I volunteered to take Fortinet Certified Solution Specialist SASE certification when our company needed to fulfill Fortinet partner qualifications. I wanted to learn more about solutions and challenge myself in new areas. And challenge it was!
First, I don’t have experience in configuring SD-WAN or SASE in practice, just some Fortigate firewalling basics from years back. I’m just a solution architect trying to understand the possibilities and realities of these vendor-provided solutions.
FCSS SASE certification consists of two parts: SD-WAN and SASE. I used the study guide Fortinet provides in the training portal. The material was same time technically overwhelming and partly too simplistic and inconsistent. I had a wow moment when all the details of traffic routing rules and policies were exposed to the student. It was awakening to realize how complex world of parameters and function logic is built under the hood. To completely understand all this, study guide should have covered topics maybe a bit more thoroughly and systematically.
I took the SD-WAN 7.2 exam online, and I passed on a first try. My poorest topic was troubleshooting, which included a lot of complex CLI output interpretations. The exam had 40 questions in one and a half hours, so there was enough time to find the right answers, but some questions were also verbose and time-consuming if you didn’t know what to look for. I was really happy to pass because the content was hard.
Then I moved to SASE exam. I chose the older exam version 23, because the newer version was recently introduced, and I didn’t want to take the risk of possibly vague questions that the new exam could contain. SASE study guide was more of an overview of security features and configurations. That was quite unknown territory for me, but still I thought this could be easier than the very technical SD-WAN part. Oh boy, I was wrong!
First exam failed, although I felt good about it. I think my result was scarcely below the passing mark. Fortinet exams are a bit strange because they don’t provide any numerical points or define the passing mark anyhow. Score report details performance breakdown only by percentage bars for a few topics. It’s quite hard to estimate how you succeeded and what the passing mark is, but I think it’s around the usual 70%. The exam consists of only 30 questions in 75 minutes, and I had plenty of time to review the questions. But I think the problem for me was general questions, which are usually harder to understand and interpret correctly than technical details.
After the failed attempt and disappointment, it’s hard to collect yourself for a new try. I’ve failed many times before, and it’s always a degrading experience. I restudied the material, and suddenly I realized that the study guide is for the newer version of the exam. Some details had changed between versions and that explained a couple of mistakes I made. After a month, I tried the same exam again. Questions were quite different this time, and I was sweating a bit under the pressure.
Additionally, after taking over ten Pearson VUE exams online, I had technical problems for the first time. After 10 minutes from the start online exam suddenly informed me that it needed a reboot. I thought they gave me the wrong exam or something, but the same exam reloaded and continued as if nothing happened. This time I made it and passed. I still struggled badly in access models and deployment, but other topics compensated so that the total score was above the bar.
Overall, these were my first Fortinet exams. I have taken Cisco, Juniper, and Microsoft exams earlier. Obscure scoring and hidden passing marks are Fortinet’s quirks. Exams had a standard “flag and review later” option, which is nice when you can leave uncertain answers to hang. Often, other questions can give some hints in the right direction. Some questions were unclear, as always, and the best tactic is to remove incorrect answers to find the correct one. These exams are probably far easier for people who have worked with Fortigates and VPNs.
Now I’m a certified SD-WAN Architect and SASE Administrator, but I think the main benefit of this certification was to understand Fortinet’s solutions better. Fortinet products offer a lot of flexibility and tweakable functionality, but sometimes it gets me asking if it’s necessary to expose all this complexity to the user? Some features, options, and parameters could be just left out or hidden, defaulting to the most common scenario. On the other hand, this versatility is the power of Fortinet products.