[email protected]
0
[email protected]

Shopping cart

Subtotal:

$0
View cartCheckout

Back to FCP_FGT_AD-7.4 Exam

This plan prioritizes effective learning through structured goals, daily tasks, and integrated learning methods such as the Pomodoro Technique, Ebbinghaus Forgetting Curve, and active recall. The focus is on mastering key knowledge areas with consistent review and practical application.

Plan Overview

  1. Total Duration: 4 Weeks (28 Days)
  2. Daily Study Time: 2–3 hours
  3. Learning Strategy:
    • Goal-Oriented Learning: Each day focuses on specific objectives.
    • Pomodoro Technique: Break learning into focused 25-minute intervals.
    • Active Recall: Use quizzes and flashcards to test retention.
    • Forgetting Curve Review: Scheduled revisions on Days 1, 3, 7, and at the end of each week.

FCP_FGT_AD-7.4 Weekly Detailed Study Plan

Week 1: Deployment and Configuration Basics

Primary Goal:
Understand the foundational configuration and management of FortiGate devices, including initial setup, interface configuration, DNS/NTP settings, High Availability (HA), system backups, and upgrades.

Day 1: Initial Access and Configuration

  • Learning Goal: Access FortiGate for the first time and configure the management interface.
  • Tasks:
    1. Learn Basics:
      • Study Fortinet’s documentation on initial setup. Focus on CLI and GUI differences.
      • Understand default IP (192.168.1.99) and credentials (admin with no password).
    2. Simulate Setup:
      • Access FortiGate via GUI, set a new management IP (e.g., 192.168.1.1), and restrict administrative access to a specific trusted range (e.g., 192.168.1.0/24).
      • Practice the same configuration in CLI.
    3. Flashcards:
      • Create cards for:
        • CLI commands for configuring interfaces.
        • Steps to secure access (trusted hosts and port restrictions).
  • Pomodoro Plan:
    • Session 1: Study Fortinet setup guide.
    • Session 2: Configure the management interface in a simulator.
    • Session 3: Create and review flashcards for CLI commands.
  • Review Plan:
    Quick revision on Day 3 and a detailed review on Day 7.

Day 2: Network Interface Configuration

  • Learning Goal: Configure physical interfaces, VLANs, and software switches.
  • Tasks:
    1. Understand Interfaces:
      • Study the roles of physical, VLAN, and software switch interfaces.
    2. Simulate Interface Configuration:
      • Assign port1 to 192.168.10.1/24 for LAN.
      • Set up port2 for WAN with a static IP.
      • Create a VLAN (e.g., VLAN 10) on port2 with IP 192.168.20.1.
      • Bind port3 and port4 into a software switch for redundancy.
    3. Test Connectivity:
      • Ping between VLAN devices and verify configurations.
    4. Flashcards:
      • Document commands for configuring VLANs and software switches.
  • Pomodoro Plan:
    • Session 1: Study the interface types and roles.
    • Session 2: Practice configuring VLANs and software switches.
    • Session 3: Review and test interface configurations in the lab.
  • Review Plan:
    Scheduled reviews on Day 4 and Day 7.

Day 3: DNS and NTP Configuration

  • Learning Goal: Set up DNS forwarders and NTP synchronization.
  • Tasks:
    1. Learn Concepts:
      • Read about DNS roles (e.g., forwarder vs. resolver) and NTP synchronization.
    2. Practice Configuration:
      • Configure FortiGate as a DNS forwarder pointing to public DNS (e.g., 8.8.8.8).
      • Set up NTP synchronization with pool.ntp.org.
      • Test configurations with execute ping for DNS and get system time for NTP.
    3. Flashcards:
      • Document key CLI commands for DNS and NTP.
  • Pomodoro Plan:
    • Session 1: Study DNS and NTP concepts.
    • Session 2: Configure DNS forwarders and NTP in the simulator.
    • Session 3: Test and review the configurations.
  • Review Plan:
    Scheduled quick revision on Day 5 and a detailed review on Day 7.

