[email protected]
0
[email protected]

Shopping cart

Subtotal:

$0
View cartCheckout

Back to FCSS_EFW_AD-7.4 Exam

This study plan is tailored for 8 weeks of focused preparation, using learning goals, planned tasks, and effective methods like the Pomodoro Technique for time management and the Ebbinghaus Forgetting Curve for memory retention. The plan is divided into daily and weekly objectives, ensuring a structured and efficient learning journey.

Weekly Structure Overview

Goal:

By the end of this plan, you will:

  1. Understand and apply all FCSS_EFW_AD-7.4 knowledge areas.
  2. Retain concepts using spaced repetition.
  3. Practice exam-like scenarios to boost confidence.

Key Learning Methods:

  1. Pomodoro Technique:
    • 25 minutes of focused study, followed by a 5-minute break.
    • After 4 Pomodoros, take a 20-minute break.
  2. Spaced Repetition (Ebbinghaus Forgetting Curve):
    • Review materials on Day 1, Day 2, Day 7, and Day 14 after learning.
  3. Active Recall:
    • Test yourself on concepts during reviews.
  4. Task-Based Learning:
    • Set specific, actionable tasks for each study session.

Week 1: System Configuration

Goal: Learn the foundational configurations of FortiGate devices, including initialization, interfaces, VLANs, and HA.

Day 1: FortiGate Overview
  • Task 1: Study FortiGate architecture.
    • Learn about hardware and software components.
    • Understand FortiGate's role in network security (e.g., firewall, NAT, VPN).
  • Task 2: Set up your lab environment.
    • Install FortiGate VM or configure a physical FortiGate device.
    • Test CLI and GUI access.
  • Task 3: Practice navigating CLI and GUI.
    • Familiarize yourself with menus, dashboards, and command syntax.
Day 2: Device Initialization
  • Task 1: Configure basic device settings.
    • Assign a management IP to the FortiGate.
    • Configure the default gateway for internet access.
  • Task 2: Set hostname, DNS, and system time.
    • Use GUI or CLI commands like config system global and set hostname.
  • Task 3: Enable HTTPS and SSH.
    • Activate secure access and test login via both protocols.
Day 3: Interfaces and Basic Networking
  • Task 1: Learn about interface roles.
    • Study LAN/WAN roles and their configuration.
  • Task 2: Configure physical interfaces.
    • Assign IP addresses and enable services like ping and HTTPS.
  • Task 3: Test connectivity.
    • Use a client device to verify IP address assignment and management access.
Day 4: VLAN Configuration
  • Task 1: Study VLAN concepts.
    • Understand VLAN tagging, trunking, and segmentation.
  • Task 2: Create VLAN interfaces.
    • Configure VLANs on a physical interface and assign VLAN IDs.
  • Task 3: Test VLAN connectivity.
    • Connect devices to different VLANs and ensure communication.
Day 5: High Availability (HA) Basics
  • Task 1: Study HA modes.
    • Learn about Active-Passive and Active-Active configurations.
  • Task 2: Configure HA on lab devices.
    • Set cluster IDs, heartbeat interfaces, and priorities.
  • Task 3: Test failover functionality.
    • Simulate a failure and observe how the secondary device takes over.
Day 6: Logging and Monitoring
  • Task 1: Enable local and remote logging.
    • Configure logging to FortiAnalyzer or Syslog.
  • Task 2: Study monitoring tools.
    • Explore CLI commands like diag sys and GUI dashboards for device health.
  • Task 3: Analyze logs.
    • Use filters to review event logs and troubleshoot issues.
Day 7: Weekly Review
  • Task 1: Revisit System Configuration concepts.
    • Summarize configurations learned during the week.
  • Task 2: Practice in the lab.
    • Recreate tasks from earlier in the week.
  • Task 3: Test yourself with quiz questions.
    • Use flashcards or online resources to check your understanding.

Week 2: Central Management

Goal: Learn how to manage multiple devices using FortiManager and FortiAnalyzer.

