NSE4 Exam Syllabus: Study Roadmap (Part 1 of 10)

NSE4 Exam Syllabus: Study Roadmap (Part 1 of 10)

This is the first post in a study series I’m writing as I work through the Fortinet NSE 4 certification (now branded FCP — FortiGate Administrator under the Fortinet Certified Professional track). Each follow-up post takes one or two of the official lessons and turns them into a concise, command-level study reference. This first post sets the scope: what’s on the exam, how the official curriculum is structured, and where every topic lands in the series.

Who the exam is for

NSE 4 is the certification Fortinet expects of a network security administrator who runs a FortiGate day-to-day — not someone who designs networks (NSE 5+) or breaks them (NSE 8). If you can land on a FortiGate, build a policy, troubleshoot a session, and bring up a VPN under pressure, NSE 4 is the badge that says so on paper.

Recommended prerequisite is roughly six months of hands-on time with FortiOS. There are no formal blockers, but the questions assume you have driven the GUI and the CLI in anger.

Exam logistics

Item	Detail
Current exam code	FCP_FGT_AD-7.4 (FortiOS 7.4)
Format	Multiple choice, single and multiple answer
Questions	60
Duration	105 minutes
Delivery	Pearson VUE — test centre or online proctored
Passing score	Not published (scaled scoring)
Validity	2 years
Recommended prep	FortiGate Administrator self-paced course on the Fortinet Training Institute

The free self-paced course on training.fortinet.com is the canonical curriculum — every exam question maps back to a lesson there. The labs are gated behind a paid voucher, but the lecture content and the official study guide PDF are free.

The 16 lessons, grouped

The official curriculum splits into 16 lessons. Treated individually they’re uneven — some are 20 minutes of slides, others are full afternoons. Grouping them by what you actually do at the CLI gives a cleaner study order:

Foundations

1. Introduction & Initial Configuration — interfaces, admin access, system settings, DHCP, FortiGuard.
2. The Security Fabric — root/downstream FortiGates, automation stitches, fabric connectors.

Traffic handling

3. Firewall Policies — policy lookup, ordering, NGFW modes, policy IDs vs sequence.
4. Network Address Translation — central vs policy NAT, SNAT, DNAT/VIPs, session helpers.

Identity & trust

5. Firewall Authentication — local, LDAP, RADIUS, captive portal.
6. Certificate Operations — CA chains, deep inspection, SSL/SSH inspection profiles.
7. (Bundled with 5) Fortinet Single Sign-On — collector agent, polling vs event log, DC agent.

Visibility

8. Logging & Monitoring — log slots, FortiAnalyzer, syslog, threat weight.

Security profiles

9. Web Filtering — FortiGuard categories, static URL filter, DNS filter.
10. Application Control — signatures, cloud apps, QUIC.
11. Antivirus — flow vs proxy, content disarm, EMS integration.
12. Intrusion Prevention & Denial of Service — IPS profiles, rate-based signatures, DoS policies.

Remote access

13. SSL VPN — web vs tunnel mode, portals, realms, MFA.
14. IPsec VPN — IKEv1 vs IKEv2, route-based vs policy-based, dial-up.

Network services

15. Routing — static, policy routes, OSPF/BGP basics, RPF.
16. SD-WAN — performance SLAs, rules, zones.

Resilience

17. High Availability — A-P vs A-A, FGCP, session sync, HA monitoring.

How I’d suggest using this series

If you’re sitting the exam, work through Parts 2–10 in order — they build on each other (e.g., authentication assumes you already understand policy lookup). If you’re using this as a reference at work, jump to whichever bucket bites you that day; each post is self-contained.

A few habits that paid off when I prepared:

• Build a lab. A single FortiGate VM (the eval license gives you 15 days at a time, and you can rebuild it forever) plus two Linux VMs as “inside” and “outside” is enough to reproduce every topic in the syllabus.
• Drive the CLI for every GUI click. The exam will give you a CLI snippet and ask what it does; if you only ever clicked through the GUI, you’ll guess.
• Read diag debug flow output until it stops looking scary. It’s the single best troubleshooting tool on the box and it shows up across multiple lessons.