Comprehensive Guide: Network Fundamentals and
Interview QA for Cisco Meraki and Fortinet FortiGate
Prepared for 4-10 Years Experience Level
July 24, 2025
Introduction
This comprehensive document expands on network fundamentals and provides an ex-
tensive list of frequently asked interview questions and answers for Cisco Meraki and
Fortinet FortiGate, tailored for network engineers with 4-10 years of experience. It draws
from common industry questions, focusing on configuration, troubleshooting, security,
and advanced features. Use this to prepare thoroughly for your interview.
1 Network Fundamentals
Core concepts essential for the role:
• OSI Model: Seven layers (Physical, Data Link, Network, Transport, Session,
Presentation, Application) defining network communication.
• TCP/IP Model: Four layers (Network Interface, Internet, Transport, Applica-
tion) underpinning internet protocols.
• Routing Protocols: OSPF (link-state), BGP (path vector), RIP (distance vector)
for dynamic routing.
• Switching: VLANs for segmentation, STP (Spanning Tree Protocol) to prevent
loops, RSTP for faster convergence.
• IP Addressing: IPv4 (e.g., [Link]/24), IPv6, subnetting, CIDR, NAT/PAT.
• DHCP: Dynamic Host Configuration Protocol for automatic IP assignment, in-
cluding DORA process.
• DNS: Domain Name System for name-to-IP resolution, recursive vs. authoritative
servers.
• Firewalls: Packet filtering, stateful inspection, NGFW features (app control, IPS,
SSL inspection).
• VPNs: IPsec (IKE phases), SSL VPN, site-to-site vs. remote access.
• Security: ACLs, IDS/IPS, zero-trust models, encryption (AES, SHA).
• SD-WAN: Software-defined WAN for traffic optimization, policy-based routing.
• Wireless: SSIDs, WPA3, roaming, RF management.
• Troubleshooting Tools: Wireshark, ping, traceroute, tcpdump, syslog.
• Advanced: QoS, MPLS, BGP attributes, multicast routing.
1
�Comprehensive Network Engineer Interview Preparation July 24, 2025
2 Cisco Meraki Interview Questions and Answers
Expanded list based on common questions for mid-senior engineers.
1. What is Cisco Meraki, and how does it differ from traditional Cisco
networking?
Meraki is a cloud-managed networking solution offering centralized management
via a dashboard for devices like MR (wireless), MS (switches), MX (security appli-
ances). Unlike traditional Cisco’s CLI-based config (e.g., IOS), Meraki uses GUI
with auto-provisioning, API support, and zero-touch deployment. Ideal for multi-
site environments with features like Auto VPN.
2. Describe the process of creating and configuring an organization in Cisco
Meraki.
Log into Dashboard ¿ Organization ¿ Create Organization. Set name, timezone,
currency. Add networks (site-specific or templates). Claim devices by serial number.
Configure templates for VLANs, SSIDs, policies. Apply licenses and enable features
like SD-WAN.
3. What are licensing prerequisites for Meraki devices?
Per-device subscriptions: Enterprise (basic), Advanced Security (NGFW features),
Secure SD-WAN Plus (advanced routing). Licenses are cloud-tied; co-termination
averages terms. Without active license, devices go offline after grace period.
4. Explain configuring a basic SSID on a Meraki wireless access point.
Dashboard ¿ Wireless ¿ SSIDs ¿ Create SSID. Set name, security (WPA2/3), VLAN,
bandwidth limits, client isolation. Enable Layer 7 shaping, splash pages. Use Air
Marshal for security scanning.
5. What is Meraki Systems Manager (SM), and its uses?
Cloud-based MDM/EMM for endpoints. Uses: App deployment, remote wipe,
geofencing, compliance policies. Integrates with Meraki for unified visibility.
6. How would you troubleshoot DHCP issues in a Meraki network?
Check Clients page for leases. Verify MX DHCP scope. Use event logs, packet
captures. Enable DHCP snooping to block rogues. Release/renew on clients.
7. What is ARP, and explain ARP poisoning in a Meraki context?
ARP maps IP to MAC. Poisoning spoofs for MITM. Mitigate with DAI on MS
switches, validating against bindings.