Day 4–5: High Availability (HA)

  • Learning Goal: Configure and test Active-Passive and Active-Active HA setups.
  • Tasks:
    1. Understand HA Modes:
      • Study differences between Active-Passive and Active-Active modes.
    2. Simulate HA Setup:
      • Configure Active-Passive mode:
        • Define port3 as the HA heartbeat interface.
        • Set priorities (e.g., Primary: 200, Secondary: 100).
      • Configure Active-Active mode:
        • Enable traffic distribution across both devices.
    3. Failover Testing:
      • Simulate failover by disconnecting the primary device.
      • Monitor logs for failover events.
    4. Flashcards:
      • Write CLI commands for HA setup and diagnostics (diag sys ha).
  • Pomodoro Plan:
    • Day 4, Session 1: Study HA concepts.
    • Day 4, Session 2: Configure Active-Passive HA.
    • Day 4, Session 3: Create flashcards for CLI commands.
    • Day 5, Session 1: Configure Active-Active HA.
    • Day 5, Session 2: Simulate failover testing.
    • Day 5, Session 3: Review and revise HA configurations.
  • Review Plan:
    Scheduled detailed review on Day 7.

Day 6: System Upgrades and Backups

  • Learning Goal: Perform firmware upgrades and create/restore backups.
  • Tasks:
    1. Learn Concepts:
      • Understand the importance of firmware consistency for HA.
      • Study backup and restore procedures.
    2. Simulate Upgrade:
      • Upgrade the FortiGate firmware via GUI.
      • Verify the version with get system status.
    3. Simulate Backups:
      • Backup configuration files to local storage.
      • Simulate restoring a backup to reset FortiGate settings.
    4. Flashcards:
      • Key commands for upgrade, backup, and restore.
  • Pomodoro Plan:
    • Session 1: Study upgrade steps and best practices.
    • Session 2: Perform backups and restore in a lab.
    • Session 3: Create and review flashcards.
  • Review Plan:
    Detailed review during Day 7.

Day 7: Weekly Review

  • Goal: Consolidate Week 1 knowledge and test retention.
  • Tasks:
    1. Flashcard Review:
      • CLI commands for initial setup, interfaces, HA, and backups.
    2. Lab Simulation:
      • Configure:
        • Management IP.
        • VLAN and software switch.
        • HA and test failover.
      • Perform firmware upgrade and system restore.
    3. Self-Assessment Quiz:
      • Write and answer 10 questions about Week 1 topics.
  • Pomodoro Plan:
    • Session 1: Flashcard review.
    • Session 2: Lab simulation.
    • Session 3: Self-assessment and troubleshooting practice.
Review Plan for Week 1 Topics
  • Day 3, Day 5, Day 7: Quick reviews of earlier concepts.
  • Week 2, Day 1: Detailed review before moving to Week 2 topics.

Week 2: Firewall Policies and Content Inspection

Primary Goal:
Master firewall policy creation, NAT (Network Address Translation), SSL/TLS inspection, web filtering, and application control. By the end of this week, you will be able to configure secure and efficient network traffic policies.

Day 8–9: Firewall Policy Configuration

  • Learning Goal:
    Understand the basics of firewall policy creation and advanced options.

  • Day 8 Tasks:

    1. Study Firewall Policy Workflow:
      • Learn how policies match traffic using source/destination, services, and schedules.
      • Understand the difference between Accept, Deny, and Reject actions.
    2. Configure Basic Policy:
      • Allow traffic from port1 (LAN) to port2 (WAN) for all services.
      • Enable logging to monitor policy hits and traffic.
    3. Test Policy Matching:
      • Generate test traffic and verify logs in the GUI and CLI.
    4. Flashcards:
      • Document the sequence of policy processing (matching conditions).
      • Add CLI commands for policy creation and logging.

  • Day 9 Tasks:

    1. Study Advanced Options:
      • Create time-based schedules (e.g., business hours).
      • Add service restrictions (e.g., HTTP/HTTPS only).
    2. Configure Advanced Policy:
      • Create a policy that allows traffic during business hours only.
      • Test restrictions by simulating out-of-schedule traffic.
    3. Flashcards:
      • Advanced policy options: schedules, service configurations, and logging.

  • Pomodoro Plan:

    • Day 8, Session 1: Study firewall policy workflow.
    • Day 8, Session 2: Practice creating a basic policy in the simulator.
    • Day 8, Session 3: Test and log policy hits.
    • Day 9, Session 1: Study advanced policy options.
    • Day 9, Session 2: Configure time-based and service-restricted policies.
    • Day 9, Session 3: Flashcard creation and review.

Day 10–11: NAT Configuration

  • Learning Goal:
    Configure Source NAT (SNAT) for outgoing traffic and Destination NAT (DNAT) for incoming traffic.

  • Day 10 Tasks:

    1. Study SNAT Concepts:
      • Learn how SNAT works using interface IPs and dynamic address pools.
    2. Configure SNAT:
      • Create a policy to translate internal IPs (192.168.1.x) to the external WAN IP.
      • Test using simulated outbound traffic.
    3. Flashcards:
      • Key commands for enabling SNAT (set nat enable).

  • Day 11 Tasks:

    1. Study DNAT Concepts:
      • Understand how DNAT maps external requests to internal servers using VIPs (Virtual IPs).
    2. Configure DNAT:
      • Set up a VIP to map an external IP (203.0.113.1) to an internal web server (192.168.1.10).
      • Test DNAT by simulating an external HTTP request.
    3. Flashcards:
      • Write DNAT configuration steps and CLI commands.

  • Pomodoro Plan:

    • Day 10, Session 1: Study SNAT concepts and use cases.
    • Day 10, Session 2: Configure SNAT with address pools.
    • Day 10, Session 3: Test SNAT in the lab.
    • Day 11, Session 1: Study DNAT concepts.
    • Day 11, Session 2: Configure and test DNAT using VIPs.
    • Day 11, Session 3: Flashcard review for NAT commands.

Day 12–13: Content Inspection

  • Learning Goal:
    Enable SSL/TLS inspection, configure web filtering rules, and apply application control.

  • Day 12 Tasks:

    1. SSL Inspection:
      • Study Certificate Inspection vs. Deep Inspection modes.
      • Generate a CA certificate in FortiGate for SSL deep inspection.
      • Install the CA certificate on a client device.
    2. Configure SSL Inspection:
      • Enable deep inspection in firewall policies.
      • Test by inspecting HTTPS traffic logs.
    3. Flashcards:
      • Write key differences between Certificate and Deep Inspection modes.
      • Document CLI commands for SSL inspection.

  • Day 13 Tasks:

    1. Web Filtering:
      • Configure category-based filtering using FortiGuard (e.g., block gambling sites).
      • Set up URL filtering to allow only specific domains (e.g., example.com).
    2. Application Control:
      • Block specific applications (e.g., P2P file sharing tools).
      • Test by attempting to use blocked applications.
    3. Flashcards:
      • Document steps for creating web filters and application control profiles.

  • Pomodoro Plan:

    • Day 12, Session 1: Study SSL inspection modes and concepts.
    • Day 12, Session 2: Configure SSL inspection in the lab.
    • Day 12, Session 3: Create and review flashcards.
    • Day 13, Session 1: Study web filtering concepts.
    • Day 13, Session 2: Configure and test web filtering and application control.
    • Day 13, Session 3: Quiz yourself on inspection scenarios.

Day 14: Weekly Review

  • Goal:
    Consolidate Week 2 knowledge and test practical application.
  • Tasks:
    1. Flashcard Review:
      • Review all flashcards created in Week 2.
      • Focus on firewall policy workflows, NAT types, and SSL inspection modes.
    2. Lab Simulation:
      • Simulate configuring:
        • A firewall policy with advanced options (e.g., schedules, service restrictions).
        • SNAT and DNAT rules.
        • SSL/TLS inspection with web filtering.
    3. Quiz Yourself:
      • Write and answer 10 questions about firewall policies, NAT, and content inspection.
    4. Mock Test:
      • Attempt a short practice exam covering Week 2 topics.
  • Pomodoro Plan:
    • Session 1: Flashcard review.
    • Session 2: Lab simulation.
    • Session 3: Mock test and troubleshooting scenarios.
Review Plan for Week 2 Topics
  • Day 3 of Week 3: Quick review of Week 2 topics before diving into routing and VPNs.
  • Day 7 of Week 3: Detailed review of all Week 2 configurations and troubleshooting scenarios.

Week 3: Routing and VPN

Primary Goal:
Master routing concepts, including static and dynamic routing protocols (OSPF, BGP), SD-WAN setup, and VPN configurations (SSL and IPsec). By the end of the week, you’ll understand how to optimize traffic flows and securely connect networks.

Day 15–16: Static Routing and SD-WAN

  • Learning Goal:
    Understand static routing basics, configure SD-WAN, and apply performance-based routing.

Day 15: Static Routing

  • Tasks:
    1. Understand Static Routing Concepts:
      • Learn how static routes define destination subnets and next-hop gateways.
      • Study administrative distance (AD) and priority for route selection.
    2. Configure Static Routes:
      • Add a static route for a subnet 192.168.2.0/24 via the next-hop IP 192.168.1.1.
      • Configure route priority to prefer one WAN link over another.
    3. Test Static Routes:
      • Verify connectivity using execute ping and traceroute.
    4. Flashcards:
      • Document CLI commands for static routing (config router static, set gateway).

Day 16: SD-WAN

  • Tasks:
    1. Understand SD-WAN Basics:
      • Learn how SD-WAN improves WAN utilization through load balancing.
      • Study SLA-based rules (e.g., latency, jitter thresholds).
    2. Configure SD-WAN Members:
      • Add WAN1 and WAN2 to the SD-WAN group.
      • Define health checks (e.g., ping to 8.8.8.8).
    3. Create SD-WAN Policies:
      • Route VoIP traffic through the link with the lowest latency.
      • Route non-critical traffic through the backup WAN link.
    4. Test SD-WAN Configuration:
      • Simulate a WAN failure and verify failover.
    5. Flashcards:
      • Write steps for creating SD-WAN members and SLA rules.
  • Pomodoro Plan:
    • Day 15, Session 1: Study static routing basics.
    • Day 15, Session 2: Configure static routes in the lab.
    • Day 15, Session 3: Test and verify routing.
    • Day 16, Session 1: Study SD-WAN concepts.
    • Day 16, Session 2: Configure SD-WAN members and policies.
    • Day 16, Session 3: Test SD-WAN failover scenarios.

Day 17–18: SSL VPN

  • Learning Goal:
    Configure SSL VPN for both web and tunnel modes.

Day 17: Web Mode SSL VPN

  • Tasks:
    1. Learn Web Mode Basics:
      • Study how web mode allows users to access internal resources via a browser.
      • Understand supported protocols (e.g., HTTP, HTTPS, FTP).
    2. Configure SSL VPN Portal:
      • Set up an SSL VPN portal for web mode with basic access controls.
      • Assign IP pools (e.g., 10.10.10.0/24) for VPN users.
    3. Test Web Mode VPN:
      • Simulate user access to an internal web server.
    4. Flashcards:
      • Document the steps for configuring SSL VPN portals in web mode.

Day 18: Tunnel Mode SSL VPN

  • Tasks:
    1. Understand Tunnel Mode Basics:
      • Study how tunnel mode provides full network access using FortiClient.
    2. Configure Tunnel Mode:
      • Create an SSL VPN portal for tunnel mode.
      • Test with a FortiClient VPN connection.
    3. Configure Access Policies:
      • Allow SSL VPN users to access specific subnets (e.g., 192.168.1.0/24).
      • Block access to other networks for security.
    4. Test Tunnel Mode VPN:
      • Simulate user connectivity and resource access.
    5. Flashcards:
      • Write steps for configuring tunnel mode SSL VPN and access policies.
  • Pomodoro Plan:
    • Day 17, Session 1: Study web mode SSL VPN concepts.
    • Day 17, Session 2: Configure and test web mode SSL VPN.
    • Day 17, Session 3: Create flashcards for web mode configuration.
    • Day 18, Session 1: Study tunnel mode SSL VPN concepts.
    • Day 18, Session 2: Configure and test tunnel mode VPN with FortiClient.
    • Day 18, Session 3: Review and create flashcards for tunnel mode settings.

Day 19–20: IPsec VPN

  • Learning Goal:
    Configure site-to-site and remote access IPsec VPNs.

Day 19: Site-to-Site IPsec VPN

  • Tasks:
    1. Learn Site-to-Site VPN Basics:
      • Understand the purpose of site-to-site VPN for inter-branch communication.
    2. Configure IKE Phase 1:
      • Set up a secure tunnel between two FortiGate devices using pre-shared keys.
      • Use encryption algorithms (e.g., AES256) and authentication methods (e.g., SHA256).
    3. Configure IKE Phase 2:
      • Define subnets for VPN traffic (e.g., 192.168.1.0/24 to 192.168.2.0/24).
    4. Test Site-to-Site VPN:
      • Verify the tunnel status with diag vpn tunnel list.
      • Simulate traffic between the two networks.
    5. Flashcards:
      • Document IKE Phase 1 and 2 CLI commands and configurations.

Day 20: Remote Access IPsec VPN

  • Tasks:
    1. Learn Remote Access VPN Basics:
      • Study how remote users can securely access internal resources using IPsec.
    2. Configure IPsec VPN for Remote Users:
      • Set up a dynamic peer for roaming users.
      • Define IP pools for remote clients (e.g., 10.10.20.0/24).
    3. Configure Access Policies:
      • Allow remote users to access specific internal resources only.
    4. Test Remote Access VPN:
      • Connect using a FortiClient and verify access policies.
    5. Flashcards:
      • Document steps for remote access VPN setup.
  • Pomodoro Plan:
    • Day 19, Session 1: Study site-to-site VPN concepts.
    • Day 19, Session 2: Configure IKE Phase 1 and Phase 2 in the simulator.
    • Day 19, Session 3: Test the site-to-site VPN configuration.
    • Day 20, Session 1: Study remote access VPN concepts.
    • Day 20, Session 2: Configure and test remote access VPN with FortiClient.
    • Day 20, Session 3: Flashcard creation and review.

Day 21: Weekly Review

  • Goal:
    Consolidate Week 3 knowledge and test practical application.
  • Tasks:
    1. Flashcard Review:
      • Review all flashcards for routing, SD-WAN, and VPN topics.
    2. Lab Simulation:
      • Simulate configuring:
        • Static routes with priorities.
        • SD-WAN with SLA rules.
        • SSL and IPsec VPNs (site-to-site and remote access).
    3. Mock Test:
      • Attempt a short practice exam covering Week 3 topics.
    4. Troubleshooting Tasks:
      • Debug an SD-WAN failure scenario.
      • Analyze VPN connection logs for potential issues.
  • Pomodoro Plan:
    • Session 1: Flashcard review.
    • Session 2: Lab simulation for routing and VPN.
    • Session 3: Mock test and troubleshooting.
Review Plan for Week 3 Topics
  • Day 2 of Week 4: Quick review of Week 3 topics before full practice labs.
  • Day 6 of Week 4: Detailed review during comprehensive mock exams.

Week 4: Consolidation, Practice Labs, and Mock Exams

Primary Goal:
Consolidate all knowledge through comprehensive practice labs, troubleshooting, and mock exams. By the end of the week, you will have reviewed all key topics, resolved common configuration issues, and gained confidence to excel in the certification exam.

Day 22–23: Comprehensive Practice Labs

Goal:
Simulate real-world scenarios to apply knowledge gained in Weeks 1–3.

Day 22 Tasks: Deployment and Configuration Lab

  1. Simulate Initial Deployment:
    • Configure a new FortiGate device with:
      • A management IP (192.168.1.1).
      • Interface configurations for LAN (192.168.10.1/24) and WAN (192.168.20.1/24).
    • Restrict access to trusted IPs (192.168.10.0/24).
  2. Configure HA Cluster:
    • Set up two FortiGate devices in Active-Passive HA mode.
    • Simulate a failover scenario by disabling the primary device.
  3. Backups and Upgrades:
    • Create a configuration backup.
    • Perform a firmware upgrade and restore the backup.
  4. Troubleshoot:
    • Identify and resolve connectivity issues during HA synchronization.
  5. Review Checklist:
    • Verify that all devices are accessible and failover works as expected.

Day 23 Tasks: Firewall Policy and Content Inspection Lab

  1. Configure Firewall Policies:
    • Set up policies to allow:
      • HTTP/HTTPS traffic from LAN to WAN during business hours.
      • Block FTP traffic at all times.
    • Enable logging for all policies and verify logs for policy hits.
  2. Set Up NAT Rules:
    • Configure SNAT for outbound traffic using the WAN interface IP.
    • Set up a DNAT rule with a VIP to map an external IP to an internal web server.
  3. Enable SSL Inspection:
    • Use deep inspection for HTTPS traffic.
    • Install a FortiGate CA certificate on a test client.
  4. Web Filtering and Application Control:
    • Block gambling and social media sites using web filtering.
    • Restrict P2P file-sharing apps using application control.
  5. Troubleshoot:
    • Simulate and resolve issues with NAT rules and policy misconfigurations.

Day 24: Routing and VPN Lab

Goal:
Set up and test routing protocols, SD-WAN, and VPNs.

Tasks:

  1. Static Routing:
    • Add a static route to a subnet 192.168.30.0/24 with next-hop IP 192.168.10.1.
    • Set route priorities and test failover using traceroute.
  2. SD-WAN:
    • Configure SD-WAN with WAN1 and WAN2.
    • Define SLA rules to route VoIP traffic over the link with the lowest latency.
    • Simulate WAN1 failure and verify failover to WAN2.
  3. VPNs:
    • Configure a site-to-site IPsec VPN between two FortiGate devices.
    • Set up an SSL VPN in tunnel mode for remote users with FortiClient.
    • Test access to internal resources through both VPN types.
  4. Troubleshoot:
    • Resolve common routing issues:
      • Misconfigured static routes.
      • Incorrect IPsec tunnel settings (e.g., IKE Phase 1 mismatch).

Day 25–26: Mock Exams

Goal:
Simulate the exam environment to test your knowledge and improve time management.

Day 25 Tasks:

  1. Mock Exam 1:
    • Attempt a full-length practice exam with 50 questions.
    • Focus on core topics:
      • Deployment and configuration.
      • Firewall policies and NAT.
      • SSL inspection and VPNs.
  2. Review Results:
    • Identify weak areas from the exam.
    • Revise missed topics and recreate scenarios in a simulator.
  3. Troubleshooting Practice:
    • Debug an SD-WAN performance issue.
    • Resolve a failed SSL VPN connection (e.g., client certificate mismatch).

Day 26 Tasks:

  1. Mock Exam 2:
    • Attempt another full-length practice exam, focusing on:
      • Routing and SD-WAN.
      • VPN setup and troubleshooting.
      • Content inspection.
  2. Review and Analyze:
    • Focus on improving speed and accuracy for complex scenarios.
    • Retest weak areas in the lab.

Day 27: Comprehensive Review

Goal:
Perform a thorough review of all topics and configurations.

Tasks:

  1. Flashcard Review:
    • Go through all flashcards from Weeks 1–3.
    • Focus on CLI commands and troubleshooting steps.
  2. Lab Simulation:
    • Recreate a multi-site network scenario:
      • Configure HA.
      • Set up SD-WAN and VPNs for inter-site communication.
    • Test failover and traffic flow under different conditions.
  3. Self-Assessment Quiz:
    • Write and answer 20 questions on advanced topics (e.g., HA failover, SSL inspection modes).
  4. Prepare Notes:
    • Summarize key points to review the night before the exam.

Day 28: Final Preparation

Goal:
Light review and mental preparation for the exam.

Tasks:

  1. Flashcards:
    • Review only the most critical CLI commands and configurations.
  2. Quick Lab:
    • Perform a simple configuration task, such as setting up a firewall policy with NAT.
  3. Relax and Rest:
    • Avoid heavy study to stay fresh for the exam.
    • Focus on staying confident and calm.

Key Tips for Success

  1. Use the Simulator:
    • Practical experience is key. Spend as much time as possible in a lab or simulator.
  2. Active Recall:
    • Quiz yourself daily with flashcards and mock scenarios.
  3. Review Weak Areas:
    • Focus more on topics you struggled with during mock exams.
  4. Stay Consistent:
    • Study daily using the Pomodoro Technique to stay focused and avoid burnout.