Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Fortinet NSE 4-FortiOS 7.6 Administrator Training Part 2/2

Name: Fortinet NSE 4-FortiOS 7.6 Administrator Training Part 2/2
Rating: 4.4 (23 reviews)

Complete FortiOS 7.6 Administrator Training for the Fortinet NSE 4 Certification with Workbook

Created byAhmad Ali

Last updated 11/2025

English

What you'll learn

Configure FortiGate basic networking from factory default settings
Configure and control administrator access to FortiGate
Use the GUI and CLI for administration
Control network access to configured networks using firewall policies
Apply port forwarding, source NAT, and destination NAT
Analyze a FortiGate route table
Route packets using policy-based and static routes for multi-path and load-balanced
Authenticate users using firewall policies
Monitor firewall users from the FortiGate GUI
Fortinet Single Sign-On (FSSO) access to network services, integrated with AD
Understand encryption functions and certificates
Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies
Configure security profiles including viruses, torrents, and inappropriate websites
Apply application control techniques to monitor and control network applications
SSL VPN for secure access to your private network
Establish an IPsec VPN tunnel between two FortiGate devices
Configure static routing
Configure SD-WAN to load balance traffic between multiple WAN links effectively
Deploy FortiGate devices as an HA cluster for fault tolerance and high performance
Diagnose and correct common problems

Course content

14 sections • 87 lectures • 13h 7m total length

Before Starting This Course3:23
Learn how to get started with the two-part Fortinet NSE 4-FortiOS 7.6 administrator training, including downloading ready-to-use lab resources, configuring topologies, and troubleshooting common lab issues.
Overview of FortiGate Security Profiles10:54
Explore FortiGate security profiles, including antivirus, web filter, application control, and IPS, and compare flow-based and proxy-based inspection that scan allowed traffic for malware and policy violations.
Antivirus Profile Configuration Lab9:33
Verify the antivirus license and FortiGuard status, configure and attach an antivirus profile to security policies, and test blocking on client PCs with security events and logs.
Web Filter Profile Configuration Lab14:44
Configure and verify a Fortinet web filter profile in the FortiOS lab, testing block, warning, and authenticate actions, and reviewing logs in firewall policy.
Static URL Filtering Configuring Lab5:10
Configure static URL filtering with a web filtering profile to block sites like bbc.com and cnn.com, then verify results in security logs and learn precedence over FortiGuard category filters.
Web Profile and Rating Override7:19
Discover web profile override and web rating override in Fortinet FortiOS, enabling temporary access for users or IPs and custom site classifications to fine-tune web filtering.
Web Rating Override Configuration Lab3:40
Configure web rating override in FortiOS 7.6 to reclassify bing.com from a search engine to a malicious website. Test the override and verify via FortiGuard tests and web filter logs.
Web Profile Override Configuration Lab12:57
Configure web profile override in Fortinet FortiOS 7.6 by applying per IP address and per user overrides, enabling proxy base inspection, and validating social networking blocks with monitor all logging.
Blocking Malicious URLs Using IPS Lab6:34
Configure an IPS profile to block malicious URLs, attach it to the firewall policy, and verify blocks using FortiGuard tests and security event logs.
Creating and Using Custom IPS Signatures7:33
Configure custom IPS signatures in the IPS profile to block traffic, enable logging, and test with real-world examples, reviewing logs to verify blocks and adjust actions.
Creating Custom IPS Filters Lab7:09
Configure a custom IPS filter in the FortiOS intrusion prevention profile to block and log threats. Test using Kali Linux, nmap, and review logs to confirm blocks.
Controlling Application Traffic Lab5:58
Configure application control security profiles, verify the FortiGuard license, and block social media in security policies while monitoring logs and forward traffic to verify blocked sites.
Application Override Configuration Lab5:59
Configure application override to selectively allow Twitter while blocking other social media, by creating a new rule that overrides the default social media block in Fortinet FortiOS lab.
Filter Override Configuration Lab6:24
Configure filter override with the application control security profile to block video and audio traffic, test with YouTube, and verify blocks via security events and logs.

