Podcast
Questions and Answers
Which log can be viewed on the CLI when the GUI is unresponsive in conserve mode?
Which log can be viewed on the CLI when the GUI is unresponsive in conserve mode?
- Proxy Inspection
- diagnose debug crashlog read (correct)
- antivirus fail-open
- config system global
What governs FortiGate behavior for proxy-based inspection while in conserve mode?
What governs FortiGate behavior for proxy-based inspection while in conserve mode?
- config system global
- antivirus fail-open (correct)
- diagnose debug crashlog read
- Proxy Inspection
What is the default setting for av-failopen-session?
What is the default setting for av-failopen-session?
- pass (correct)
- off
- one-shot
- enable
What happens to new sessions that require content inspection when av-failopen is set to 'off'?
What happens to new sessions that require content inspection when av-failopen is set to 'off'?
What is the purpose of the av-failopen-session setting?
What is the purpose of the av-failopen-session setting?
What must be manually changed to restart inspection after FortiGate exits conserve mode when av-failopen is set to 'one-shot'?
What must be manually changed to restart inspection after FortiGate exits conserve mode when av-failopen is set to 'one-shot'?
How many settings are there for controlling how FortiGate handles traffic that requires proxy-based content inspection during conserve mode?
How many settings are there for controlling how FortiGate handles traffic that requires proxy-based content inspection during conserve mode?
What action does FortiGate apply when av-failopen-session is enabled?
What action does FortiGate apply when av-failopen-session is enabled?
What is the purpose of the 'config system global' command?
What is the purpose of the 'config system global' command?
What is the purpose of the 'diagnose debug crashlog read' command?
What is the purpose of the 'diagnose debug crashlog read' command?
By default, FortiGate blocks new sessions for which type of inspections?
By default, FortiGate blocks new sessions for which type of inspections?
What governs FortiGate behavior for flow-based inspection while in conserve mode?
What governs FortiGate behavior for flow-based inspection while in conserve mode?
When does nTurbo not work on FortiGate with mixed UTM profiles using proxy-based inspection?
When does nTurbo not work on FortiGate with mixed UTM profiles using proxy-based inspection?
What happens when IPS fail-open is enabled on FortiGate?
What happens when IPS fail-open is enabled on FortiGate?
How can you identify if a FortiGate device is currently in conserve mode?
How can you identify if a FortiGate device is currently in conserve mode?
When does the kernel delete the oldest sessions on FortiGate?
When does the kernel delete the oldest sessions on FortiGate?
What types of sessions are categorized as ephemeral on FortiGate?
What types of sessions are categorized as ephemeral on FortiGate?
What does FortiOS set a limit on to protect memory use?
What does FortiOS set a limit on to protect memory use?
What should you do to optimize memory use on FortiGate?
What should you do to optimize memory use on FortiGate?
Which type of inspections does the default FortiGate configuration apply to?
Which type of inspections does the default FortiGate configuration apply to?
Flashcards are hidden until you start studying
Study Notes
Conserve Mode and FortiGate Behavior
- When the GUI is unresponsive in conserve mode, the crash log can be viewed on the CLI.
- The av-failopen-session setting governs FortiGate behavior for proxy-based inspection while in conserve mode.
AV-Failopen Session Settings
- The default setting for av-failopen-session is 'off'.
- When av-failopen is set to 'off', new sessions that require content inspection are blocked.
- The purpose of the av-failopen-session setting is to control how FortiGate handles traffic that requires proxy-based content inspection during conserve mode.
- There are three settings for controlling how FortiGate handles traffic that requires proxy-based content inspection during conserve mode.
Conserve Mode and Inspection
- When av-failopen-session is enabled, FortiGate applies a fail-open policy, allowing traffic to pass through without inspection.
- When FortiGate exits conserve mode, the av-failopen setting must be manually changed to 'one-shot' to restart inspection.
FortiGate Commands
- The config system global command is used to configure global settings.
- The diagnose debug crashlog read command is used to read the crash log.
Default FortiGate Behavior
- By default, FortiGate blocks new sessions that require proxy-based inspection.
- The av-failopen setting governs FortiGate behavior for proxy-based inspection while in conserve mode.
nTurbo and UTM Profiles
- nTurbo does not work on FortiGate with mixed UTM profiles using proxy-based inspection.
IPS and Conserve Mode
- When IPS fail-open is enabled on FortiGate, the device allows traffic to pass through without inspection.
Conserve Mode Identification
- You can identify if a FortiGate device is currently in conserve mode by checking the crash log.
Session Management
- The kernel deletes the oldest sessions on FortiGate when the device is low on memory.
- Ephemeral sessions are categorized as sessions that are less than 10 minutes old.
- FortiOS sets a limit on the number of sessions to protect memory use.
Optimizing Memory Use
- To optimize memory use on FortiGate, you should limit the number of sessions.
Default FortiGate Configuration
- The default FortiGate configuration applies to flow-based inspections.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
