# FortiGate Operator Completion Tracker — lessons 01–15 Source scope: tracker is based only on the confirmed Fortinet Academy course metadata captured in `docs/academy-login-review-2026-07-05.md`. Do not paste lesson internals here; after each lesson, add Artur's own operational notes and interview-ready wording. Confirmed course: FortiGate 7.6 Operator - ENGLISH - Course id: `67379` - URL: `https://training.fortinet.com/course/view.php?id=67379` - Total estimate: 6.5 hours - Track: FCA Cybersecurity / NSE 3 / Associate - Completion target: interactive lessons + exam score 75%+ if attempting the badge ## How to use this tracker For each lesson, update only: ```text Status: not-started / in-progress / done / skipped Notes-to-extract: 3–5 original bullets in Artur's own words Interview question enabled: yes when Artur can answer it out loud in 60–90 seconds ``` Notes template: ```text Fortinet term: What it means operationally: Sophos / production analogy: CLI or screen I would check: Interview sentence: ``` ## Lesson tracker | # | Lesson | Priority | Duration | Status | Notes-to-extract | Interview question enabled | |---:|---|---|---:|---|---|---| | 01 | FortiGate Overview | P0 | 5 min if using Day 1 drill estimate; otherwise TBD | not-started | FortiGate roles, where it sits in packet flow, words Artur must use instead of generic “firewall”. | yes | | 02 | Configuring System Settings and Basic Networking | P0 | 15 min if using Day 1 drill estimate; otherwise TBD | not-started | Interfaces, addressing, routes, DNS/admin reachability, what a NOC checks first. | yes | | 03 | Firewall Policies | P0 | 15 min if using Day 1 optional estimate; otherwise TBD | not-started | Policy order, source/destination/service/schedule, NAT expectation, logs/session evidence. | yes | | 04 | Authenticating Network Users | P2 | TBD | not-started | Auth symptom categories only: user identity, group match, auth failure vs network failure. | yes | | 05 | Inspect SSL Traffic | P1 | TBD | not-started | When SSL inspection matters, certificate/user-impact risks, how to explain safely in interview. | yes | | 06 | Blocking Malware | P2 | TBD | not-started | Malware/security profile outcome as NOC evidence, not deep malware analysis. | yes | | 07 | Control Web Access Using Web Filtering | P2 | TBD | not-started | Web filtering blocks, category/action/log evidence, user communication. | yes | | 08 | Configuring the FortiGate Intrusion Prevention System | P1 | TBD | not-started | IPS alert triage, false positive vs real block, escalation evidence. | yes | | 09 | Controlling Application Access | P1 | TBD | not-started | Application control as policy/security-profile evidence; impact on business apps. | yes | | 10 | Creating IPsec Virtual Private Networks | P0 | TBD | not-started | Phase 1/2, proposals, PSK/certs, NAT-T, routes, tunnel up but no traffic. | yes | | 11 | Configuring FortiGate SSL VPN | P0 | TBD | not-started | Login vs tunnel vs post-login routing, user/time/source IP, logs to collect. | yes | | 12 | FortiGate System Maintenance and Monitoring | P0 | 20 min if using Day 2 drill estimate; otherwise TBD | not-started | System health, logs/monitoring, backups/firmware awareness, handover evidence. | yes | | 13 | Configuring the Fortinet Security Fabric | P2 | TBD | not-started | Security Fabric as topology/visibility concept; keep answer high-level. | yes | | 14 | FortiGate High Availability (HA) | P1 | TBD | not-started | Active/passive idea, failover symptoms, split-brain risk, what to check/collect. | yes | | 15 | Configuring FortiLink | P2 | TBD | not-started | FortiSwitch/FortiLink management concept; relevant only as topology/support context. | yes | ## P0 interview questions Use these after the lesson is marked done. Answer short: symptom → checks → evidence → expected fix/escalation. 1. Lesson 01 — “What is FortiGate doing in the network path, and how would you explain your Sophos experience in Fortinet terms?” 2. Lesson 02 — “A service is unreachable behind a FortiGate. What do you check in the first 10 minutes?” 3. Lesson 03 — “Traffic should be allowed but is blocked. How do policy order, NAT and logs help you prove why?” 4. Lesson 10 — “An IPsec VPN tunnel is down, or tunnel is up but no traffic passes. What evidence do you collect?” 5. Lesson 11 — “An SSL VPN user cannot connect. How do you separate authentication, tunnel and routing problems?” 6. Lesson 12 — “A FortiGate health/monitoring alert fires. What do you check, what do you report, and when do you escalate?” ## P1 interview questions 1. Lesson 05 — “Why can SSL inspection break traffic, and what would you check before escalating?” 2. Lesson 08 — “An IPS profile blocks business traffic. How do you validate impact without disabling security blindly?” 3. Lesson 09 — “A business app stopped working after a firewall/security-profile change. What logs and policy context do you collect?” 4. Lesson 14 — “What are first checks during a suspected FortiGate HA failover?” ## P2 interview questions 1. Lessons 04/06/07 — “How do you distinguish user/auth/security-profile blocks from routing or service failures?” 2. Lesson 13 — “What operational value does centralized visibility/topology give a NOC?” 3. Lesson 15 — “If access switches are managed through FortiGate/FortiLink, what topology facts should the NOC capture before escalation?” ## Completion rule A lesson counts as complete for interview readiness only when all three are true: 1. Academy lesson status is done in the user-approved session. 2. Artur has written original notes using the template above. 3. At least one enabled interview question was answered out loud and graded against `grading/scorecard.md`.