Firewall Authentication5:08
Demonstrates firewall authentication using FortiGate, explains identity verification, username and password, idle timeout, and the role of user ID in identifying users, groups, and applying targeted policies.
Methods of Authentication7:48
Explore active and passive authentication methods for Fortigate firewalls, including captive portal, username/password with optional OTP, and SSL/IPsec VPN, plus Fortinet single sign on for seamless, automatic user authentication.
Captive Portal Authentication Lab7:58
Configure captive portal on a Fortigate LAN interface, restrict access to a local group of users, create local users, test authentication, and verify sessions via the dashboard and logs.
AD Active Authentication Lab10:31
Configure active authentication with Active Directory using LDAP on Fortigate, test connectivity, and map AD groups to Fortigate to enforce group or user based policies.
Verify AD Active Authentication8:17
Verify active authentication with Active Directory by logging in from multiple PCs and confirming HR and IT users appear in identities, sessions, and logs; validate via CLI LDAP test.
RADIUS Server Configuration Lab9:06
Configure a radius server on Windows Server 2019 by installing network policy and access services, registering in Active Directory, and creating a radius client with a shared secret.
RADIUS Active Authentication Lab6:03
Configure active authentication with a radius server on Fortigate, mapping radius groups and testing HR users against a Windows Server 2019 radius, then verify policy with a radius-based access rule.
Verify RADIUS Active Authentication6:19
Learn how to verify radius active authentication by testing user logins through a Fortigate firewall and Windows Server 2019, checking identities, sessions, logs, and CLI verification.

Installing FSSO Agent on AD Server7:51
Install the FSSO agent on the Active Directory server to enable passive authentication, download and install the DC and FSO agents from Fortinet, configure pooling mode, and monitor user logins.
Joining Windows 11 Client to AD4:59
Learn how to join a Windows 11 client to Active Directory, configure DNS, join the domain test.local, restart, and verify domain users such as HR1 can log in.
AD Passive Authentication Lab7:08
Configure passive authentication with Active Directory using the FSO agent, map AD groups to Fortinet single sign on, update firewall policies and routes, and verify login without entering credentials.
Verify AD Passive Authentication13:33
Learn to verify AD passive authentication by logging in with HR and sales AD users, and confirm agent-captured login details, firewall policy, and forward-traffic logs reflect the active user.

FortiGate Admin Accounts Overview7:38
Learn how Fortigate admin accounts grant access to the management interface via cli, gui, api, or ssh, and how default and additional administrator profiles control firewall access and actions.
Local Administrator Accounts Lab5:21
Create a local administrator account inside the firewall by defining a custom local profile with selective permissions. Test login to verify GUI and CLI access reflect those permissions.
Remote Administrator Accounts Lab8:36
Configure remote administrator accounts via Active Directory using LDAP, map admin and support groups to the firewall, create admin and support profiles, then test logins.

Introduction to VPN Technologies2:39
Explore how virtual private networks create a secure tunnel over the public internet to ensure data confidentiality, integrity, and authentication.
Types of VPNs Explained5:08
Explain site-to-site and remote access vpn types, including client-based and client-less options. Highlight ipsec and ssl/tls as core protocols, with des, 3des, aes, sha/md5 integrity, and pre-shared keys or certificates.
Understanding Remote-Access VPNs7:53
Explore remote access vpn types, including IPsec and ssl vpn, browser-based web mode and Forticlient tunnel mode, and split versus full tunneling with Fortigate.
SSL VPN Web Mode Deployment Lab24:40
Enable SSL VPN web mode on FortiOS 7.6, configure portal mappings for AD groups (HR, IT, and sales), and test external access to DMZ servers via the VPN.
SSL Tunnel Mode Deployment Lab16:03
Deploy ssl tunnel mode in Fortinet FortiOS by configuring tunnel access, split tunneling, and firewall policies, install FortiClient on linux, and verify access to dmz servers through the tunnel.
IPSec Remote VPN Deployment Lab25:32
Configure and test ipsec remote access vpn with the FortiGate wizard, define ip ranges and phase one/two, use pre-shared key 123456, and verify connectivity with Windows client and logs.
Template-Based IPsec Site-to-Site VPN Deployment18:35
Deploys template-based ipsec site-to-site vpn between two FortiGate firewalls, enabling connectivity between local and remote subnets using a pre-shared key and simplified phase one and two configuration.
Static IPsec Site-to-Site VPN Deployment20:08
Configure a static IPv6 site-to-site vpn between two Fortigate firewalls by building an IPsec tunnel, tuning phase 1 and 2, configuring policies and static routes, and validating with logs.
Dial-Up IPsec Site-to-Site VPN Deployment14:27
Set up and test a dial-up IPsec site-to-site VPN between two Fortinet firewalls, configuring IKEv1, phase 1 and 2, pre-shared key, policies, and automatic routes.

