Advance your cybersecurity skills with Fortinet Certified Professional (FCP) training in FortiGate Administration. Learn from industry experts who bring real-world experience into the classroom, helping you master the practical application of Fortinet technologies.

This course focuses on advanced FortiGate firewall configuration, including secure networking, user authentication, SSL inspection, deep packet inspection, high availability, and centralized management. FCP validates your ability to design, implement, and manage robust Fortinet security solutions—making you job-ready for professional roles in network security and IT operations.

DISCLAIMER:

This training material was independently developed and is not affiliated with, endorsed by, or sourced from Fortinet, Inc. It is intended for educational purposes only and is based on real-world scenarios, hands-on experience, and publicly available FortiGate knowledge.

We are not an authorized Fortinet Training Center, nor are we affiliated with Fortinet, Inc. in any official capacity. This content is not part of any Fortinet-approved curriculum and does not use or reproduce any proprietary Fortinet training material, lab manual, or certification content.

All product names, logos, and trademarks mentioned are the property of their respective owners and are used strictly for identification and reference purposes.

FCP – FortiGate 7.6 Administration

Initial Setup and System Familiarization

• FortiGate Interface Overview (GUI/CLI)
• Licensing, Updates, and Feature Visibility
• System Dashboard and Widgets

System and Network Settings

• Configure hostnames, admin access, time settings, and interfaces for system stability and identification.
• Manage DNS, DHCP, NTP, and basic network interfaces for connectivity and IP management.
• Set up interface roles, zones, and virtual switches for segmentation and traffic flow control.

Firewall Policies and NAT

• Define firewall policies to control traffic between zones, interfaces, or subnets.
• Implement Source or Destination NAT (SNAT/DNAT) for IP address translation and port forwarding.
• Use policy inspection modes (flow/proxy) and logging for traffic visibility and control.

Routing

• Configure static and dynamic routing (OSPF, BGP, RIP) for optimal path selection.
• Set administrative distances and priorities to manage route preferences.
• Monitor routing tables and diagnose connectivity issues using route lookup tools.

Firewall Authentication

• Enforce identity-based policies using local, LDAP, RADIUS, or TACACS+ users/groups.
• Configure captive portal or browser-based authentication methods.
• Apply authentication rules to specific policies for user-level access control.

Fortinet Single Sign-On (FSSO)

• Integrate with Active Directory to identify users and apply policies automatically.
• Deploy FSSO agents or polling methods to collect login information from domain controllers.
• Map user groups to security policies for seamless authentication and role enforcement.

Certificate Operations

• Generate or import SSL/TLS certificates for secure communication and inspection.
• Manage CA certificates and trust stores to validate external identities.
• Apply certificates in SSL VPN, HTTPS inspection, and admin access.

Antivirus

• Scan traffic for known malware, viruses, and suspicious file behavior in real time.
• Configure antivirus profiles for HTTP, SMTP, POP3, IMAP, and FTP protocols.
• Enable quarantine and logging options for infected files and alerts.

Web Filtering

• Use FortiGuard or custom category filters to block access to inappropriate or risky websites.
• Implement static URL filtering, keyword matching, and content rating.
• Apply web filter profiles to firewall policies for controlled web access.

Intrusion Prevention and Application Control

• Detect and block known threats, exploits, and vulnerability attacks using IPS signatures.
• Control application usage based on categories, risk levels, or specific app signatures.
• Fine-tune sensitivity levels and log/block actions per security profile.

SSL VPN

• Provide secure remote access using web or tunnel-based SSL VPN modes.
• Configure portal policies, user groups, and authentication settings.
• Apply split tunneling, bookmarks, and endpoint compliance options.

IPsec VPN

• Establish site-to-site or client VPN tunnels using IKEv1/v2 and various encryption options.
• Configure phase 1 and 2 parameters including authentication and crypto profiles.
• Monitor tunnel status and debug connectivity using diagnostic tools.

SD-WAN Configuration and Monitoring

• Aggregate multiple WAN links for intelligent load balancing and redundancy.
• Set performance SLAs (latency, jitter, packet loss) for dynamic path selection.
• Monitor link usage and application steering in real time from the SD-WAN dashboard.

Security Fabric

• Connect multiple Fortinet devices (e.g., FortiGate, FortiAnalyzer, FortiAP) into a unified security framework.
• Enable automatic device detection and threat sharing across the network.
• Visualize the topology and apply centralized policy management.

High Availability

• Configure active-passive or active-active HA clusters for redundancy and failover.
• Sync configuration and sessions between devices using dedicated HA interfaces.
• Monitor HA status, failover history, and cluster synchronization health.