Day 1: FortiManager Basics
  • Task 1: Study centralized management concepts.
    • Learn the purpose of FortiManager in managing multiple FortiGate devices.
  • Task 2: Understand policy packages.
    • Explore how to group and deploy firewall policies.
  • Task 3: Set up a FortiManager lab.
    • Connect FortiManager to your FortiGate devices and verify communication.
Day 2: Administrative Domains (ADOMs)
  • Task 1: Learn ADOM concepts.
    • Study how ADOMs separate device configurations.
  • Task 2: Create an ADOM.
    • Assign FortiGate devices to the ADOM.
  • Task 3: Practice policy creation and deployment.
    • Create a simple policy and deploy it to your lab devices.
Day 3: FortiAnalyzer Basics
  • Task 1: Study log collection.
    • Learn how FortiAnalyzer collects and stores logs from FortiGate devices.
  • Task 2: Configure FortiAnalyzer in your lab.
    • Enable log forwarding from FortiGate to FortiAnalyzer.
  • Task 3: Analyze logs.
    • Use filters to identify security events.
Day 4: Reporting
  • Task 1: Learn about compliance reporting.
    • Study pre-built templates for standards like GDPR and PCI-DSS.
  • Task 2: Generate a report.
    • Create and download a report in your lab environment.
  • Task 3: Customize a report template.
    • Add specific log details to meet organizational needs.
Day 5: Security Fabric Integration
  • Task 1: Study the Security Fabric concept.
    • Understand how Fortinet products integrate into a unified system.
  • Task 2: Enable the Security Fabric.
    • Connect FortiManager, FortiAnalyzer, and FortiGate.
  • Task 3: View the topology.
    • Use the Security Fabric map to visualize device connections.
Day 6: Troubleshooting
  • Task 1: Solve common configuration issues.
    • Practice resolving ADOM or policy synchronization errors.
  • Task 2: Debug log forwarding.
    • Use CLI commands to verify log flow between FortiGate and FortiAnalyzer.
Day 7: Weekly Review
  • Task 1: Revisit FortiManager and FortiAnalyzer concepts.
    • Summarize tasks completed earlier in the week.
  • Task 2: Test yourself with quiz questions.
    • Focus on policy packages, ADOMs, and log analysis.
  • Task 3: Perform an end-to-end lab exercise.
    • Set up a complete FortiManager and FortiAnalyzer integration.

Week 3: Security Profiles (Part 1)

Goal: Understand and configure Web Filtering and Application Control.

Day 1: Web Filtering Basics
  • Task 1: Learn Web Filtering concepts.
    • Study how FortiGuard categorizes websites (e.g., Gambling, Malware).
    • Understand the difference between flow-based and proxy-based inspection modes.
  • Task 2: Configure a basic Web Filtering profile.
    • Create a profile that blocks specific categories (e.g., Social Media, Gambling).
    • Enable the profile on a firewall policy.
  • Task 3: Test the configuration.
    • Access websites in blocked categories and verify the filtering works.
Day 2: Advanced Web Filtering
  • Task 1: Configure URL Filtering.
    • Block or allow specific URLs or patterns using a Web Filtering profile.
    • Test the configuration by accessing the blocked URLs.
  • Task 2: Enable Safe Search and FortiGuard Warnings.
    • Configure Safe Search to restrict inappropriate content in search engines.
    • Enable warnings for users attempting to access blocked websites.
  • Task 3: Test and review.
    • Document the results of your configurations.
Day 3: Application Control Basics
  • Task 1: Study Application Control concepts.
    • Learn how FortiGate identifies and categorizes applications using signatures.
    • Understand application categories (e.g., P2P, Social Media).
  • Task 2: Configure a basic Application Control profile.
    • Create a profile that blocks specific application categories (e.g., P2P).
    • Enable the profile on a firewall policy.
  • Task 3: Test application blocking.
    • Run applications like BitTorrent or Skype and verify they are blocked.
Day 4: Advanced Application Control
  • Task 1: Configure granular policies.
    • Restrict specific features within an application (e.g., file sharing in Skype).
  • Task 2: Enable application logging.
    • Set up logs to record blocked application attempts for analysis.
  • Task 3: Test configurations.
    • Verify logs and document your findings.
Day 5-6: Practical Lab Work
  • Task 1: Combine Web Filtering and Application Control.
    • Create a comprehensive policy using both profiles.
    • Test the combined policy with multiple clients.
  • Task 2: Troubleshoot configurations.
    • Solve issues like false positives or unblocked traffic.
Day 7: Weekly Review
  • Task 1: Revisit Web Filtering and Application Control.
    • Summarize key concepts and tasks.
  • Task 2: Perform a lab exercise.
    • Set up a network with multiple filtering rules and test various scenarios.
  • Task 3: Quiz yourself.
    • Use flashcards or practice questions to reinforce learning.

Week 4: Security Profiles (Part 2)

Goal: Learn and configure IPS, Antivirus, and Data Leak Prevention (DLP).

