NGFW Policy Mode

Which tool is used to capture network traffic in FortiGate?

Which verbosity level is typically used to check the flow of traffic and dropped packets in the built-in sniffer tool?

Which level is usually used to convert the output of the built-in sniffer tool to Pcap format for analysis with WireShark?

What should you do if there were dropped packets during the sniffer capture?

Which command is used to enable the display of function names in the debug flow tool?

What does the debug flow tool show for each packet?

What information does the output of the debug flow tool provide for a TCP three-way handshake?

What does the message 'denied by forward policy check' indicate in the debug flow tool?

What does the message 'exceeded shaper limit, drop' indicate in the debug flow tool?

Which tool can be used to analyze the output of the built-in sniffer tool in Pcap format?

Which mode allows you to configure application signatures, categories, and groups directly on the firewall policy?

How many stages are there in NGFW policy mode session handling?

Which traffic types can the FortiGate kernel identify in the NGFW policy mode session handling?

What flag is set in the session table entry during Stage 2 of NGFW policy mode session handling?

Which inspection features are still configured as profiles in NGFW policy mode?

What information does the kernel use to search the NGFW policy table during Stage 1 of session handling?

What happens to the session table entry during Stage 2 of NGFW policy mode session handling?

What does the dirty flag indicate during NGFW policy mode session handling?

What does the FortiGate kernel do during Stage 3 of NGFW policy mode session handling?

What is the initial application ID assigned during Stage 1 of NGFW policy mode session handling?

Which debug flow error message indicates that a packet was dropped because of a traffic shaper that has exceeded one of its thresholds?

Which debug flow error message indicates that either no firewall policy allows the traffic, or that a disclaimer has not been accepted yet?

Which debug flow error message indicates that the IP-address has been quarantined by the DLP inspection?

Which debug flow error message indicates that the packet failed the reverse path forwarding check?

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (management traffic) but the service is not enabled, the service is using a different TCP port, the source IP-address is not included in the trusted host list, or the packet matches a local-in policy with action deny?

Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

Which debug flow error message indicates that the packet is destined to a device on the other side of FortiGate, but a virtual IP or IP pool is wrongly using that IP-address?

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?