# 7-Day Fortinet NOC Marathon — Academy-integrated v2 Updated after authenticated Fortinet Training Institute review on 2026-07-05. ## Real Academy sources now confirmed ### P0 course — primary **FortiGate 7.6 Operator - ENGLISH** - URL: `https://training.fortinet.com/course/view.php?id=67379` - Parent/self-paced page: `https://training.fortinet.com/course/view.php?id=67488` - Track: **FCA Cybersecurity** - Exam/badge: **FortiGate 7.6 Operator / NSE 3** - Estimated duration: **6.5 hours** - Completion: interactive lessons + exam score **75%+** ### P1 course — selective deepening **FortiOS 7.6 Administrator Self-Paced** - Main: `https://training.fortinet.com/course/view.php?id=72343` - Lessons: `https://training.fortinet.com/course/view.php?id=72276` - Labs: `https://training.fortinet.com/course/view.php?id=72344` - Sample questions: `https://training.fortinet.com/course/view.php?id=72351` - Estimated duration: **24 hours** = 13h lessons + 11h labs - Labs: paid, SKU **FT-LAB-H20**, **USD $200** ## Daily structure 1. 30–45 min: NOC/Fortinet theory. 2. 45–90 min: Academy P0/P1 module. 3. 45–90 min: practical drill or portal exercise. 4. 15–20 min: incident update/RCA. 5. 20–40 min: mock interview. ## Day 1 — NOC baseline + FortiGate Operator start **Goal:** build troubleshooting language and start the FCA/NSE3 track. Theory: - NOC role: alert → verify → isolate → escalate/fix → document. - OSI/TCP-IP: where DNS, ICMP, TCP/UDP, HTTP, VPN and firewall policy fit. - “What do you check first?” answer pattern. Academy P0: - FortiGate Operator Lesson 01: Overview. - FortiGate Operator Lesson 02: Configuring System Settings and Basic Networking. Practice: - `ping`, `traceroute`/`mtr`, `dig`, `curl`, `ss`, `ip route`. - Diagnose: DNS broken vs service down vs route issue. Interview outputs: - 60-second self-intro for NOC. - Answer: “How do you troubleshoot a service unreachable alert?” - Answer: “How does your Sophos experience transfer to FortiGate?” ## Day 2 — Linux/NOC operations + FortiGate monitoring basics **Goal:** become fast in Linux evidence gathering and map it to FortiGate monitoring. Theory: - systemd, logs, listening ports, resolver, CPU/RAM/disk. - Difference between symptom and root cause. Academy P0: - FortiGate Operator Lesson 12: FortiGate System Maintenance and Monitoring. - If time: review Operator Lesson 02 again and write FortiGate terms. Practice: - broken service; - wrong DNS resolver; - port not listening; - log-based RCA. Interview outputs: - “Which logs/commands do you check first?” - “What would you include in a NOC handover?” ## Day 3 — Firewall policy, NAT, routing, packet flow **Goal:** explain packet flow as route → policy → NAT → session/log. Theory: - route lookup; - source/destination NAT; - stateful firewall; - policy order; - asymmetric routing. Academy P0: - FortiGate Operator Lesson 03: Firewall Policies. Academy P1 selective: - FortiOS Administrator: Firewall Policies and NAT. - FortiOS Administrator: Routing. Practice: - draw packet path from client to server through firewall; - compare Linux `ip route` / iptables/nftables with FortiGate concepts; - tcpdump thought process: where to capture and why. Interview outputs: - “Traffic does not pass through firewall. What do you check?” - “Route issue vs policy issue vs NAT issue — how tell apart?” ## Day 4 — FortiGate-focused day: logs, sessions, UTM, HA basics **Goal:** sound like an operator who understands FortiGate daily administration. Theory: - firewall policy objects; - sessions; - logs; - security profiles/UTM; - HA overview; - SD-WAN awareness. Academy P0: - Operator Lesson 05: Inspect SSL Traffic. - Operator Lesson 08: IPS. - Operator Lesson 09: Controlling Application Access. - Operator Lesson 14: HA. Academy P1 selective: - FortiOS Administrator: Logging and Monitoring. - FortiOS Administrator: Diagnostics and Troubleshooting. Practice: - read sample firewall logs; - explain allow/deny decision; - write a short incident note from logs. Interview outputs: - “What FortiGate logs would you check?” - “What can go wrong during HA failover?” ## Day 5 — VPN troubleshooting **Goal:** handle IPsec/SSL VPN interview questions confidently. Theory: - IPsec phases/IKE basics; - NAT-T; - proposals/PSK/certs; - routes/split tunnel; - SSL VPN auth and portal concepts. Academy P0: - Operator Lesson 10: Creating IPsec Virtual Private Networks. - Operator Lesson 11: Configuring FortiGate SSL VPN. Academy P1 selective: - FortiOS Administrator: IPsec VPN. Practice: - diagnose VPN down from symptoms/log snippets; - write escalation info: peer IP, phase, proposals, routes, user, timestamp, log line. Interview outputs: - “IPsec tunnel is up but no traffic passes — what do you check?” - “SSL VPN user cannot connect — what are common causes?” ## Day 6 — Monitoring, alerts, incident response + sample questions **Goal:** combine NOC process with Fortinet evidence. Theory: - alert lifecycle; - severity; - false positive vs real incident; - escalation; - customer update; - RCA. Academy P1: - FortiOS Administrator Sample Questions if accessible: `https://training.fortinet.com/course/view.php?id=72351` - Revisit FortiOS Admin Diagnostics and Troubleshooting. Practice: - blackbox HTTP/TCP check scenario; - write 3 updates: initial, investigation, resolved; - produce RCA: impact, cause, fix, prevention. Interview outputs: - “How do you prioritize multiple alerts?” - “Tell me about a production incident you handled.” ## Day 7 — Full mock technical interview + badge decision **Goal:** final interview readiness. Format: - 20 min HR/motivation. - 40–60 min technical questions. - 30–60 min live troubleshooting. - 20 min debrief and weak-spot patch. Academy decision: - If Operator lessons are mostly complete: attempt FortiGate Operator/NSE3 exam badge. - If not: do not rush certification; use progress story in interview. Expected outcome: - concise self-intro; - 5–7 strong production stories; - clear NOC troubleshooting flow; - Fortinet Academy progress story; - confidence under “why/how do you know?” pressure. ## Labs / VPS gate VPS automation remains **last**. Unblock only when: - portal modules are updated; - Day 1–2 drills are written; - Academy P0 course path is integrated; - each lab has scenario, symptom, allowed tools, expected fix, validation and grading rubric.