8. Describe STP and its role in Meraki switches.
Prevents L2 loops. Meraki uses RSTP; configure priorities, BPDU guard via Dash-
board ¿ Switches ¿ STP.
9. What are Network Tags in Meraki, and a valid use?
Labels for grouping (e.g., ”HQ”). Use: Bulk policy application via templates.
10. Which MX route type has the highest priority?
Static ¿ AutoVPN ¿ Client VPN ¿ Dynamic (BGP/OSPF).
11. Explain CAM tables and how they relate to switching in Meraki.
CAM (Content Addressable Memory) stores MAC-port mappings. In Meraki MS,
view via Dashboard ¿ Switches ¿ MAC forwarding table. Overflow can cause flood-
ing.
12. What problems might you see with LAN routing in a Meraki setup?
Misconfigured VLANs, overlapping subnets, STP loops, or rogue DHCP. Trou-
bleshoot with topology maps and alerts.
13. How do various protocols like OSPF and BGP work in Meraki?
2
�Comprehensive Network Engineer Interview Preparation July 24, 2025
MX supports OSPF/BGP for dynamic routing. Configure under Appliance ¿ Rout-
ing. OSPF uses LSAs for topology; BGP uses attributes for path selection.
14. What is Auto VPN in Meraki, and how to configure it?
Hub-and-spoke or full-mesh IPsec VPN. Dashboard ¿ Security SD-WAN ¿ Site-to-
site VPN ¿ Enable, set hubs/spokes.
15. Explain Layer 7 firewall rules in Meraki.
App-based shaping/blocking (e.g., block Facebook). Configure under Firewall ¿
Layer 7 rules.
16. How to integrate Meraki with third-party RADIUS for authentication?
Dashboard ¿ Wireless ¿ Access control ¿ RADIUS. Add server IP, secret, ports.
17. What is Meraki Insight, and its benefits?
WAN health monitoring tool. Benefits: App performance analytics, bottleneck
identification.
18. Troubleshoot a wireless client connectivity issue in Meraki.
Check Client details for signal/RSSI. Verify SSID config, interference via RF spec-
trum. Use wireless health analytics.
19. Explain Meraki API usage for automation.
RESTful API for dashboard ops. Use Python SDK to script configs, e.g., add
devices.
20. What is SD-WAN in Meraki MX, and policy configuration?
Optimizes traffic over multiple WAN links. Configure under SD-WAN ¿ Traffic
steering ¿ Add policy (e.g., prioritize VoIP over MPLS).
21. How to handle firmware upgrades in Meraki?
Dashboard ¿ Organization ¿ Firmware upgrades. Schedule, test in staging.
22. Describe VLAN configuration on Meraki switches.
Switches ¿ Ports ¿ Edit ¿ VLAN mode (access/trunk), allowed VLANs.
23. What is Dynamic ARP Inspection (DAI) in Meraki?
Validates ARP against DHCP bindings to prevent poisoning. Enable on MS switches.
24. Explain QoS in Meraki for VoIP traffic.
Wireless/SD-WAN ¿ QoS rules ¿ Prioritize RTP ports, set DSCP markings.
25. How to monitor network performance in Meraki Dashboard?
Use Summary reports, Topology, Usage stats, Alerts.
26. What are Meraki MV cameras, and integration?
Smart cameras with cloud storage. Integrate with networks for motion alerts, ana-
lytics.
27. Troubleshoot VPN connectivity issues in Meraki.
Check VPN status page, logs for IKE errors. Verify NAT, MTU, PSK.
28. Explain client VPN setup in Meraki.
Security ¿ Client VPN ¿ Enable, set subnet, DNS. Users download config.
29. What is Air Marshal in Meraki wireless?
Rogue AP detection and containment tool.
30. How to configure port mirroring on Meraki switches?
Switches ¿ Ports ¿ Edit ¿ Mirror mode for traffic analysis.
31. Describe integration with Cisco ISE for NAC.
Use RADIUS for 802.1X, posture assessment.
32. What recent updates in Meraki (as of 2025)?
AI-driven ops with AgenticOps, AI Assistant for troubleshooting.
