step configuration and troubleshooting
Real enterprise scenarios, not just theory
Clear explanations suitable for beginners and experienced engineers
Builds strong, practical FortiGate administration skills
Ideal for SOC analysts, network engineers, and security professionals
Who Should Enroll
Network & Security Engineers
SOC/NOC Analysts
Fortinet administrators
IT professionals managing FortiGate firewalls
Students preparing for the NSE4 certification exam
Prerequisites
Basic networking knowledge (IP, routing, firewall concepts)
No prior Fortinet experience required
Product Versions Covered
FortiOS 7.x
Start Mastering FortiGate Today
Build the skills to deploy, secure, and operate FortiGate firewalls confidently — and prepare for the Fortinet NSE4 certification.