FortiGate Policy Objects and Security Fabric Quiz

Questions and Answers

Which option enables objects or groups to become global CMDB objects distributed to downstream Security Fabric members?

• set UTM events
• set fabric-object enable configuration option (correct)
• set firewall policies
• set NAT details

Which device in the Security Fabric logs each session once?

• The leaf FortiGate devices
• Any upstream FortiGate that is a member of the Security Fabric
• The root FortiGate
• The first FortiGate that handles a session (correct)

When does an upstream FortiGate device generate another log for a session coming from another member's MAC address?

• If the upstream FortiGate is a leaf device
• If the upstream FortiGate performs NAT (correct)
• If the upstream FortiGate is a member of the Security Fabric
• If the upstream FortiGate is the root device

Which device completes UTM logging for sessions in the Security Fabric?

Upstream FortiGate devices (D)

What does FortiAnalyzer do to ensure accurate reporting and automation in the Security Fabric?

Performs UTM and traffic log correlation (B)

What is the behavior of a FortiGate device in the Security Fabric when it receives a packet from another FortiGate in the Security Fabric?

It does not generate a new traffic log for that session (A)

What is the exception to the behavior of a FortiGate device in the Security Fabric when it receives a packet from another FortiGate in the Security Fabric?

If upstream FortiGate performs NAT, then another log is generated (B)

What happens to logging from leaf FortiGate devices to FortiAnalyzer if the root FortiGate is down?

Logging continues to function (D)

What is the purpose of setting firewall policies in the Security Fabric?

To enable traffic logs (A)

What is the purpose of FortiAnalyzer in the Security Fabric?

To perform UTM and traffic log correlation (A)

Which type of policy objects and groups are pushed by the root FortiGate in a Security Fabric?

Address objects and address groups, service objects and service groups, schedule objects and schedule groups (D)

What command is used to disable configuration synchronization on downstream FortiGate devices?

config system csf set fabric-object-unification local end (A)

What is the default behavior of the root FortiGate in a Security Fabric with regards to pushing CMDB objects?

The root FortiGate pushes global CMDB firewall address objects, address groups, service objects, service groups, schedule objects and schedule groups to all downstream FortiGate Security Fabric members. (C)

What is the purpose of disabling configuration synchronization on downstream FortiGate devices in a Security Fabric?

To reduce the number of objects and groups that need to be created on the root FortiGate (C)

What is the effect of setting fabric-object-unification to local on a downstream FortiGate device?

The downstream FortiGate device will not import objects sent by the root FortiGate (A)

What is the effect of setting fabric-object-unification to default on a downstream FortiGate device?

The downstream FortiGate device will import all objects sent by the root FortiGate (A)

What is the purpose of locally scoping individual objects and groups on the root FortiGate?

To prevent these objects and groups from being synchronized to downstream FortiGate devices (D)

In the example topology shown on the slide, which FortiGate device has fabric-object-unification set to local?

FGTB-1 (D)

In the example topology shown on the slide, which FortiGate device will not import objects sent by the root FortiGate?

FGTB-1 (D)

In the example topology shown on the slide, which FortiGate device will receive and synchronize the objects sent from the root FortiGate?

FGTC-1 (B)

Flashcards

Global CMDB objects

Configuration management database objects centrally managed by the root FortiGate and distributed to other devices in the Security Fabric.

Root FortiGate

The central FortiGate device in a Security Fabric that manages and distributes configurations to other devices.

Session forwarding

A FortiGate device in the Security Fabric sends a packet to its destination without logging.

FortiAnalyzer

Logs collected and analyzed from all FortiGate devices in the Security Fabric.

Firewall policies

Security rules defining how the Security Fabric handles network traffic.

Policy objects/groups

Centralized policies and groups distributed to the Security Fabric devices by the root FortiGate.

Fabric object unification

Controls whether FortiGate devices use global or local objects in the Security Fabric.

Local object use

Devices use their own objects; ignore global objects.

Global object use

Devices use objects from the root FortiGate.

Config synchronization

The process where the root FortiGate pushes configuration to other devices.

Log collection

FortiGate devices collect and forward logs to the centralized FortiAnalyzer.

UTM logging

The root FortiGate performs the complete UTM logging for sessions in the Security Fabric

FortiGate device

A security appliance part of the Security Fabric

Root FortiGate Down

A condition where the root FortiGate is offline.

Leaf Fortigate

A Fortigate device in the Security Fabric that receives and obeys commands from the root Fortigate.

Fabric

A network or system of interconnecting FortiGate devices.

Packet forwarding

The process of routing packets to their destinations within the Security Fabric

Logging Exceptions

Special cases in which FortiGate devices log packets.

Study Notes

Security Fabric Configuration

• Enabling global CMDB objects is done through the root FortiGate, which distributes them to downstream Security Fabric members.

Log Collection and Analysis

• The root FortiGate logs each session once.
• An upstream FortiGate device generates another log for a session coming from another member's MAC address when the session is forwarded from another FortiGate.
• The root FortiGate completes UTM logging for sessions in the Security Fabric.
• FortiAnalyzer ensures accurate reporting and automation in the Security Fabric by collecting and analyzing logs from all FortiGate devices.

Packet Processing and Forwarding

• When a FortiGate device in the Security Fabric receives a packet from another FortiGate, it forwards the packet to its destination without logging.
• The exception is when the packet is part of a session that is already known to the FortiGate.

Logging and FortiAnalyzer

• If the root FortiGate is down, logging from leaf FortiGate devices to FortiAnalyzer is not affected.

Policy and Object Management

• The purpose of setting firewall policies in the Security Fabric is to define security rules and enforcement.
• The purpose of FortiAnalyzer in the Security Fabric is to collect and analyze logs, and provide reporting and automation.
• The root FortiGate pushes global policy objects and groups to downstream FortiGate devices.
• The command config system central-management is used to disable configuration synchronization on downstream FortiGate devices.
• The default behavior of the root FortiGate in a Security Fabric is to push CMDB objects to all downstream FortiGate devices.
• Disabling configuration synchronization on downstream FortiGate devices is used to prevent unwanted changes to their configuration.

Fabric Object Unification

• Setting fabric-object-unification to local on a downstream FortiGate device allows the device to use local objects and ignores global objects from the root.
• Setting fabric-object-unification to default on a downstream FortiGate device allows the device to use global objects from the root.
• Locally scoping individual objects and groups on the root FortiGate is used to control which objects are pushed to downstream FortiGate devices.

Example Topology

• In the example topology, the FortiGate-3 has fabric-object-unification set to local.
• In the example topology, the FortiGate-2 will not import objects sent by the root FortiGate.
• In the example topology, the FortiGate-1 will receive and synchronize the objects sent from the root FortiGate.

Description

Test your knowledge on FortiGate policy objects and groups, configuration synchronization, and Security Fabric in this quiz.