FortiGate Policy Objects and Security Fabric Quiz
20 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which option enables objects or groups to become global CMDB objects distributed to downstream Security Fabric members?

  • set UTM events
  • set fabric-object enable configuration option (correct)
  • set firewall policies
  • set NAT details

    • Which device in the Security Fabric logs each session once?

  • The leaf FortiGate devices
  • Any upstream FortiGate that is a member of the Security Fabric
  • The root FortiGate
  • The first FortiGate that handles a session (correct)

    • When does an upstream FortiGate device generate another log for a session coming from another member's MAC address?

  • If the upstream FortiGate is a leaf device
  • If the upstream FortiGate performs NAT (correct)
  • If the upstream FortiGate is a member of the Security Fabric
  • If the upstream FortiGate is the root device

    • Which device completes UTM logging for sessions in the Security Fabric?

    <p>Upstream FortiGate devices</p> Signup and view all the answers

    What does FortiAnalyzer do to ensure accurate reporting and automation in the Security Fabric?

    <p>Performs UTM and traffic log correlation</p> Signup and view all the answers

    What is the behavior of a FortiGate device in the Security Fabric when it receives a packet from another FortiGate in the Security Fabric?

    <p>It does not generate a new traffic log for that session</p> Signup and view all the answers

    What is the exception to the behavior of a FortiGate device in the Security Fabric when it receives a packet from another FortiGate in the Security Fabric?

    <p>If upstream FortiGate performs NAT, then another log is generated</p> Signup and view all the answers

    What happens to logging from leaf FortiGate devices to FortiAnalyzer if the root FortiGate is down?

    <p>Logging continues to function</p> Signup and view all the answers

    What is the purpose of setting firewall policies in the Security Fabric?

    <p>To enable traffic logs</p> Signup and view all the answers

    What is the purpose of FortiAnalyzer in the Security Fabric?

    <p>To perform UTM and traffic log correlation</p> Signup and view all the answers

    Which type of policy objects and groups are pushed by the root FortiGate in a Security Fabric?

    <p>Address objects and address groups, service objects and service groups, schedule objects and schedule groups</p> Signup and view all the answers

    What command is used to disable configuration synchronization on downstream FortiGate devices?

    <p>config system csf set fabric-object-unification local end</p> Signup and view all the answers

    What is the default behavior of the root FortiGate in a Security Fabric with regards to pushing CMDB objects?

    <p>The root FortiGate pushes global CMDB firewall address objects, address groups, service objects, service groups, schedule objects and schedule groups to all downstream FortiGate Security Fabric members.</p> Signup and view all the answers

    What is the purpose of disabling configuration synchronization on downstream FortiGate devices in a Security Fabric?

    <p>To reduce the number of objects and groups that need to be created on the root FortiGate</p> Signup and view all the answers

    What is the effect of setting fabric-object-unification to local on a downstream FortiGate device?

    <p>The downstream FortiGate device will not import objects sent by the root FortiGate</p> Signup and view all the answers

    What is the effect of setting fabric-object-unification to default on a downstream FortiGate device?

    <p>The downstream FortiGate device will import all objects sent by the root FortiGate</p> Signup and view all the answers

    What is the purpose of locally scoping individual objects and groups on the root FortiGate?

    <p>To prevent these objects and groups from being synchronized to downstream FortiGate devices</p> Signup and view all the answers

    In the example topology shown on the slide, which FortiGate device has fabric-object-unification set to local?

    <p>FGTB-1</p> Signup and view all the answers

    In the example topology shown on the slide, which FortiGate device will not import objects sent by the root FortiGate?

    <p>FGTB-1</p> Signup and view all the answers

    In the example topology shown on the slide, which FortiGate device will receive and synchronize the objects sent from the root FortiGate?

    <p>FGTC-1</p> Signup and view all the answers

    Study Notes

    Security Fabric Configuration

    • Enabling global CMDB objects is done through the root FortiGate, which distributes them to downstream Security Fabric members.

    Log Collection and Analysis

    • The root FortiGate logs each session once.
    • An upstream FortiGate device generates another log for a session coming from another member's MAC address when the session is forwarded from another FortiGate.
    • The root FortiGate completes UTM logging for sessions in the Security Fabric.
    • FortiAnalyzer ensures accurate reporting and automation in the Security Fabric by collecting and analyzing logs from all FortiGate devices.

    Packet Processing and Forwarding

    • When a FortiGate device in the Security Fabric receives a packet from another FortiGate, it forwards the packet to its destination without logging.
    • The exception is when the packet is part of a session that is already known to the FortiGate.

    Logging and FortiAnalyzer

    • If the root FortiGate is down, logging from leaf FortiGate devices to FortiAnalyzer is not affected.

    Policy and Object Management

    • The purpose of setting firewall policies in the Security Fabric is to define security rules and enforcement.
    • The purpose of FortiAnalyzer in the Security Fabric is to collect and analyze logs, and provide reporting and automation.
    • The root FortiGate pushes global policy objects and groups to downstream FortiGate devices.
    • The command config system central-management is used to disable configuration synchronization on downstream FortiGate devices.
    • The default behavior of the root FortiGate in a Security Fabric is to push CMDB objects to all downstream FortiGate devices.
    • Disabling configuration synchronization on downstream FortiGate devices is used to prevent unwanted changes to their configuration.

    Fabric Object Unification

    • Setting fabric-object-unification to local on a downstream FortiGate device allows the device to use local objects and ignores global objects from the root.
    • Setting fabric-object-unification to default on a downstream FortiGate device allows the device to use global objects from the root.
    • Locally scoping individual objects and groups on the root FortiGate is used to control which objects are pushed to downstream FortiGate devices.

    Example Topology

    • In the example topology, the FortiGate-3 has fabric-object-unification set to local.
    • In the example topology, the FortiGate-2 will not import objects sent by the root FortiGate.
    • In the example topology, the FortiGate-1 will receive and synchronize the objects sent from the root FortiGate.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on FortiGate policy objects and groups, configuration synchronization, and Security Fabric in this quiz.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser