Tagged: NSE6
14 posts · browse all tags
-
NSE6 Part 1: Stream Overview, Exam Structure, and the Secure Networking Stack
What the NSE6 Secure Networking specialist stream covers, how the four product exam tracks fit together, and how FortiAuthenticator, FortiSwitch, FortiAP, and FortiNAC form a joined-up access-layer security story.
-
NSE6 Part 10: FortiAP Rogue Detection, Wireless IDS, Mesh, and Troubleshooting
WIDS rogue AP classification and containment, wireless IDS signature types, FortiAP mesh topology with root and leaf APs, OfficeExtender remote AP split-tunnel deployment, and the diagnostic commands and common failure patterns for the FCA-FAP exam troubleshooting section.
-
NSE6 Part 11: FortiNAC Architecture, Network Discovery, and Device Profiling
NAC concepts and where FortiNAC sits in the Security Fabric, Control and Application server roles, HA architecture, how FortiNAC discovers network devices via SNMP and SSH, passive and active endpoint discovery, and the fingerprinting methods that determine what type of device is on each port.
-
NSE6 Part 12: FortiNAC Access Policies, CoA, and VLAN Enforcement
The FortiNAC policy model — groups, access values, and network access policies — how RADIUS and CoA enforce VLAN assignment on FortiSwitch and third-party switches, logical networks for VLAN abstraction, and the end-to-end 802.1X enforcement flow from endpoint connect to VLAN assignment.
-
NSE6 Part 13: FortiNAC Endpoint Compliance, Agents, and Host Isolation
Persistent, dissolvable, and agentless posture assessment methods, compliance rules and remediation actions, quarantine VLAN and isolation workflow, guest self-registration and sponsor approval, BYOD certificate onboarding, and MDM integration with Intune, Jamf, and FortiClient EMS.
-
NSE6 Part 14: FortiNAC HA, Reporting, and End-to-End Troubleshooting
FortiNAC HA failover mechanics, MySQL replication, syslog/FAZ integration, alarm framework, built-in and custom reports, and a systematic troubleshooting guide for discovery failures, enforcement problems, and 802.1X issues — with a complete end-to-end trace of a new endpoint joining.
-
NSE6 Part 2: FortiAuthenticator Architecture and Local Authentication
FortiAuthenticator deployment modes, hardware vs VM sizing, initial setup, local user and group management, password policies, account lockout, and the admin interfaces you use to build out a working identity store before you plug in LDAP or RADIUS.
-
NSE6 Part 3: FortiAuthenticator RADIUS Service, LDAP Integration, and Remote Auth
How FortiAuthenticator acts as a RADIUS server for FortiGate, FortiSwitch, and other NAS devices; configuring realms and routing; integrating with Active Directory via LDAP; and the diagnostic commands that expose exactly where an authentication flow breaks.
-
NSE6 Part 4: FortiToken 2FA, Certificate Management, and the Self-Service Portal
Adding a second factor with FortiToken hardware and mobile tokens, certificate authority configuration and SCEP enrollment, and setting up the self-service portal for password reset, token activation, and guest account management with sponsor approval.
-
NSE6 Part 5: FortiSwitch Hardware, FortiLink Managed Mode, and Initial Provisioning
FortiSwitch hardware families and PoE considerations, how FortiLink turns a FortiGate into a wired switching controller, the discovery and authorisation process for bringing a switch under management, and firmware management from the FortiGate GUI.
-
NSE6 Part 6: FortiSwitch VLANs, RSTP, Link Aggregation, and Stacking Design
VLAN trunking and access port configuration under FortiLink, RSTP bridge priority and port roles, static and LACP link aggregation, MCLAG dual-homing for access-layer resilience, and QoS trust modes for DSCP/CoS remarking at the network edge.
-
NSE6 Part 7: FortiSwitch 802.1X, MAC Authentication Bypass, and Port Security
Port-level 802.1X authentication with FortiAuthenticator as the RADIUS backend, EAP method selection, dynamic VLAN assignment from RADIUS attributes, MAC Authentication Bypass for non-supplicant devices, sticky MAC port security, and CoA-triggered VLAN changes mid-session.
-
NSE6 Part 8: FortiAP Hardware, CAPWAP Discovery, and AP Provisioning
Wi-Fi 6 fundamentals and the key 802.11 standards, FortiAP hardware families and PoE requirements, how CAPWAP connects APs to the FortiGate wireless controller, the four AP discovery methods, WTP profile configuration, and the authorisation and firmware management workflow.
-
NSE6 Part 9: FortiAP SSIDs, Wireless Security Modes, and RF Management
SSID and VAP configuration options, every wireless security mode from Open to WPA3-Enterprise, dynamic VLAN assignment via RADIUS for wireless, captive portal integration with FortiAuthenticator, band steering, and the RF management tools that keep channels clean in dense deployments.