Software-Defined SD-WAN9:14
Explore software-defined wide area networking (sd-wan) with Fortinet, unifying multiple links into a single virtual interface for smarter routing, load balancing, health checks, and application-based routing with centralized control.
SD-WAN Components Overview8:43
Identify the Fortigate sd-wan components: sd-wan members and zone, performance SLA, sd-wan rules, manual rules, and health checks that monitor links and support centralized routing and failover.
SD-WAN Deployment Configuration Lab15:30
Configures fortinet sd-wan with two isp, creates an sd-wan zone and members, sets load balancing to source-destination ip, defines static routes, and validates dual-link usage across tests.
SD-WAN Source IP Load Balancing Method6:42
Configure the SD-WAN source IP load balancing across two gateways and two WAN ports, then verify traffic distribution with traceroute, dashboards, and logs.
SD-WAN Source-Dest-IP-Based Load Balancing Method5:35
Learn to configure and verify SD-WAN load balancing by source and destination IP in Fortinet FortiOS, using GUI and CLI, and validate with traffic, traceroute, and logs.
SD-WAN Sessions Load Balancing Method9:06
Learn to configure session-based SD-WAN load balancing across two links using weighted port one and port two, and verify the results via GUI and CLI.
SD-WAN Spillover Load Balancing Method9:13
Configure and verify spillover load balancing for SD-WAN across two ISPs using a 1024 KB spillover threshold. Do this via GUI and CLI and verify with traceroute and dashboard data.
SD-WAN Volume Load Balancing Method8:11
Configure and verify volume-based load balancing in SD-WAN using the graphical interface and CLI, set an 80/20 volume ratio, and test traffic distribution with traceroute and logs.
Understanding SD-WAN Rules3:52
learn how sd-wan rules match traffic and steer it across multiple links using top-to-bottom first-fit logic, with an implicit, volume-based rule and manual or automatic criteria.
SD-WAN Manual Strategy Lab11:22
Configure a manual SD-WAN rule to route traffic by top-down precedence, create PC2 and generic rules, test with traceroute, and switch between links based on availability.
Understanding SD-WAN Performance SLAs5:55
Understand sd-wan performance sla, a health check that monitors latency, jitter, and packet loss and can reroute traffic to healthy links using thresholds and check intervals.
SD-WAN Performance SLA Lab16:48
Configure and validate SD-WAN performance SLA on a Fortinet firewall using ping, HTTP, and DNS tests; monitor latency, jitter, and packet loss.

Understanding DHCP11:20
Learn how dhcp automatically assigns ip addresses, subnet masks, gateways, and dns, with Fortigate acting as dhcp server, client, or relay to simplify network configuration and management.
FortiGate as a DHCP Server Lab8:46
Configure a FortiGate firewall as a DHCP server on LAN, set address range 1–253 with the gateway as interface IP, test with PC clients and explore leases and reservations.
Windows Server 2019 DHCP Server5:26
Configure Windows Server 2019 as a DHCP server by installing the DHCP role and creating an IPv4 scope with gateway and DNS, then configure the firewall as a DHCP relay.
FortiGate as a DHCP Relay Lab6:15
Configure the FortiGate firewall as a DHCP relay (change mode to relay) to forward client requests to the Windows Server 2019 DHCP server and update policies to allow DHCP traffic.

FortiGate Firewall Backup & Restore9:28
Demonstrates how to back up and restore FortiGate firewall configurations using graphical interface and CLI, with encrypted and unencrypted options, and notes on reboot.
FortiGate Upgrade Firmware Lab10:53
Learn how to upgrade FortiGate firewall firmware using automatic and manual paths, verify images, back up configurations, and reboot devices while following the recommended 763 upgrade path.

Using Packet Capture on FortiGate8:23
Use FortiGate's graphical packet capture to troubleshoot by selecting an interface, applying filters (host, port, protocol), capturing DNS and HTTP traffic, saving as a pcap, and analyzing with Wireshark.
Packet Sniffing Commands Lab13:29
Learn packet sniffing to troubleshoot networks with diagnose sniffer, interface filters, verbose headers for IP and Ethernet data, and host and port filters with time formats.
Network Layer T-Shoot Commands22:03
Explore Fortinet FortiOS network layer diagnostics using practical CLI commands, including ping, traceroute, session monitoring, interface testing, routing, arp, and performance checks.