Diagnostics and Troubleshooting

• Use CLI tools (e.g., diag debug, exec ping/traceroute) to test connectivity and trace issues.
• Analyze logs, session tables, and system events for root cause analysis.
• Monitor system resources (CPU, memory, disk) and interface statistics for performance tuning.

FortiGate 7.6 Operator Hands-On Lab Guide

Lab Equipment:

2 x FortiGate Firewall

1 x Printed Lab Guide

1. Initial Setup and System Familiarization

• FortiGate Interface Overview (GUI/CLI): Explore the web GUI, CLI console, and different admin modes; switch between VDOMs if enabled.
• Licensing, Updates, and Feature Visibility: Review FortiGate license info, enable FortiGuard services, and activate feature sets (e.g., NGFW, SD-WAN).
• System Dashboard and Widgets: Use widgets to monitor system health (CPU, memory, sessions), network interfaces, and threat statistics in real time.

2. System and Network Settings

• Configure interface IPs on Local-FortiGate and Remote-FortiGate (e.g., Port1, Port2, Port3, etc.).
• Set up hostnames, DNS, NTP, and admin access via HTTPS/SSH on both firewalls.
• Create zones (e.g., LAN, WAN, DMZ) and assign interfaces accordingly.

3. Firewall Policies and NAT

• Create policies on Local-FortiGate to allow traffic from Local-Client to Internet.
• Configure NAT (source NAT for Internet-bound traffic).
• Set up policy to allow communication between Local-Client and Remote-Client via Linux.

4. Routing

• Configure static routes between all networks, especially to reach Remote-FortiGate subnets.
• Set up a default route to the Internet via the Linux machine (10.200.1.254).
• Validate routes with get router info routing-table all.

5. Firewall Authentication

• Integrate FortiAuthenticator with Local-FortiGate using RADIUS or LDAP.
• Create user groups and enforce authentication in a policy for Local-Client.
• Test captive portal or browser authentication flow.

6. Fortinet Single Sign-On (FSSO)

• Connect FortiAuthenticator with Active Directory (optional if simulated).
• Enable FSSO on Local-FortiGate and configure polling or agent-based mode.
• Apply FSSO user groups to specific policies for user-based access.

7. Certificate Operations

• Generate a CSR on Local-FortiGate, sign it using a local CA, and import the certificate.
• Install CA certificates required for SSL inspection or HTTPS admin access.
• Apply the certificate to the SSL VPN portal or admin GUI.

8. Antivirus

• Enable AV scanning on a policy from Local-Client to the Internet.
• Use EICAR test file to trigger detection and observe FortiAnalyzer logging.
• Configure AV profile to quarantine infected files.

9. Web Filtering

• Create a Web Filter profile that blocks social media or gambling categories.
• Apply the profile to a policy from Local-Client to the Internet.
• Use a browser on Local-Client to test access to filtered sites.

10. Intrusion Prevention and Application Control

• Enable IPS in a policy and apply default or custom signature profiles.
• Enable App Control to block or allow specific apps (e.g., Facebook, BitTorrent).
• Monitor blocked signatures and applications in FortiAnalyzer.

11. SSL VPN

• Configure SSL VPN on Local-FortiGate using Port2 (Internet-side).
• Create a user on FortiAuthenticator and assign to SSL VPN group.
• Test tunnel mode from an external client (simulate using a VM or port-forwarding on Linux).

12. IPsec VPN

• Build a site-to-site VPN tunnel between Local-FortiGate and Remote-FortiGate.
• Use network 10.0.1.0/24 ↔ 10.0.2.0/24 for phase 2 selectors.
• Test ping and traffic between Local-Client and Remote-Client.

13. SD-WAN Configuration and Monitoring

• Simulate dual WAN (add dummy interface or VLAN) on Local-FortiGate.
• Configure SD-WAN members and performance SLAs.
• Create SD-WAN rules to direct web traffic over preferred link, with failover.

14. Security Fabric

• Add FortiAnalyzer, FortiManager, and FortiAuthenticator to Security Fabric.
• Enable device visibility and logging integration in the Fabric topology.
• View and interpret the Security Fabric topology and risk reports.

15. High Availability

• (Optional lab if a second FortiGate is available): Configure Active-Passive HA.
• Synchronize config and test failover using link disconnection or shutdown.
• Observe session sync and failover behavior.

16. Diagnostics and Troubleshooting

• Use CLI commands: diag debug flow, ping, traceroute, diag sniffer.
• Monitor logs from FortiAnalyzer to identify threats or policy violations.
• Troubleshoot routing, VPN, or policy misconfigurations using session table analysis.

​