Recent

  • Show all results for ""
quiz image
By @evangelineshaw

Cross-FortiGate TCP Sessions and SD-WAN Quiz

VisionarySugilite avatar
VisionarySugilite
·
·
Download

Start Quiz

Study Flashcards

Study Flashcards Play Quiz

Questions and Answers

Which type of topologies are cross-FortiGate TCP sessions often seen in?

AD-VPN topologies

What happens to cross-FortiGate TCP sessions if the session is unknown to the new FortiGate?

The session is dropped

What feature needs to be enabled to allow non-TCP SYN packets in cross-FortiGate TCP sessions?

tcp-session-without-syn

What happens to a TCP session on the remote end if the new selected member connects to a different FortiGate device?

<p>The session is dropped</p> Signup and view all the answers

What are sessions that are routed across two different FortiGate devices called?

<p>Cross-FortiGate sessions</p> Signup and view all the answers

In the topology shown on the slide, where is the PC connected?

<p>Behind Spoke</p> Signup and view all the answers

What happens if the best member for steering traffic from the PC to the server changes while the TCP connection is still active?

<p>The packets are forwarded to the new best member</p> Signup and view all the answers

What happens to the packets if the new best member drops them because they are not the initial TCP SYN packet or do not match any existing sessions?

<p>The packets are dropped</p> Signup and view all the answers

How can the issue of dropped packets be solved in cross-FortiGate TCP sessions?

<p>By enabling the tcp-session-without-syn setting</p> Signup and view all the answers

What will you learn more about in another lesson?

<p>AD-VPN topologies</p> Signup and view all the answers

Which setting must be enabled per V-Dom before enabling tcp-session-without-syn and disabling anti-replay?

<p>tcp-session-without-syn</p> Signup and view all the answers

What happens when a TCP session is forwarded back to the original FortiGate and the packets have invalid sequence numbers?

<p>Packets are dropped</p> Signup and view all the answers

What is the default expiration timer for established TCP sessions?

<p>3600 seconds</p> Signup and view all the answers

What happens if port1 becomes the best member again and the TCP packets are forwarded back to Hub1?

<p>Packets are dropped</p> Signup and view all the answers

What is the purpose of disabling the anti-replay setting?

<p>To skip TCP sequence number check</p> Signup and view all the answers

How can tcp-session-without-syn and anti-replay be enabled on a firewall policy level?

<p>config firewall policy</p> Signup and view all the answers

Why should tcp-session-without-syn and anti-replay be enabled on both Hub1 and Hub2 in the dual-hub topology example?

<p>Active TCP sessions could be routed back and forth between the hubs</p> Signup and view all the answers

What does disabling stateful firewall inspection for TCP traffic on Hub1 and Hub2 represent?

<p>Doesn't represent a security concern</p> Signup and view all the answers

What are the default values for tcp-session-without-syn and anti-replay settings?

<p>Disable and enable, respectively</p> Signup and view all the answers

What must be done before configuring tcp-session-without-syn and anti-replay on the firewall policy level?

<p>Enable tcp-session-without-syn per V-Dom</p> Signup and view all the answers

More Quizzes Like This

FortiGate Policy Objects and Security Fabric Quiz
20 questions

FortiGate Policy Objects and Fabric Object Unification Quiz

VisionarySugilite avatar
VisionarySugilite
FortiGate Conserve Mode Quiz
30 questions

FortiGate Conserve Mode Quiz

VisionarySugilite avatar
VisionarySugilite
FortiGate Session Table Quiz
20 questions

FortiGate Session Table Quiz

VisionarySugilite avatar
VisionarySugilite
Mastering FortiGate in NGFW Policy Mode
20 questions

Mastering FortiGate in NGFW Policy Mode

VisionarySugilite avatar
VisionarySugilite
Use Quizgecko on...
Browser
Open
Browser
Browser