33. Explain traffic shaping in Meraki.
3
�Comprehensive Network Engineer Interview Preparation July 24, 2025
Limit bandwidth per SSID/app. Configure under Wireless ¿ Firewall traffic shap-
ing.
34. How to handle high availability in Meraki MX?
Warm spare setup: Add secondary MX, enable HA.
35. What is Meraki Location Analytics?
Tracks client movement via Bluetooth for insights.
36. Troubleshoot STP issues in Meraki.
Check STP bridge priorities, root election via Dashboard.
37. Explain BGP configuration in Meraki MX.
Appliance ¿ Routing ¿ BGP ¿ Enable, set AS, peers.
38. What is the difference between TCP and UDP in a Meraki context?
TCP: Reliable, connection-oriented; UDP: Faster, connectionless. Used in firewall
rules for app control.
39. How to interpret packet captures in Meraki?
Use built-in capture tool on appliances, analyze with Wireshark.
40. Describe IPv4 vs IPv6 support in Meraki.
Dual-stack; configure IPv6 under Addressing VLANs.
41. What experience do you have with Meraki troubleshooting?
(Behavioral): Share examples like resolving interference or config conflicts.
42. How to keep up with Meraki trends?
Follow Cisco blogs, certifications (CMNA), webinars.
3 Fortinet FortiGate Interview Questions and An-
swers
Expanded list for mid-senior level.
1. What is FortiGate, and why is it considered a good firewall?
NGFW with UTM features (IPS, AV, web filtering). Good due to ASIC accelera-
tion, FortiGuard intelligence, scalability.
2. What is UTM, and how does FortiGate implement it?
Unified Threat Management integrates security functions. FortiGate uses profiles
(AV, IPS) applied to policies.
3. Explain the Security Fabric in Fortinet.
Integrates products for visibility, automation. Enables zero-trust with segmenta-
tion.
4. What is a Next-Generation Firewall (NGFW)?
Beyond ports: App ID, user control, DPI. FortiGate uses ASICs for performance.
5. Steps to configure a new firewall policy in FortiGate.
Policy Objects ¿ Firewall Policy ¿ Create. Set interfaces, src/dst, services, action,
profiles. CLI: config firewall policy; edit ID; set params; end.
6. Difference between SSL web portal and tunnel mode in FortiGate VPN?
Portal: Browser access, limited. Tunnel: Full client, supports split-tunneling.
7. What is split tunneling, and why use it?
Routes select traffic via VPN. Reduces load; configure in VPN ¿ SSL Settings.
8. Explain configuring VPNs on FortiGate.
IPsec: IPsec Tunnels ¿ Create ¿ Set gateway, auth, enc. SSL: SSL-VPN Settings ¿
4
�Comprehensive Network Engineer Interview Preparation July 24, 2025
Enable portal.
9. What are possible attacks on FortiGate, and how to mitigate?
DDoS: DoS policies. Rogue DHCP: Snooping. ARP poisoning: DAI. Use Forti-
Sandbox.
10. Difference between deployment modes in FortiGate?
Transparent: L2 bridge. NAT/Route: L3 with NAT.
11. What is FortiOS?
Operating system for FortiGate, handling all security and networking functions.
12. Explain Threat Management in FortiGate.
Uses FortiGuard for real-time updates on AV, IPS signatures.
13. How to configure an interface on FortiGate?
Network ¿ Interfaces ¿ Edit ¿ Set IP, mode (static/DHCP), admin access.
14. What is the standard procedure to upgrade FortiOS?
Backup config, download firmware, System ¿ Firmware ¿ Upload reboot.
15. Explain HA configuration in FortiGate.
System ¿ HA ¿ Set mode (active-passive), group ID, priorities.
16. What is VDOM in FortiGate?
Virtual Domains for multi-tenancy; separate policies per VDOM.
17. How to troubleshoot VPN issues in FortiGate?
Use diagnose vpn tunnel list, debug flow, logs.
18. Explain IPS configuration.
Security Profiles ¿ Intrusion Prevention ¿ Create signature-based profile, apply to
policy.
19. What is FortiAnalyzer integration?
Central logging/reporting; configure under Log Report ¿ FortiAnalyzer.
