FortiGate Conserve Mode Quiz

Play an AI-generated podcast conversation about this lesson

What is the first step in optimizing memory use on FortiGate devices?

Disable unnecessary features (correct)

Reduce the DNS cache

Reduce the session TTL

Reduce the FortiGuard cache TTL

What is the default maximum file size to inspect on FortiGate devices?

3 MB

5 MB

2 MB

10 MB (correct)

What is the recommended maximum file size to inspect on FortiGate devices?

5 MB

10 MB

2 MB (correct)

3 MB

What is the default session TTL for TCP traffic on FortiGate devices?

3600 seconds Signup and view all the answers

What is the default session TTL for UDP traffic on FortiGate devices?

180 seconds Signup and view all the answers

What is the recommended session TTL for all traffic on FortiGate devices?

300 seconds Signup and view all the answers

What is the purpose of reducing the FortiGuard cache TTL on FortiGate devices?

To increase the amount of available memory Signup and view all the answers

What is the purpose of reducing the DNS cache TTL on FortiGate devices?

To reduce memory allocation to the DNS cache Signup and view all the answers

What is the purpose of reducing the session TTL on FortiGate devices?

To increase the amount of available memory Signup and view all the answers

What is the recommended session TTL for each firewall policy on FortiGate devices?

300 seconds Signup and view all the answers

What does the tcp-halfopen-timer control?

How long a session without SYN-Ack remains in the table after a SYN packet Signup and view all the answers

What is the default value for tcp-halfclose-timer?

120 Signup and view all the answers

What is the purpose of reducing TCP session timers?

To optimize memory use Signup and view all the answers

How can you set the session-ttl option?

Using the CLI Signup and view all the answers

What is the purpose of tcp-timewait-timer?

Controls how long a session remains in the table after a FIN-Ack packet Signup and view all the answers

Can you reduce TCP session timers without causing problems to applications?

Yes Signup and view all the answers

What is the recommended value for tcp-halfopen-timer?

8 Signup and view all the answers

What is the purpose of tcp-halfclose-timer?

Controls how long a session remains in the table after a FIN packet without FIN-Ack Signup and view all the answers

What is the default value for tcp-timewait-timer?

1 Signup and view all the answers

What is the purpose of a closed session remaining in the session table for a few seconds more?

To allow any out-of-sequence packet Signup and view all the answers

Which command can be used to identify if a FortiGate device is currently in conserve mode?

diagnose hardware sysinfo conserve Signup and view all the answers

What happens when the kernel cannot allocate more memory pages?

The oldest sessions are deleted Signup and view all the answers

What is the purpose of the command 'diagnose sys session stat'?

To display the number of sessions deleted by the kernel Signup and view all the answers

What is an ephemeral session?

A session that is not fully established Signup and view all the answers

What is the purpose of FortiOS setting a limit on the total number of ephemeral sessions?

To prevent DOS attacks Signup and view all the answers

What are some common types of DOS attacks that involve ephemeral sessions?

UDP sessions with only one packet Signup and view all the answers

What is the maximum number of ephemeral sessions that can exist at the same time in the session table?

It depends on the device model Signup and view all the answers

What happens when the number of ephemeral sessions increases abnormally during a DOS attack?