Exam Preparation

Certification Topics
Candidates preparing for the FCX certification should be familiar with the topics covered in the
certification exams.

Note: This list is a guideline only. The topics covered on the exam may change at any time
without notice.

Written Exam Certification Topics

1. Security Architecture
a. Demonstrate knowledge of FortiGate Network Security products
i. Chassis solutions 6000/7000 modules and architecture
ii. Correct hardware production selection based on design
b. Demonstrate knowledge of Fortinet Security Fabric Solution deployments
i. FortiMail
ii. FortiSandbox
iii. Traditional networks and hybrid/cloud/multi-cloud networks
iv. Logging and management protocols used by Fortinet, and required network architecture
for resiliency
c. Demonstrate knowledge of Fortinet high-availability solutions
i. Core products
ii. Types of the HA solutions
iii. HA and Cloud deployments
iv. Optimization
2. Infrastructure
a. Demonstrate knowledge of FortiGate operation modes
i. Transparent Mode and Layer-2 Traffic
ii. VDOM and VDOM links
b. Demonstrate knowledge of FortiGate hardware technology
i. NP6/NP7/nTurbo/CP9/SoC4 acceleration and acceleration concepts
ii. Hyperscale requirements, operation, limitations
iii. Traffic Flows during acceleration and offloading
iv. Describe and design hardware accelerated networks with FortiGate devices
v. FortiGate chassis/module architecture
vi. Life of packet
vii. Hardware offloading
c. Demonstrate knowledge of non-FortiGate hardware technology
i. Hardware v virtual
ii. FAZ, SIEM
d. Demonstrate knowledge of Fortinet solutions for cloud security
i. Private cloud
ii. Public cloud
iii. SAAS
iv. SASE
3. Networking
a. Demonstrate knowledge of advanced routing and networking technologies

www.fortinet.com/training FCX Certification - Public Handbook 9

 i. Static Routing
ii. Dynamic Routing (OSPF/BGP)
iii. Routing and high availability concepts
iv. Asymmetric Routing
v. Secure SD-WAN Routing
vi. Policy Routing
vii. Multi-cast routing
viii. Routing control
ix. NAT
1. Dual-bidirectional NAT between two address domains
2. Interpret NAT information presented in Session table output
x. IPv6
1. NAT46 & NAT 64, SLAAC, DHCPv6, DNSv6
xi. Traffic shaping
1. Interface-based shaping configuration
2. Effects on hardware acceleration
xii. Virtual wire pairs
1. VWP with VLAN tags
b. Demonstrate knowledge of advanced VPN design methodologies
i. SSL VPN / IPSEC
ii. Aggregate VPN
iii. ADVPN
iv. VXLAN over IPSEC
v. GRE
vi. IKEv1 vs IKEv2 differences
c. Demonstrate knowledge of Fortinet access solutions advanced configurations and features
i. FortiSwitch advanced configurations
1. MCLAG
ii. FortiAP advanced configurations
1. Remote tunneling
iii. Advanced use cases of FortiExtender (IPSEC VPN, VLAN mode)
1. IPSEC VPN
2. VLAN mode
iv. FortiOS access control features
1. Control Policy
2. Device Profiling
3. DHCP Option 82
4. FortiNAC configuration
5. Remediation Policy
d. Demonstrate knowledge of how to integrate Fortinet access solutions
i. Advanced authentication for access layer
1. FortiAP radius based dynamic vlan
2. RADIUS based dynamic VLAN
ii. FortiLink advanced configurations
1. Quarantine NAC vlans
2. FortiLink over L3
iii. Centralized management of access products from FortiManager
iv. Design Fortinet access layer solutions
1. Wireless planning
2. Switch stack design
3. ZTNA solutions
v. Fortinet Security Fabric and integrated management of Firewall, access, and ATP
products
e. Demonstrate knowledge of application delivery

www.fortinet.com/training FCX Certification - Public Handbook 10

 i. Load balancing
ii. Health checks
4. Secure SD-WAN
a. Demonstrate knowledge of SD-WAN advanced architecture and design
i. Design and implement a full featured SD-WAN solution with dynamic routing
ii. Local traffic routing with SD-WAN
iii. Understanding SD-WAN rules and failover
b. Demonstrate knowledge of SD-WAN advanced features
i. Azure vWAN
ii. ADVPN design and requirements
iii. Packet duplication and aggregate tunnels
iv. Network overlays
c. Demonstrate knowledge of SD-WAN troubleshooting
i. Session failover with NAT
ii. Session route change with max bandwidth method
iii. Shortcut tunnels and BGP
5. Security Solutions
a. Demonstrate knowledge of Fortinet application security solutions
i. Operation and deployment modes
ii. Designing resilient solutions
iii. Advanced security inspection
iv. FortiGuard services for enhanced Fortinet solutions
v. Troubleshooting application security issues
b. Demonstrate knowledge of Fortinet network security solutions
i. Inspection modes
ii. Security profiles
iii. Troubleshooting FortiOS security features
iv. FortiGuard services for FortiOS security services
v. VoIP
1. VoIP ALG / proxy
2. SIP kernel-helper
3. Flow SIP
vi. HTTP/2
1. SSL inspection with HTTP/2
c. Demonstrate knowledge of authentication mechanisms
i. Implement SAML authentication
ii. Integrate external authentication using Radius / LDAP
iii. Configuring Fortinet product authentication using FortiAuthenticator
iv. Authentication using VSAs with Radius for automated roles / profiles
v. Two factor authentication using certificates and tokens
vi. Fortinet FSSO using collectors and FortiAuthenticator
vii. Integrate with AD certificate services
viii. RBAC, authentication and certificate management solutions with Fortinet Management
products
6. Security Operations
a. Demonstrate knowledge of Fortinet SOC solution
i. Integrate Fortinet solutions for advanced threat protection
ii. Security incident handling
iii. Security incident enrichment
iv. Threat analysis and incident response
v. Automated remediation
vi. Fortinet management and logging tools
b. Demonstrate knowledge of Fortinet endpoint solutions
i. Network admission control solution