Requirements

Basic understanding of networking concepts
Familiarity with firewall fundamentals is helpful but not mandatory
EVE-NG installed on your system or server for hands-on FortiGate lab practice
Understanding the basics of virtualization E.g. EVE NG
Students need to understand Networking Fundamentals.
Understanding of networking fundamentals

Description

Course Description:

Are you ready to master FortiGate firewalls and earn your Fortinet NSE 4 - FortiOS 7.6 Administrator certification?

This course is designed to take you from foundational concepts to advanced configurations, using real-world scenarios and hands-on labs. Whether you're an IT professional, network engineer, or cybersecurity student, this course will give you the skills and confidence to deploy, manage, and troubleshoot FortiGate devices running FortiOS 7.6.

You’ll learn how to set up FortiGate firewalls in EVE-NG for your own lab environment, ensuring practical, job-ready knowledge every step of the way. Through step-by-step guidance, we’ll cover everything from basic policy creation to VPNs, high availability, and threat protection features like antivirus, IPS, and application control.

By the end of this course, you will be fully prepared to take the Fortinet NSE 4 - FortiOS 7.6 Administrator exam and apply your skills confidently in real-world networks.

FortiOS Administrator Certification:

I recommend this course for network and security professionals who are involved in the day-to-day management, implementation, and administration of a security infrastructure using FortiGate devices.

Course Description:

In this course, you will learn how to use the most common FortiGate features. In interactive labs, you will explore firewall policies, user authentication, high availability, SSL VPN, site-to-site IPsec VPN, Fortinet Security Fabric, and how to protect your network using security profiles, such as IPS, antivirus, web filtering, application control, and more. These administration fundamentals will provide you with a solid understanding of how to implement the most common FortiGate features.

Agenda:

01. System and Network Settings

02. Firewall Policies and NAT

03. Routing

04. Firewall Authentication

05. Fortinet Single Sign-On (FSSO)

06. Certificate Operations

07. Antivirus

08. Web Filtering

09. IPS and Application Control

10. SSL VPN

11. IPsec VPN

12. SD-WAN Configuration & Monitoring

13. High Availability

14. Diagnostics and Troubleshooting

Certification:
This course is intended to help you prepare for the Fortinet NSE 4 - FortiOS 7.6 Administrator exam. This exam is part of the following certification tracks:

o Fortinet Certified Professional - Secure Networking

o Fortinet Certified Professional - Cloud Security

o Fortinet Certified Professional - Security Operations

o Fortinet Certified Professional - SASE

Product Versions:

FortiOS 7.6

Objectives:
After completing this course, you will be able to:

o Configure FortiGate basic networking from factory default settings

o Configure and control administrator access to FortiGate

o Use the GUI and CLI for administration

o Control network access to configured networks using firewall policies

o Apply port forwarding, source NAT, and destination NAT

o Analyze a FortiGate route table

o Route packets using policy-based and static routes for multi-path and load-balanced

o Authenticate users using firewall policies

o Monitor firewall users from the FortiGate GUI

o Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with AD

o Understand encryption functions and certificates

o Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies

o Configure security profiles including viruses, torrents, and inappropriate websites

o Apply application control techniques to monitor and control network applications

o Offer an SSL VPN for secure access to your private network

o Establish an IPsec VPN tunnel between two FortiGate devices

o Configure static routing

o Configure SD-WAN to load balance traffic between multiple WAN links effectively

o Deploy FortiGate devices as an HA cluster for fault tolerance and high performance

o Diagnose and correct common problems

Who this course is for:

System/network administrators
Cybersecurity students
IT professionals
Anyone interested in mastering FortiOS 7.6 features through practical, step-by-step labs
Network Engineers
Security Professionals
Individuals looking to enhance their expertise with FortiGate 7.6
IT Administrators

Fortinet NSE 4-FortiOS 7.6 Administrator Training Part 2/2

What you'll learn

Explore related topics

Course content

Introduction14 lectures • 1hr 47min

Firewall Authentication8 lectures • 1hr 1min

Fortinet Single Sign-On FSSO4 lectures • 34min

Basic Administration3 lectures • 22min

FW2 Setup1 lecture • 19min

SSL & IPsec VPN9 lectures • 2hr 15min

Software-Defined SD-WAN12 lectures • 1hr 50min

DHCP4 lectures • 32min

Fundamental Maintenance2 lectures • 20min

Diagnostics & Troubleshooting3 lectures • 44min

Requirements

Description

Who this course is for: