Mastering FortiGate in NGFW Policy Mode
20 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which tool can be used to check how the traffic is flowing and that FortiGate is not dropping packets?

  • Built-in sniffer (correct)
  • WireShark
  • Debug flow
  • Telnet/SSH

What is the purpose of using Level 3 or Level 6 in the built-in sniffer?

  • To convert the output to Pcap format (correct)
  • To display the function names
  • To start and stop the trace
  • To analyze the traffic flow

How can you stop the built-in sniffer?

  • Enable display of function names
  • Send output to telnet/SSH
  • Press Ctrl+C (correct)
  • Specify the filter

What does it mean if there were dropped packets during the sniffer?

<p>Not all the traffic matching the filter was captured (B)</p> Signup and view all the answers

What does the built-in sniffer show when enabled?

<p>Information about traffic flow (C)</p> Signup and view all the answers

What is another name for the debug flow tool?

<p>Internal sniffer (A)</p> Signup and view all the answers

What does the debug flow tool show?

<p>Step-by-step details of kernel decisions (B)</p> Signup and view all the answers

What command is used to enable the display of function names in the debug flow tool?

<p>diagnose debug flow show function-name enable (B)</p> Signup and view all the answers

What command is used to start the trace in the debug flow tool?

<p>diagnose debug flow trace start (C)</p> Signup and view all the answers

What command is used to stop the trace in the debug flow tool?

<p>diagnose debug flow trace stop (D)</p> Signup and view all the answers

Which mode allows you to configure application signatures, categories, groups, and FortiGuard web filter categories directly on the firewall policy?

<p>NGFW policy mode (A)</p> Signup and view all the answers

In NGFW policy mode, what type of traffic can the FortiGate kernel identify in the kernel?

<p>ICMP, DNS, and NTP traffic (D)</p> Signup and view all the answers

What happens when a session first comes in and the kernel is not aware of any Layer 7 information?

<p>The kernel uses Layer 4 headers to search the NGFW policy table (A)</p> Signup and view all the answers

What happens when the IPS engine performs Layer 7 identification on a session?

<p>The session table entry is flagged with the dirty flag (C)</p> Signup and view all the answers

What does the dirty flag indicate in the session table?

<p>The session needs to be reevaluated (D)</p> Signup and view all the answers

Which component of the FortiGate handles Layer 7 identification?

<p>IPS engine (B)</p> Signup and view all the answers

What does the NGFW policy mode session handling involve?

<p>Three distinct stages (D)</p> Signup and view all the answers

In NGFW policy mode, how are other security inspection features, such as antivirus and DLP, configured?

<p>As profiles (D)</p> Signup and view all the answers

What does the may_dirty flag indicate when a session first comes in?

<p>The session is allowed to flow (A)</p> Signup and view all the answers

What does the FortiGate kernel use to search the NGFW policy table for a match?

<p>Layer 4 headers (D)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser