How I Prepared for the NSE 7 Enterprise Firewall Certification

Fortinet has a Network Security Expert (NSE) program that goes from NSE 1 through NSE 8. My job function requires me to have knowledge of much of what is covered in the NSE 7 Enterprise Firewall certification.

While I can’t share the questions or content of the test, I can share what I did to get ready.

1. Learn what the objectives are
2. Take a class
3. Attend a hands-on lab
4. Study the material
5. Practice on equipment
6. Take sample exam
7. Get my mind right

Objectives

• Integrate FortiManager, FortiAnalyzer, and multiple FortiGate devices using the Fortinet Security Fabric
• Centralize the management and monitoring of network security events
• Optimize FortiGate resources
• Diagnose and monitor user traffic using FortiGate debug tools
• Troubleshoot issues with conserve mode, high CPU, firewall policies, session helpers, IPsec, FortiGuard, content inspection, routing, and HA
• Harden the enterprise services
• Simultaneously deploy IPsec tunnels to multiple sites using the FortiManager VPN console
• Configure ADVPN to enable on-demand VPN tunnels between sites
• Combine OSPF and BGP to route the enterprise traffic

Class

I actually took 2 classes; in-person AND self-study. If you go to the Training Calendar on Fortinet’s training site, you can see when there are teachers giving classes either online or in a live classroom. The self-study version is self-paced of course. I waited too long after the classroom to get ready for the test so I decided to enroll in the online self-study version too. It helped me refresh the content. I downloaded the notes to my iPad and marked it up with notes and highlights.

Lab

If you are like me, actually doing something makes it stick better in my mind. With both the in-person and self-study online versions, you have access to lab environments. There are a lab guide and an instructor available to answer questions if you get stuck. Yes, even when you select the online self-study option, there is an option to enroll in a teacher-led lab. You have to finish your online class and then there is a link to register for the lab if you want.

Material

These are the chapters in the guides. Study these. They pretty much all are necessary for preparation.

1. Security Fabric
2. FortiOS Architecture
3. Traffic and Session Monitoring
4. Routing
5. FortiGuard
6. High Availability
7. Central Management
8. OSPF
9. Border Gateway Protocol (BGP)
10. Web Filtering
11. Intrusion Prevention System (IPS)
12. IPsec
13. Autodiscovery VPN(ADVPN)

Practice

I have gear in my home lab to mess around on. I went through setting up and tearing down FortiGates both directly in the GUI, CLI, and using FortiManager. Actually, you should know the process of using FortiManager for onboarding and maintaining since Central Management is part of the materials above (Chapter 7). I even went through CLI and TCL scripting as you never know what you will end up needing to know. I also did a lot of troubleshooting and debugging commands and reading outputs and I am sure glad I did.

Sample Exam

I just used the Sample Exam offered in the NSE 7 library, which will require a Fortinet Training login. It is only 20 questions so it is not very in-depth for preparation, but it does give you the direction of what to think about. I would take each question I missed or struggled with and go back to the video and digital content to dig in deeper. Then, if necessary, try it out on equipment so it would sink in better. Don’t look for brain dumps out there. The point of NSE 7 is so you know how to troubleshoot and administer advanced settings in a FortiGate. If you need the certification, you obviously need the knowledge too. Get the knowledge, not just the answers.

Mind

I find the more I prepare, the better off my mind is. I don’t want the distraction of wondering if I did enough. I also remind myself, if I fail, it feels bad, but I still have opportunities to recover. Once I wait 15 days, I can take it again and I will be that much more prepared. I usually do a little meditation to clear my mind. When I walk in to the testing center I smile at the people that sign me in, am pleasant,  and just try to be a positive person. I don’t have room for negativity when I am testing myself. Just relax, take your test, and live with the results…PASSED!