20. Difference between policy-based and route-based VPN?
Policy: Traffic selectors in policy. Route: Uses interfaces/tunnels for routing.
21. How to configure SD-WAN in FortiGate?
WAN Opt Cache ¿ SD-WAN ¿ Enable, add members, rules for steering.
22. Explain DoS policy setup.
Policy Objects ¿ DoS Policy ¿ Create, set thresholds for SYN floods, etc.
23. What is SSL inspection, and how to enable?
Decrypts HTTPS; Security Profiles ¿ SSL/SSH Inspection ¿ Create profile, apply.
24. Troubleshoot high CPU on FortiGate.
get system performance status; Check processes, disable unused features.
25. Explain user authentication methods.
Local, RADIUS, LDAP; Configure under User Authentication.
26. What is FortiSandbox, and integration?
Cloud/on-prem sandbox for unknown threats; Integrate via profiles.
27. How to configure NAT in FortiGate?
Policy ¿ Set NAT enable, use IP pool or central SNAT.
28. Explain BGP setup on FortiGate.
Network ¿ BGP ¿ Set AS, neighbors, prefixes.
29. What are FortiTokens for MFA?
Hardware/software tokens; User ¿ FortiTokens ¿ Add.
30. Troubleshoot routing issues.
get router info routing-table all; diagnose ip route list.
31. Explain web filtering configuration.
5
�Comprehensive Network Engineer Interview Preparation July 24, 2025
Security Profiles ¿ Web Filter ¿ Create, block categories.
32. What is zero-trust in Security Fabric?
Continuous verification; Use ZTNA for access control.
33. How to backup and restore config?
System ¿ Maintenance ¿ Backup/Restore.
34. Explain antivirus profiles.
Security Profiles ¿ AntiVirus ¿ Scan modes (full/quick), apply to policies.
35. What recent vulnerabilities in FortiGate (2025)?
E.g., RADIUS CVE-2024-3596; Mitigate with patches.
36. How to configure link monitoring?
Network ¿ SD-WAN ¿ Health checks for failover.
37. Explain FortiManager for central management.
Manages multiple FortiGates; Add devices, push policies.
38. Troubleshoot firewall policy mismatches.
Use policy lookup tool in GUI.
39. What is application control?
Identifies apps; Security Profiles ¿ Application Control.
40. How to handle firmware rollback?
Boot alternate partition via CLI.
41. Explain OSPF configuration.
Network ¿ OSPF ¿ Set areas, interfaces.
42. What is FortiGuard?
Threat intelligence service for updates.
43. Troubleshoot DHCP server issues.
Check config under Network ¿ DHCP Server; Logs for conflicts.
44. Explain ZTNA setup.
ZTNA ¿ Policies ¿ Create tags, rules for access.
45. How to integrate with SIEM?
Log Report ¿ Syslog ¿ Add server.
46. What is the purpose of a firewall?
Controls traffic, prevents unauthorized access.
47. Explain possible DoS attacks and mitigation.
SYN flood: TCP SYN proxy. UDP flood: Rate limiting.
48. How to configure VLANs on FortiGate?
Network ¿ Interfaces ¿ Create subinterface, set VLAN ID.
49. Troubleshoot NAT issues.
diagnose debug flow; Check SNAT/DNAT mappings.
50. What is FortiAP integration?
Managed wireless; WiFi Switch Controller ¿ FortiAP Profiles.
4 Scenario-Based and General Questions
• Users get incorrect IPs from DHCP in hybrid setup.
Check rogues with snooping (Meraki/FortiGate). Verify relays.
• Integrate Meraki with FortiGate.
IPsec tunnels; Meraki MX to FortiGate for UTM.
• Troubleshoot VPN dropout.
Logs, Phase 1/2, MTU mismatches.
6
�Comprehensive Network Engineer Interview Preparation July 24, 2025
• Design enterprise network with Meraki/FortiGate.
Meraki for branches (SD-WAN), FortiGate for core security.
• Handle security breach scenario.
Isolate, analyze logs, patch vulnerabilities.
5 Conclusion
This guide covers extensive QA for thorough preparation. Practice hands-on with labs
and review recent updates. Good luck!
