NGFW Policy Mode
30 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which tool is used to capture network traffic in FortiGate?

  • Debug Flow
  • WireShark
  • Kernel
  • Sniffer (correct)
  • Which verbosity level is typically used to check the flow of traffic and dropped packets in the built-in sniffer tool?

  • Level 3
  • Level 2
  • Level 1
  • Level 4 (correct)
  • Which level is usually used to convert the output of the built-in sniffer tool to Pcap format for analysis with WireShark?

  • Level 2
  • Level 3 (correct)
  • Level 1
  • Level 6
  • What should you do if there were dropped packets during the sniffer capture?

    <p>Capture the traffic again using a stricter filter (B)</p> Signup and view all the answers

    Which command is used to enable the display of function names in the debug flow tool?

    <p>diagnose debug flow show function-name enable (D)</p> Signup and view all the answers

    What does the debug flow tool show for each packet?

    <p>Kernel decisions (A)</p> Signup and view all the answers

    What information does the output of the debug flow tool provide for a TCP three-way handshake?

    <p>Session ID and NAT information (D)</p> Signup and view all the answers

    What does the message 'denied by forward policy check' indicate in the debug flow tool?

    <p>No firewall policy allows the traffic (C)</p> Signup and view all the answers

    What does the message 'exceeded shaper limit, drop' indicate in the debug flow tool?

    <p>Exceeded shaper limit, drop (C)</p> Signup and view all the answers

    Which tool can be used to analyze the output of the built-in sniffer tool in Pcap format?

    <p>WireShark (A)</p> Signup and view all the answers

    Which mode allows you to configure application signatures, categories, and groups directly on the firewall policy?

    <p>NGFW policy mode (B)</p> Signup and view all the answers

    How many stages are there in NGFW policy mode session handling?

    <p>3 (D)</p> Signup and view all the answers

    Which traffic types can the FortiGate kernel identify in the NGFW policy mode session handling?

    <p>ICMP, DNS, and NTP traffic (C)</p> Signup and view all the answers

    What flag is set in the session table entry during Stage 2 of NGFW policy mode session handling?

    <p>dirty flag (A)</p> Signup and view all the answers

    Which inspection features are still configured as profiles in NGFW policy mode?

    <p>Antivirus and DLP (D)</p> Signup and view all the answers

    What information does the kernel use to search the NGFW policy table during Stage 1 of session handling?

    <p>Layer 4 headers (C)</p> Signup and view all the answers

    What happens to the session table entry during Stage 2 of NGFW policy mode session handling?

    <p>The session is allowed to flow (A)</p> Signup and view all the answers

    What does the dirty flag indicate during NGFW policy mode session handling?

    <p>The session needs to be reevaluated (B)</p> Signup and view all the answers

    What does the FortiGate kernel do during Stage 3 of NGFW policy mode session handling?

    <p>Searches the NGFW policy table (D)</p> Signup and view all the answers

    What is the initial application ID assigned during Stage 1 of NGFW policy mode session handling?

    <p>0 (D)</p> Signup and view all the answers

    Which debug flow error message indicates that a packet was dropped because of a traffic shaper that has exceeded one of its thresholds?

    <p>exceeded shaper limit, drop (C)</p> Signup and view all the answers

    Which debug flow error message indicates that either no firewall policy allows the traffic, or that a disclaimer has not been accepted yet?

    <p>Denied by forward policy check (A)</p> Signup and view all the answers

    Which debug flow error message indicates that the IP-address has been quarantined by the DLP inspection?

    <p>Denied by end point ip filter check (C)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet failed the reverse path forwarding check?

    <p>reverse path check fail, drop (C)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (management traffic) but the service is not enabled, the service is using a different TCP port, the source IP-address is not included in the trusted host list, or the packet matches a local-in policy with action deny?

    <p>Denied by end point ip filter check (C)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

    <p>Denied by end point ip filter check (C)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a device on the other side of FortiGate, but a virtual IP or IP pool is wrongly using that IP-address?

    <p>Denied by end point ip filter check (A)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

    <p>Denied by end point ip filter check (D)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is destined to a FortiGate IP-address (for example, management traffic), but the service is not enabled, the service is using a different port, the source IP-address is not included in the trusted list, or the packet matches a local-in policy with the action deny?

    <p>Denied by end point ip filter check (C)</p> Signup and view all the answers

    Which debug flow error message indicates that the packet is not destined to a FortiGate IP-address, but there is a virtual IP or IP pool configuration using the destination IP-address?

    <p>Denied by end point ip filter check (C)</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser