30 Questions
Which protocol has no state and always has a protocol state of 00?
ICMP
What are the two session state values used by FortiGate for UDP traffic?
00 and 01
What does the 'local' session flag indicate?
Session originated from FortiGate or terminates on FortiGate
When are sessions created and flagged as may_dirty?
When the first packet for a new session is received
What happens to sessions with the may_dirty flag when there is a change in the firewall policy configuration?
They are flagged as dirty
Which session flag indicates that a session is being bridged?
br
What is the default global session handling setting?
check-all
What happens to packets matching a session with the block flag?
They are dropped
What does the 'auth' session flag indicate?
Session requires (or required) authentication
What does the 'redir' session flag indicate?
Session is being processed by an application layer proxy
Which setting is the most resource-intensive behavior for FortiGate session handling after a policy change?
check-all
What is the alternative option to 'check-all' for FortiGate session handling after a policy change?
check-new
Which setting allows you to modify FortiGate session handling on a per-policy level?
check-policy-option
What is the default option for FortiGate session handling after a policy change?
check-all
Which setting should be enabled if you have policies handling millions of sessions?
check-new
What determines whether the system-level session handling setting is global or per-V-Dom?
V-Doms
What CLI commands can be used to modify FortiGate session handling behavior after policy changes?
config firewall-session-dirty
Which option removes all policy information from sessions affected by a policy change?
check-all
What does FortiGate do when new packets arrive after a policy change with the 'check-all' option enabled?
Reevaluates them
What is the most granular setting for modifying FortiGate session handling?
check-policy-option
Which value represents the TCP state FIN_WAIT?
4
What value is associated with the TCP state CLOSE_WAIT?
6
What is the first digit in the protocol state for TCP sessions subject to flow or proxy inspection?
1
When FortiGate receives the SYN-Ack packet, what value does the second digit in the protocol state change to?
3
What is the state value for sessions that are closed by both sides and kept in the session table for a few seconds more?
5
What does the first digit in the protocol state represent for TCP sessions not subject to any inspection?
0
What is the second digit in the protocol state for TCP sessions when FortiGate receives the SYN packet?
1
What is the value associated with the TCP state LAST_Ack?
8
What is the value of the second digit in the protocol state after the three-way handshake for TCP sessions?
1
What is the value of the first digit in the protocol state for TCP sessions subject to proxy or flow inspection?
1
Study Notes
Protocol State and Flags
- UDP sessions have two session state values on FortiGate: 00 and 01.
- The 'local' session flag indicates that a session is originated from the FortiGate itself.
- Sessions are created and flagged as 'may_dirty' when the firewall policy configuration is changed.
Session Handling
- The 'bridge' session flag indicates that a session is being bridged.
- The default global session handling setting is 'check-all'.
- Packets matching a session with the 'block' flag are blocked.
- The 'auth' session flag indicates that a session is authenticated.
- The 'redir' session flag indicates that a session is redirected.
- The 'check-all' setting is the most resource-intensive behavior for FortiGate session handling after a policy change.
- The alternative option to 'check-all' is 'check-new'.
- The 'per-policy' setting allows you to modify FortiGate session handling on a per-policy level.
- The 'check-all' setting is the default option for FortiGate session handling after a policy change.
- The 'check-new' setting should be enabled if you have policies handling millions of sessions.
Session Handling Options
- The 'session-ttl' setting determines whether the system-level session handling setting is global or per-V-Dom.
- The CLI commands 'config system session' and 'config system vd' can be used to modify FortiGate session handling behavior after policy changes.
- The 'reset' option removes all policy information from sessions affected by a policy change.
- When new packets arrive after a policy change with the 'check-all' option enabled, FortiGate re-evaluates all sessions.
- The 'per-policy' setting is the most granular setting for modifying FortiGate session handling.
TCP State Values
- The TCP state FIN_WAIT is represented by the value 04.
- The TCP state CLOSE_WAIT is represented by the value 05.
- The first digit in the protocol state for TCP sessions subject to flow or proxy inspection is 1.
- When FortiGate receives the SYN-Ack packet, the second digit in the protocol state changes to 1.
- The state value for sessions that are closed by both sides and kept in the session table for a few seconds more is 06.
- The first digit in the protocol state for TCP sessions not subject to any inspection represents the TCP state.
- The second digit in the protocol state for TCP sessions when FortiGate receives the SYN packet is 0.
- The value associated with the TCP state LAST_Ack is 07.
- The value of the second digit in the protocol state after the three-way handshake for TCP sessions is 2.
- The value of the first digit in the protocol state for TCP sessions subject to proxy or flow inspection is 1.
Test your knowledge of server-side and client-side TCP states with this quiz. Identify the corresponding values for each state and challenge yourself to remember the correct digits.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