www.fortinet.com/training FCX Certification - Public Handbook 11

 ii. Device On-boarding using various methods
iii. FCT Client Profile
iv. VPN Profile Management
v. FortiClient EMS installation package managing
vi. EMS on net / off net
vii. ZTNA Policy / configuration (EMS/FCT/FG/FAC)
viii. Endpoint protection (Client/Guest)
ix. Quarantine functions on both LAN/WLAN
x. EDR - Playbooks / Exceptions
7. Automation
a. Demonstrate knowledge of Fortinet Automation tools, solutions, and integrations
i. Automation Stiches
ii. Understand Fabric connectors
iii. Zero Touch Configuration/Zero Touch Provisioning
iv. Automated Response Systems (SOAR/Handlers)
v. FortiSIEM log automation triggers
b. Demonstrate knowledge of Fortinet build-in scripting capabilities
i. FortiManager CLI/TCL Scripting
ii. FMG CLI Template + Variables
iii. FortiGate AutoScript
c. Demonstrate knowledge of Fortinet API configuration and usage
i. FortiGate webhook triggers
ii. API Integration within the Security Fabric
iii. Understand principles of API usage (including required config)
iv. Solutions for rollout and management of large scale FortiGate networks (Fortinet or 3rd
party management tools)

Practical Exam Certification Topics

1. Networking
a) SD-WAN Deployments
b) Dynamic Routing
c) Traffic Engineering
d) Secure Access
e) VPN Connections
f) High Availability and clustering
g) Troubleshooting network deployments
2. Central Management
a) Central Management Deployments
b) Automation
c) Security Operations
d) Troubleshooting Central Management Deployments
3. Authentication
a) Authentication Integration
b) Troubleshooting Authentication Scenarios
4. Threat Protection
a) Securing EndPoints
b) Securing Applications
c) Securing the Network
d) Troubleshooting Threat Protection

www.fortinet.com/training FCX Certification - Public Handbook 12

Products and Firmware Versions
This section details all the products and firmware versions used for the FCX exams.
The new version of the FCX exams will be based on the most current firmware available on the Fortinet
support site. The FCX candidate should have the knowledge required to configure a network environment
with the latest firmware versions available, and up to two major releases, following the date that the exam
becomes available to the public.

Product Base Firmware Written Exam Practical Exam

FortiGate 7.x + x x
FortiAnalyzer 7.x + x x
FortiAuthenticator 6.x + x x
FortiManager 7.x + x x
FortiSandbox 4.x x x
FortiADC 7.x + x x
FortiWeb 7.x + x x
FortiMail 7.x + x x
FortiClient 7.x + x x
FortiClientEMS 7.x + x x
FortiSwitch (VM) 7.x + x
FortiSwitch 7.x + x
FortiAP 7.x.+ x
FortiDDoS 5.x + x
FortiNAC 9.x + x
FortiExtender 7.x + x
FortiSIEM 6.x + x
FortiEDR 5.x+ x
FortiSOAR 7.x + x

Note: Firmware versions may change at any time without notice. Please review the latest version
of this document, the FAQ document, and the FCX exam description, when preparing for your
exam.

About the base firmware versions:

• The FCX certification program will have base firmware versions for all the solutions. The program
will be adaptable to support up to two additional major releases during the life of the exam.
• The expert candidate’s knowledge of Fortinet features, technologies, and solutions should extend
beyond a single OS version.

www.fortinet.com/training FCX Certification - Public Handbook 13

Additional exam components include, but are not limited to:
• Windows 2019
• Lubuntu desktop

• Debian Linux server

Recommended Study Materials

This section lists the recommended study materials to help certification candidates prepare for the FCX
certification exams.
Administration guides and handbooks:
• FortiGate, FortiManager, FortiAnalyzer

• FortiADC, FortiWeb, FortiMail

• FortiSandbox, FortiAuthenticator, FortiClient

• FortiSwitch
• CLI references

• Cookbooks
• Fortinet Knowledge Base articles

Recommended Preparatory Courses

The FCX certification exams have no prerequisites, but it is highly recommended that test candidates
complete the following courses before attempting the certification exams.

FCP FCSS

FortiOS Enterprise Firewall

FortiAnalyzer LAN Edge
FortiManager SD-WAN
FortiAuthenticator
FortiSwitch
FortiMail
FortiWeb

www.fortinet.com/training FCX Certification - Public Handbook 14