Day 1: IPS Basics
  • Task 1: Study Intrusion Prevention System (IPS) concepts.
    • Understand predefined IPS signatures and how they protect against threats.
  • Task 2: Configure a basic IPS profile.
    • Apply an IPS profile to a firewall policy.
  • Task 3: Test IPS functionality.
    • Simulate an attack using tools like Metasploit or packet generators.
Day 2: Advanced IPS
  • Task 1: Create a custom IPS signature.
    • Define a signature for a specific threat using the CLI.
  • Task 2: Tune IPS settings.
    • Adjust thresholds to reduce false positives while maintaining protection.
  • Task 3: Test configurations and analyze logs.
    • Verify that the custom IPS signature works as expected.
Day 3: Antivirus Basics
  • Task 1: Study Antivirus scanning modes.
    • Understand the differences between flow-based and proxy-based scanning.
  • Task 2: Configure an Antivirus profile.
    • Enable antivirus scanning on a firewall policy.
  • Task 3: Test antivirus functionality.
    • Download test malware files (e.g., EICAR) and ensure they are detected.
Day 4: Advanced Antivirus
  • Task 1: Integrate FortiSandbox.
    • Configure FortiGate to forward suspicious files to FortiSandbox for deeper inspection.
  • Task 2: Analyze Sandbox results.
    • Review logs and reports from FortiSandbox to understand detected threats.
  • Task 3: Troubleshoot issues.
    • Resolve common problems like file upload failures or missed detections.
Day 5: Data Leak Prevention (DLP) Basics
  • Task 1: Learn DLP concepts.
    • Understand how DLP detects and prevents unauthorized data transmission.
  • Task 2: Configure a DLP sensor.
    • Set up rules to block transmission of sensitive data like credit card numbers.
  • Task 3: Test DLP functionality.
    • Simulate data transmission violations and review alerts.
Day 6: Advanced DLP
  • Task 1: Customize DLP patterns.
    • Add custom regex patterns to match organizational data.
  • Task 2: Configure email alerts.
    • Set up notifications for DLP violations.
  • Task 3: Test and analyze results.
    • Verify alerts are triggered for policy violations.
Day 7: Weekly Review
  • Task 1: Revisit IPS, Antivirus, and DLP concepts.
    • Summarize tasks and document lessons learned.
  • Task 2: Complete a comprehensive lab exercise.
    • Configure and test all Security Profiles together.
  • Task 3: Take a mini-quiz.
    • Focus on understanding configuration details and troubleshooting.

Week 5: Routing

Goal: Understand and configure static, dynamic, and policy-based routing to control traffic flow efficiently.

Day 1: Static Routing Basics

  • Task 1: Learn the fundamentals of static routing.

    • Study the purpose of static routing in FortiGate.
    • Understand key terms: destination network, gateway, and administrative distance.

  • Task 2: Configure a static route.

    • Define a route to a specific network using CLI:

      config router static
    edit 1
    set dst 192.168.2.0/24
    set gateway 192.168.1.1
    set device port1
    end

    • Verify the route using get router info routing-table.

  • Task 3: Test connectivity.

    • Ping a host in the destination network to confirm the route works.
Day 2: Static Routing with Failover

  • Task 1: Study administrative distances.

    • Learn how FortiGate prioritizes routes using distance values.

  • Task 2: Configure a backup static route.

    • Create a secondary route with a higher administrative distance:

      config router static
    edit 2
    set dst 192.168.2.0/24
    set gateway 192.168.1.2
    set distance 20
    end

  • Task 3: Simulate a failover.

    • Disconnect the primary gateway and confirm the backup route activates.
Day 3: Dynamic Routing - OSPF

  • Task 1: Study OSPF concepts.

    • Learn about OSPF areas, neighbors, and the link-state database.

  • Task 2: Configure OSPF on FortiGate.

    • Enable OSPF on an interface and define networks:

      config router ospf
    config area
        edit 0.0.0.0
        end
    config network
        edit 1
        set prefix 192.168.0.0/16
        set area 0.0.0.0
        end
    end

  • Task 3: Verify OSPF neighbors.

    • Use get router info ospf neighbor to check neighbor status.
Day 4: Dynamic Routing - BGP

  • Task 1: Study BGP concepts.

    • Understand Autonomous System (AS) numbers, peers, and route advertisements.

  • Task 2: Configure BGP on FortiGate.

    • Set up BGP neighbors and advertise networks:

      config router bgp
    set as 65000
    config neighbor
        edit 192.168.1.2
        set remote-as 65001
        end
    config network
        edit 1
        set prefix 192.168.0.0/16
        end
    end

  • Task 3: Verify BGP routes.

    • Use get router info bgp neighbors and get router info routing-table bgp.
Day 5: Policy-Based Routing (PBR)

  • Task 1: Study PBR concepts.

    • Learn how PBR directs traffic based on source, destination, or service.

  • Task 2: Configure a policy route.

    • Set up a route to redirect HTTP traffic through a specific gateway:

      config router policy
    edit 1
    set src 192.168.1.0/24
    set dst 0.0.0.0/0
    set service HTTP
    set gateway 192.168.1.1
    set output-device port2
    end

  • Task 3: Test PBR functionality.

    • Confirm that only HTTP traffic uses the specified route.
Day 6: IPv6 and Multicast Routing

  • Task 1: Enable IPv6.

    • Configure IPv6 on FortiGate and assign dual-stack addresses:

      config system interface
    edit port1
    set ip6 2001:db8::1/64
    end

  • Task 2: Configure multicast routing.

    • Enable PIM-SM on interfaces and set up IGMP:

      config router pim
    config interface
        edit port1
        set mode sparse-mode
        end
    end

  • Task 3: Test IPv6 and multicast configurations.

    • Use ping6 and multicast group tests.
Day 7: Weekly Review

  • Task 1: Revisit all routing concepts.

    • Summarize key static, dynamic, and policy-based routing configurations.

  • Task 2: Complete a routing lab.

    • Set up a network with OSPF, BGP, and PBR in your lab environment.

  • Task 3: Test yourself with quiz questions.

    • Focus on troubleshooting routing scenarios.

Week 6: VPN

Goal: Configure and manage secure VPN connections, including IPsec and SSL VPNs.

Day 1: IPsec VPN Basics

  • Task 1: Study IPsec VPN concepts.

    • Learn about IKEv1/IKEv2, Phase 1, and Phase 2 negotiations.

  • Task 2: Configure Phase 1.

    • Set up an IPsec Phase 1 interface:

      config vpn ipsec phase1-interface
    edit Site1
    set interface port1
    set proposal aes256-sha256
    set remote-gw 192.168.2.1
    set psksecret MySecretKey
    end

  • Task 3: Verify Phase 1.

    • Use diagnose vpn ike status to check tunnel status.
Day 2: IPsec VPN Phase 2

  • Task 1: Configure Phase 2.

    • Set up encryption settings for data traffic:

      config vpn ipsec phase2-interface
    edit Site1
    set phase1name Site1
    set proposal aes256-sha256
    set src-subnet 192.168.1.0/24
    set dst-subnet 192.168.2.0/24
    end

  • Task 2: Test the IPsec VPN.

    • Ping a host in the remote network and verify connectivity.
Day 3: SSL VPN Basics

  • Task 1: Study SSL VPN modes.

    • Learn the differences between Web Mode and Tunnel Mode.

  • Task 2: Configure Web Mode.

    • Set up SSL VPN access for browser-based users:

      config vpn ssl settings
    set servercert FortiGate_SSL
    set tunnel-ip-pools SSL_VPN_Pool
    set source-interface port1
    end

  • Task 3: Test SSL Web Mode.

    • Log in to the SSL portal and access allowed resources.
Day 4: SSL VPN Tunnel Mode

  • Task 1: Configure Tunnel Mode.

    • Set up full network access for remote users:

      config vpn ssl settings
    set tunnel-ip-pools SSL_Tunnel_Pool
    end

  • Task 2: Implement MFA.

    • Add FortiToken for multi-factor authentication.
Day 5-6: Advanced VPN Features

  • Task 1: Study Hub-and-Spoke VPN.

    • Configure a central hub for branch connections.

  • Task 2: Enable ADVPN.

    • Allow dynamic tunnel creation between branch offices.

  • Task 3: Configure Split Tunneling.

    • Optimize bandwidth by routing non-critical traffic locally.
Day 7: Weekly Review
  • Task 1: Revisit IPsec and SSL VPN concepts.
  • Task 2: Perform a full VPN lab.
    • Configure site-to-site and remote access VPNs in your lab.
  • Task 3: Quiz yourself with practice scenarios.

Week 7: Consolidation of All Topics

Goal: Revisit key concepts from System Configuration, Central Management, Security Profiles, Routing, and VPN. Use hands-on labs and quizzes for active recall and practical application.

