By Manny Fernandez

January 16, 2020

How I Prepared for the NSE 7 Enterprise Firewall Certification

Fortinet has a Network Security Expert (NSE) program that goes from NSE 1 through NSE 8. My job function requires me to have knowledge of much of what is covered in the NSE 7 Enterprise Firewall certification.

While I can’t share the questions or content of the test, I can share what I did to get ready.

  1. Learn what the objectives are
  2. Take a class
  3. Attend a hands-on lab
  4. Study the material
  5. Practice on equipment
  6. Take sample exam
  7. Get my mind right

Objectives

  • Integrate FortiManager, FortiAnalyzer, and multiple FortiGate devices using the Fortinet Security Fabric
  • Centralize the management and monitoring of network security events
  • Optimize FortiGate resources
  • Diagnose and monitor user traffic using FortiGate debug tools
  • Troubleshoot issues with conserve mode, high CPU, firewall policies, session helpers, IPsec, FortiGuard, content inspection, routing, and HA
  • Harden the enterprise services
  • Simultaneously deploy IPsec tunnels to multiple sites using the FortiManager VPN console
  • Configure ADVPN to enable on-demand VPN tunnels between sites
  • Combine OSPF and BGP to route the enterprise traffic

Class

I actually took 2 classes; in-person AND self-study. If you go to the Training Calendar on Fortinet’s training site, you can see when there are teachers giving classes either online or in a live classroom. The self-study version is self-paced of course. I waited too long after the classroom to get ready for the test so I decided to enroll in the online self-study version too. It helped me refresh the content. I downloaded the notes to my iPad and marked it up with notes and highlights.

Lab

If you are like me, actually doing something makes it stick better in my mind. With both the in-person and self-study online versions, you have access to lab environments. There are a lab guide and an instructor available to answer questions if you get stuck. Yes, even when you select the online self-study option, there is an option to enroll in a teacher-led lab. You have to finish your online class and then there is a link to register for the lab if you want.

Material

These are the chapters in the guides. Study these. They pretty much all are necessary for preparation.

  1. Security Fabric
  2. FortiOS Architecture
  3. Traffic and Session Monitoring
  4. Routing
  5. FortiGuard
  6. High Availability
  7. Central Management
  8. OSPF
  9. Border Gateway Protocol (BGP)
  10. Web Filtering
  11. Intrusion Prevention System (IPS)
  12. IPsec
  13. Autodiscovery VPN(ADVPN)

Practice

I have gear in my home lab to mess around on. I went through setting up and tearing down FortiGates both directly in the GUI, CLI, and using FortiManager. Actually, you should know the process of using FortiManager for onboarding and maintaining since Central Management is part of the materials above (Chapter 7). I even went through CLI and TCL scripting as you never know what you will end up needing to know. I also did a lot of troubleshooting and debugging commands and reading outputs and I am sure glad I did.

Sample Exam

I just used the Sample Exam offered in the NSE 7 library, which will require a Fortinet Training login. It is only 20 questions so it is not very in-depth for preparation, but it does give you the direction of what to think about. I would take each question I missed or struggled with and go back to the video and digital content to dig in deeper. Then, if necessary, try it out on equipment so it would sink in better. Don’t look for brain dumps out there. The point of NSE 7 is so you know how to troubleshoot and administer advanced settings in a FortiGate. If you need the certification, you obviously need the knowledge too. Get the knowledge, not just the answers.

Mind

I find the more I prepare, the better off my mind is. I don’t want the distraction of wondering if I did enough. I also remind myself, if I fail, it feels bad, but I still have opportunities to recover. Once I wait 15 days, I can take it again and I will be that much more prepared. I usually do a little meditation to clear my mind. When I walk in to the testing center I smile at the people that sign me in, am pleasant,  and just try to be a positive person. I don’t have room for negativity when I am testing myself. Just relax, take your test, and live with the results…PASSED!

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story