NGFW Policy Mode
30 Questions
2 Views

NGFW Policy Mode

Created by
@VisionarySugilite

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which tool is used to capture network traffic in FortiGate?

  • Debug Flow
  • WireShark
  • Kernel
  • Sniffer (correct)
  • Which verbosity level is typically used to check the flow of traffic and dropped packets in the built-in sniffer tool?

  • Level 3
  • Level 2
  • Level 1
  • Level 4 (correct)
  • Which level is usually used to convert the output of the built-in sniffer tool to Pcap format for analysis with WireShark?

  • Level 2
  • Level 3 (correct)
  • Level 1
  • Level 6
  • What should you do if there were dropped packets during the sniffer capture?

    <p>Capture the traffic again using a stricter filter</p> Signup and view all the answers

    Which command is used to enable the display of function names in the debug flow tool?

    <p>diagnose debug flow show function-name enable</p> Signup and view all the answers

    What does the debug flow tool show for each packet?

    <p>Kernel decisions</p> Signup and view all the answers

    What information does the output of the debug flow tool provide for a TCP three-way handshake?

    <p>Session ID and NAT information</p> Signup and view all the answers

    What does the message 'denied by forward policy check' indicate in the debug flow tool?

    <p>No firewall policy allows the traffic</p> Signup and view all the answers

    What does the message 'exceeded shaper limit, drop' indicate in the debug flow tool?

    <p>Exceeded shaper limit, drop</p> Signup and view all the answers

    Which tool can be used to analyze the output of the built-in sniffer tool in Pcap format?

    <p>WireShark</p> Signup and view all the answers

    Which mode allows you to configure application signatures, categories, and groups directly on the firewall policy?

    <p>NGFW policy mode</p> Signup and view all the answers

    How many stages are there in NGFW policy mode session handling?

    <p>3</p> Signup and view all the answers

    Which traffic types can the FortiGate kernel identify in the NGFW policy mode session handling?

    <p>ICMP, DNS, and NTP traffic</p> Signup and view all the answers

    What flag is set in the session table entry during Stage 2 of NGFW policy mode session handling?

    <p>dirty flag</p> Signup and view all the answers

    Which inspection features are still configured as profiles in NGFW policy mode?

    <p>Antivirus and DLP</p> Signup and view all the answers

    What information does the kernel use to search the NGFW policy table during Stage 1 of session handling?

    <p>Layer 4 headers</p> Signup and view all the answers

    What happens to the session table entry during Stage 2 of NGFW policy mode session handling?

    <p>The session is allowed to flow</p> Signup and view all the answers

    What does the dirty flag indicate during NGFW policy mode session handling?

    <p>The session needs to be reevaluated</p> Signup and view all the answers

    What does the FortiGate kernel do during Stage 3 of NGFW policy mode session handling?

    <p>Searches the NGFW policy table</p> Signup and view all the answers

    What is the initial application ID assigned during Stage 1 of NGFW policy mode session handling?

    <p>0</p> Signup and view all the answers

    Which debug flow error message indicates that a packet was dropped because of a traffic shaper that has exceeded one of its thresholds?

    <p>exceeded shaper limit, drop</p> Signup and view all the answers

    Which debug flow error message indicates that either no firewall policy allows the traffic, or that a disclaimer has not been accepted yet?

    <p>Denied by forward policy check</p> Signup and view all the answers

    Which debug flow error message indicates that the IP-address has been quarantined by the DLP inspection?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet failed the reverse path forwarding check?

    <p>reverse path check fail, drop</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (management traffic) but the service is not enabled, the service is using a different TCP port, the source IP-address is not included in the trusted host list, or the packet matches a local-in policy with action deny?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a device on the other side of FortiGate, but a virtual IP or IP pool is wrongly using that IP-address?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

    <p>Denied by end point ip filter check</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser