FortiGate Configuration and Traffic Handling Quiz
16 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What must be done during the firmware upgrade process on an active-active HA cluster?

  • Enable traffic load balancing during the upgrade
  • Automatically reboot all FortiGate devices simultaneously
  • Manually upload the firmware image to each FortiGate (correct)
  • Disable the HA cluster temporarily

    • In the context of firewall policy authentication timeout, what does the FortiGate consider as 'idle'?

  • If it does not detect any encrypted packets
  • If it does not see any packets coming from the user’s source IP (correct)
  • If it does not see any packets coming from the user’s source MAC
  • If it does not detect any ICMP packets

    • When searching for a suitable gateway, how does FortiGate route lookup behavior function?

  • Lookup is selectively done based on packet size
  • Lookup is done on the last packet sent from the responder
  • Lookup is done on the first packet from the session originator
  • Lookup is done on every packet, regardless of direction (correct)

    • What happens if a FortiGate device does not undergo manual firmware image upload during a cluster upgrade?

    <p>It is excluded from the firmware upgrade process</p> Signup and view all the answers

    Which action should be taken to ensure uninterrupted upgrade during a firmware update on an active-active HA cluster?

    <p>Enable uninterruptible upgrade by default</p> Signup and view all the answers

    Under what circumstances would FortiGate remove the temporary policy for a user's source MAC address?

    <p>After a hard timeout specified in the firewall policy authentication settings</p> Signup and view all the answers

    What is the primary candidate for FortiGate according to the given information?

    <p>Port1 route</p> Signup and view all the answers

    According to the explanation provided, what happens when multiple static routes have the same distance?

    <p>All routes are active</p> Signup and view all the answers

    Why is FortiGate not generating any IPS logs for the HTTPS traffic after applying the IPS sensor?

    <p>The firewall policy is not using a full SSL inspection profile</p> Signup and view all the answers

    What was the attempted configuration on the WINDOWS_SERVERS IPS sensor mentioned in the text?

    <p>Implementing a DoS policy</p> Signup and view all the answers

    Based on the provided text, how is the FortiGate handling traffic for new sessions that require inspection?

    <p>It is dropped</p> Signup and view all the answers

    In FortiGate SSL VPN settings for an SSL VPN portal, what is the default setup regarding WINS servers for name resolution?

    <p>By default, FortiGate uses WINS servers to resolve names</p> Signup and view all the answers

    In the context of FortiGate static routes to the same destination, what behavior can be expected?

    <p>FortiGate will load balance all traffic across both routes</p> Signup and view all the answers

    What is the correct behavior of FortiGate when multiple static routes to the same destination have different costs specified?

    <p>FortiGate will choose the route with the lowest cost regardless of other factors</p> Signup and view all the answers

    What will FortiGate do if a packet arrives for a destination with multiple static routes having equal costs?

    <p>FortiGate will perform Equal-Cost Multi-Path (ECMP) load balancing</p> Signup and view all the answers

    In FortiGate routing, what happens if a packet's destination does not match any static routes or dynamic routing entries?

    <p>FortiGate forwards the packet to the default gateway</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser