Fortinet · 2026 Edition
A complete preparation guide written by Fortinet-certified engineers. Covers the exam format,all 5 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
2–3 months
Prep time
Intermediate
Difficulty
60
Exam questions
650/1000
Pass mark
Exam code
NSE4
Full name
Fortinet NSE 4 / FCP Network Security
Vendor
Fortinet
Duration
105 minutes
Questions
60 items
Passing score
650/1000 (scaled)
Domains covered
5 blueprint domains
Recommended experience
Basic networking knowledge; familiarity with firewall concepts; NSE1–3 training recommended
Typical prep time
2–3 months
NSE 4 (FortiGate Administrator) is the primary Fortinet administration credential and one of the most in-demand firewall certifications globally. FortiGate is one of the most widely deployed NGFW platforms — NSE 4 is the credential employers look for when hiring FortiGate administrators.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Weeks 1–3
FortiGate Security: interfaces, policies, NAT, security profiles, logging
Tip: NSE 4 consists of two exams: FortiGate Security (FGT-SEC-7.4) and FortiGate Infrastructure (FGT-INF-7.4). Verify the current exam version before studying — Fortinet updates exams with each major FortiOS release. Both exams must be passed within the same NSE 4 certification period.
Weeks 4–5
FortiGate Security Deep Dive: SSL inspection, application control, web filtering, IPS
Tip: SSL inspection on FortiGate: Full SSL Inspection (decrypt, inspect, re-encrypt using CA certificate deployed to clients) vs Certificate Inspection (inspect certificate without decryption — detects certificate anomalies but cannot inspect payload). Know when to use each and what the trade-offs are for privacy and performance.
Weeks 6–8
FortiGate Infrastructure: routing, VPN (IPsec, SSL VPN), HA, SD-WAN
Tip: FortiGate IPsec VPN configuration is tested in detail. Know the two main configuration modes: Route-Based VPN (create virtual IPsec interface, route traffic via static or dynamic routing — preferred, more flexible) and Policy-Based VPN (traffic matched by security policy — legacy, less flexible). Know why Route-Based is recommended for new deployments.
Weeks 9–12
FortiGate Infrastructure Deep Dive: SD-WAN rules, BGP, OSPF, high availability
Tip: FortiGate SD-WAN is increasingly tested in recent NSE 4 versions. Know SD-WAN concepts: members (WAN interfaces included in SD-WAN), zones (logical grouping of members), rules (how to steer traffic — performance SLA, load balancing, manual priority), and Health Checks (active probes to determine member health and latency).
NSE 4 requires passing both FGT-SEC and FGT-INF exams. Each is 60 questions in 90 minutes with a 72% passing score. Both exams are valid for 2 years from when the first exam is passed — plan to complete both exams within a reasonable timeframe.
FortiOS firewall policies are evaluated top-to-bottom, first match wins. Know the default implicit deny rule at the bottom and the logging options for the implicit deny. Know how to find which policy matches traffic using the built-in policy test tool in the FortiGate GUI.
FortiGate VDOMs (Virtual Domains) create multiple virtual firewall instances on a single physical device. Know the two VDOM modes: NAT (routed mode, the default) and Transparent (bridge mode, does not change IP addresses). Know how to configure inter-VDOM links and why VDOMs are used for multi-tenancy.
FSSO (Fortinet Single Sign-On) integrates with Active Directory to perform User-ID identification without requiring users to authenticate again to the firewall. Know the FSSO components: DC Agent (monitors AD logon events), Collector Agent (aggregates events and sends to FortiGate), and the FortiGate itself (matches source IP to user and group).
Fortinet NSE certifications follow a tiered structure: NSE 1–3 (free online, awareness level), NSE 4–6 (professional, exam required), NSE 7–8 (expert, advanced exams and practical assessment). NSE 4 is the threshold where the certification becomes employer-meaningful.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on NSE4 — with exam key points and common misconceptions.