30 Questions
Which tool is used to capture network traffic in FortiGate?
Sniffer
Which verbosity level is typically used to check the flow of traffic and dropped packets in the built-in sniffer tool?
Level 4
Which level is usually used to convert the output of the built-in sniffer tool to Pcap format for analysis with WireShark?
Level 3
What should you do if there were dropped packets during the sniffer capture?
Capture the traffic again using a stricter filter
Which command is used to enable the display of function names in the debug flow tool?
diagnose debug flow show function-name enable
What does the debug flow tool show for each packet?
Kernel decisions
What information does the output of the debug flow tool provide for a TCP three-way handshake?
Session ID and NAT information
What does the message 'denied by forward policy check' indicate in the debug flow tool?
No firewall policy allows the traffic
What does the message 'exceeded shaper limit, drop' indicate in the debug flow tool?
Exceeded shaper limit, drop
Which tool can be used to analyze the output of the built-in sniffer tool in Pcap format?
WireShark
Which mode allows you to configure application signatures, categories, and groups directly on the firewall policy?
NGFW policy mode
How many stages are there in NGFW policy mode session handling?
3
Which traffic types can the FortiGate kernel identify in the NGFW policy mode session handling?
ICMP, DNS, and NTP traffic
What flag is set in the session table entry during Stage 2 of NGFW policy mode session handling?
dirty flag
Which inspection features are still configured as profiles in NGFW policy mode?
Antivirus and DLP
What information does the kernel use to search the NGFW policy table during Stage 1 of session handling?
Layer 4 headers
What happens to the session table entry during Stage 2 of NGFW policy mode session handling?
The session is allowed to flow
What does the dirty flag indicate during NGFW policy mode session handling?
The session needs to be reevaluated
What does the FortiGate kernel do during Stage 3 of NGFW policy mode session handling?
Searches the NGFW policy table
What is the initial application ID assigned during Stage 1 of NGFW policy mode session handling?
0
Which debug flow error message indicates that a packet was dropped because of a traffic shaper that has exceeded one of its thresholds?
exceeded shaper limit, drop
Which debug flow error message indicates that either no firewall policy allows the traffic, or that a disclaimer has not been accepted yet?
Denied by forward policy check
Which debug flow error message indicates that the IP-address has been quarantined by the DLP inspection?
Denied by end point ip filter check
Which debug flow error message indicates that the packet failed the reverse path forwarding check?
reverse path check fail, drop
Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (management traffic) but the service is not enabled, the service is using a different TCP port, the source IP-address is not included in the trusted host list, or the packet matches a local-in policy with action deny?
Denied by end point ip filter check
Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?
Denied by end point ip filter check
Which debug flow error message indicates that the packet is destined to a device on the other side of FortiGate, but a virtual IP or IP pool is wrongly using that IP-address?
Denied by end point ip filter check
Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?
Denied by end point ip filter check
Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?
Denied by end point ip filter check
Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?
Denied by end point ip filter check
Test your knowledge on NGFW Policy Mode and learn how to configure and utilize this flow-based inspection mode on FortiGate firewalls. Understand the benefits of configuring application signatures, categories, groups, and FortiGuard web filter categories directly on the firewall policy. Explore how other security inspection features like antivirus and DLP can be configured as profiles.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free