Mastering FortiGate in NGFW Policy Mode
20 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which tool can be used to check how the traffic is flowing and that FortiGate is not dropping packets?

  • Built-in sniffer (correct)
  • WireShark
  • Debug flow
  • Telnet/SSH
  • What is the purpose of using Level 3 or Level 6 in the built-in sniffer?

  • To convert the output to Pcap format (correct)
  • To display the function names
  • To start and stop the trace
  • To analyze the traffic flow
  • How can you stop the built-in sniffer?

  • Enable display of function names
  • Send output to telnet/SSH
  • Press Ctrl+C (correct)
  • Specify the filter
  • What does it mean if there were dropped packets during the sniffer?

    <p>Not all the traffic matching the filter was captured</p> Signup and view all the answers

    What does the built-in sniffer show when enabled?

    <p>Information about traffic flow</p> Signup and view all the answers

    What is another name for the debug flow tool?

    <p>Internal sniffer</p> Signup and view all the answers

    What does the debug flow tool show?

    <p>Step-by-step details of kernel decisions</p> Signup and view all the answers

    What command is used to enable the display of function names in the debug flow tool?

    <p>diagnose debug flow show function-name enable</p> Signup and view all the answers

    What command is used to start the trace in the debug flow tool?

    <p>diagnose debug flow trace start</p> Signup and view all the answers

    What command is used to stop the trace in the debug flow tool?

    <p>diagnose debug flow trace stop</p> Signup and view all the answers

    Which mode allows you to configure application signatures, categories, groups, and FortiGuard web filter categories directly on the firewall policy?

    <p>NGFW policy mode</p> Signup and view all the answers

    In NGFW policy mode, what type of traffic can the FortiGate kernel identify in the kernel?

    <p>ICMP, DNS, and NTP traffic</p> Signup and view all the answers

    What happens when a session first comes in and the kernel is not aware of any Layer 7 information?

    <p>The kernel uses Layer 4 headers to search the NGFW policy table</p> Signup and view all the answers

    What happens when the IPS engine performs Layer 7 identification on a session?

    <p>The session table entry is flagged with the dirty flag</p> Signup and view all the answers

    What does the dirty flag indicate in the session table?

    <p>The session needs to be reevaluated</p> Signup and view all the answers

    Which component of the FortiGate handles Layer 7 identification?

    <p>IPS engine</p> Signup and view all the answers

    What does the NGFW policy mode session handling involve?

    <p>Three distinct stages</p> Signup and view all the answers

    In NGFW policy mode, how are other security inspection features, such as antivirus and DLP, configured?

    <p>As profiles</p> Signup and view all the answers

    What does the may_dirty flag indicate when a session first comes in?

    <p>The session is allowed to flow</p> Signup and view all the answers

    What does the FortiGate kernel use to search the NGFW policy table for a match?

    <p>Layer 4 headers</p> Signup and view all the answers

    More Like This

    FortiGate Conserve Mode Quiz
    30 questions
    FortiGate Automation Testing
    30 questions
    Use Quizgecko on...
    Browser
    Browser