Day 1: System Configuration Review
  • Task 1: Revisit basic configurations.
    • Review management IP, interface setup, VLANs, and DHCP.
    • Practice HA setup and failover testing.
  • Task 2: Troubleshoot a system configuration.
    • Simulate common issues like incorrect IP settings or heartbeat interface failures.
  • Task 3: Take a mini-quiz.
    • Focus on System Configuration concepts and commands.
Day 2: Central Management Review
  • Task 1: Summarize FortiManager concepts.
    • Review policy package creation and deployment.
    • Practice ADOM-based management.
  • Task 2: Practice log analysis in FortiAnalyzer.
    • Use filters to identify security events and generate reports.
  • Task 3: Troubleshoot Central Management.
    • Solve issues like policy deployment errors or log forwarding failures.
Day 3: Security Profiles Review
  • Task 1: Revisit Web Filtering and Application Control.
    • Test URL filtering and application blocking in a lab setup.
  • Task 2: Practice IPS and Antivirus configurations.
    • Test predefined IPS signatures and configure custom patterns.
    • Verify antivirus protection using test files (e.g., EICAR).
  • Task 3: Test DLP policies.
    • Simulate data transmission violations and verify alerts.
Day 4: Routing Review
  • Task 1: Summarize static and dynamic routing concepts.
    • Configure static routes and prioritize them using administrative distance.
    • Practice OSPF and BGP setups.
  • Task 2: Test policy-based routing.
    • Create PBR rules to direct specific traffic through designated gateways.
  • Task 3: Troubleshoot routing issues.
    • Solve problems like unreachable destinations or incorrect route prioritization.
Day 5: VPN Review
  • Task 1: Revisit IPsec VPN configurations.
    • Configure a site-to-site VPN and test Phase 1 and Phase 2 negotiations.
  • Task 2: Practice SSL VPN setups.
    • Configure Web Mode and Tunnel Mode and implement MFA.
  • Task 3: Test advanced VPN features.
    • Enable split tunneling and configure ADVPN in the lab.
Day 6: Lab Day
  • Task 1: Perform an end-to-end lab setup.
    • Configure a network that includes System Configuration, Central Management, Security Profiles, Routing, and VPN.
  • Task 2: Troubleshoot combined configurations.
    • Identify and resolve conflicts or misconfigurations across different features.
  • Task 3: Document the lab exercise.
    • Write step-by-step notes on how you configured and tested the network.
Day 7: Weekly Review
  • Task 1: Take a mock test covering all topics.
    • Time yourself and simulate exam conditions.
  • Task 2: Review mistakes and revise weak areas.
    • Focus on topics where you scored poorly.
  • Task 3: Update your notes.
    • Add new insights or solutions from your mock test review.

Week 8: Final Review and Exam Preparation

Goal: Refine understanding, boost confidence, and simulate the exam environment.

Day 1: Key Concept Summaries
  • Task 1: Summarize key topics.
    • Create one-page summaries for each major section (e.g., System Configuration, VPN).
  • Task 2: Review commands.
    • Memorize key CLI commands and their usage.
Day 2-3: Full Mock Exams
  • Task 1: Take a full-length mock exam each day.
    • Simulate exam conditions (timed, no interruptions).
  • Task 2: Analyze results.
    • Identify recurring mistakes and focus on those areas during revision.
  • Task 3: Revise based on errors.
    • Use your notes and lab setup to strengthen weak areas.
Day 4: Practical Lab Review
  • Task 1: Recreate a comprehensive lab scenario.
    • Include configurations for System Configuration, Central Management, Security Profiles, Routing, and VPN.
  • Task 2: Troubleshoot intentionally created issues.
    • Test your ability to diagnose and resolve misconfigurations.
  • Task 3: Document the lab exercise.
    • Ensure you can write clear, detailed documentation.
Day 5: Flashcards and Quizzes
  • Task 1: Use flashcards to test key concepts.
    • Focus on commands, configuration steps, and troubleshooting techniques.
  • Task 2: Take topic-specific quizzes.
    • Use online resources or create your own practice questions.
Day 6: Rest and Light Review
  • Task 1: Relax and avoid overloading yourself.
    • Focus on light review activities like reading summaries or watching instructional videos.
  • Task 2: Review key configurations.
    • Skim through your notes and recall the most important setups.
Day 7: Exam Day Preparation
  • Task 1: Organize your materials.
    • Ensure you have all necessary resources (e.g., login details, notes).
  • Task 2: Mentally prepare.
    • Relax, sleep well, and avoid studying heavily.

Final Tips for Success

  1. Stay Consistent:
    • Stick to the plan and allocate daily time for study.
  2. Prioritize Hands-On Practice:
    • Reinforce concepts by replicating them in a lab environment.
  3. Stay Calm and Confident:
    • Trust your preparation and approach the exam with a clear mind.

Good luck!