NGFW Policy Mode
30 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which tool is used to capture network traffic in FortiGate?

  • Debug Flow
  • WireShark
  • Kernel
  • Sniffer (correct)

Which verbosity level is typically used to check the flow of traffic and dropped packets in the built-in sniffer tool?

  • Level 3
  • Level 2
  • Level 1
  • Level 4 (correct)

Which level is usually used to convert the output of the built-in sniffer tool to Pcap format for analysis with WireShark?

  • Level 2
  • Level 3 (correct)
  • Level 1
  • Level 6

What should you do if there were dropped packets during the sniffer capture?

<p>Capture the traffic again using a stricter filter (B)</p> Signup and view all the answers

Which command is used to enable the display of function names in the debug flow tool?

<p>diagnose debug flow show function-name enable (D)</p> Signup and view all the answers

What does the debug flow tool show for each packet?

<p>Kernel decisions (A)</p> Signup and view all the answers

What information does the output of the debug flow tool provide for a TCP three-way handshake?

<p>Session ID and NAT information (D)</p> Signup and view all the answers

What does the message 'denied by forward policy check' indicate in the debug flow tool?

<p>No firewall policy allows the traffic (C)</p> Signup and view all the answers

What does the message 'exceeded shaper limit, drop' indicate in the debug flow tool?

<p>Exceeded shaper limit, drop (C)</p> Signup and view all the answers

Which tool can be used to analyze the output of the built-in sniffer tool in Pcap format?

<p>WireShark (A)</p> Signup and view all the answers

Which mode allows you to configure application signatures, categories, and groups directly on the firewall policy?

<p>NGFW policy mode (B)</p> Signup and view all the answers

How many stages are there in NGFW policy mode session handling?

<p>3 (D)</p> Signup and view all the answers

Which traffic types can the FortiGate kernel identify in the NGFW policy mode session handling?

<p>ICMP, DNS, and NTP traffic (C)</p> Signup and view all the answers

What flag is set in the session table entry during Stage 2 of NGFW policy mode session handling?

<p>dirty flag (A)</p> Signup and view all the answers

Which inspection features are still configured as profiles in NGFW policy mode?

<p>Antivirus and DLP (D)</p> Signup and view all the answers

What information does the kernel use to search the NGFW policy table during Stage 1 of session handling?

<p>Layer 4 headers (C)</p> Signup and view all the answers

What happens to the session table entry during Stage 2 of NGFW policy mode session handling?

<p>The session is allowed to flow (A)</p> Signup and view all the answers

What does the dirty flag indicate during NGFW policy mode session handling?

<p>The session needs to be reevaluated (B)</p> Signup and view all the answers

What does the FortiGate kernel do during Stage 3 of NGFW policy mode session handling?

<p>Searches the NGFW policy table (D)</p> Signup and view all the answers

What is the initial application ID assigned during Stage 1 of NGFW policy mode session handling?

<p>0 (D)</p> Signup and view all the answers

Which debug flow error message indicates that a packet was dropped because of a traffic shaper that has exceeded one of its thresholds?

<p>exceeded shaper limit, drop (C)</p> Signup and view all the answers

Which debug flow error message indicates that either no firewall policy allows the traffic, or that a disclaimer has not been accepted yet?

<p>Denied by forward policy check (A)</p> Signup and view all the answers

Which debug flow error message indicates that the IP-address has been quarantined by the DLP inspection?

<p>Denied by end point ip filter check (C)</p> Signup and view all the answers

Which debug flow error message indicates that the packet failed the reverse path forwarding check?

<p>reverse path check fail, drop (C)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (management traffic) but the service is not enabled, the service is using a different TCP port, the source IP-address is not included in the trusted host list, or the packet matches a local-in policy with action deny?

<p>Denied by end point ip filter check (C)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

<p>Denied by end point ip filter check (C)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is destined to a device on the other side of FortiGate, but a virtual IP or IP pool is wrongly using that IP-address?

<p>Denied by end point ip filter check (A)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

<p>Denied by end point ip filter check (D)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

<p>Denied by end point ip filter check (C)</p> Signup and view all the answers

Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

<p>Denied by end point ip filter check (C)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser