Podcast
Questions and Answers
Which protocol has no state and always has a protocol state of 00?
Which protocol has no state and always has a protocol state of 00?
- ICMP (correct)
- TCP
- HTTP
- UDP
What are the two session state values used by FortiGate for UDP traffic?
What are the two session state values used by FortiGate for UDP traffic?
- 10 and 11
- 00 and 01 (correct)
- 0 and 1
- 1 and 2
What does the 'local' session flag indicate?
What does the 'local' session flag indicate?
- Session is to, and/or, from local stack
- Session is checked by IPS anomaly
- Session originated from FortiGate or terminates on FortiGate (correct)
- Session is being logged
When are sessions created and flagged as may_dirty?
When are sessions created and flagged as may_dirty?
What happens to sessions with the may_dirty flag when there is a change in the firewall policy configuration?
What happens to sessions with the may_dirty flag when there is a change in the firewall policy configuration?
Which session flag indicates that a session is being bridged?
Which session flag indicates that a session is being bridged?
What is the default global session handling setting?
What is the default global session handling setting?
What happens to packets matching a session with the block flag?
What happens to packets matching a session with the block flag?
What does the 'auth' session flag indicate?
What does the 'auth' session flag indicate?
What does the 'redir' session flag indicate?
What does the 'redir' session flag indicate?
Which setting is the most resource-intensive behavior for FortiGate session handling after a policy change?
Which setting is the most resource-intensive behavior for FortiGate session handling after a policy change?
What is the alternative option to 'check-all' for FortiGate session handling after a policy change?
What is the alternative option to 'check-all' for FortiGate session handling after a policy change?
Which setting allows you to modify FortiGate session handling on a per-policy level?
Which setting allows you to modify FortiGate session handling on a per-policy level?
What is the default option for FortiGate session handling after a policy change?
What is the default option for FortiGate session handling after a policy change?
Which setting should be enabled if you have policies handling millions of sessions?
Which setting should be enabled if you have policies handling millions of sessions?
What determines whether the system-level session handling setting is global or per-V-Dom?
What determines whether the system-level session handling setting is global or per-V-Dom?
What CLI commands can be used to modify FortiGate session handling behavior after policy changes?
What CLI commands can be used to modify FortiGate session handling behavior after policy changes?
Which option removes all policy information from sessions affected by a policy change?
Which option removes all policy information from sessions affected by a policy change?
What does FortiGate do when new packets arrive after a policy change with the 'check-all' option enabled?
What does FortiGate do when new packets arrive after a policy change with the 'check-all' option enabled?
What is the most granular setting for modifying FortiGate session handling?
What is the most granular setting for modifying FortiGate session handling?
Which value represents the TCP state FIN_WAIT?
Which value represents the TCP state FIN_WAIT?
What value is associated with the TCP state CLOSE_WAIT?
What value is associated with the TCP state CLOSE_WAIT?
What is the first digit in the protocol state for TCP sessions subject to flow or proxy inspection?
What is the first digit in the protocol state for TCP sessions subject to flow or proxy inspection?
When FortiGate receives the SYN-Ack packet, what value does the second digit in the protocol state change to?
When FortiGate receives the SYN-Ack packet, what value does the second digit in the protocol state change to?
What is the state value for sessions that are closed by both sides and kept in the session table for a few seconds more?
What is the state value for sessions that are closed by both sides and kept in the session table for a few seconds more?
What does the first digit in the protocol state represent for TCP sessions not subject to any inspection?
What does the first digit in the protocol state represent for TCP sessions not subject to any inspection?
What is the second digit in the protocol state for TCP sessions when FortiGate receives the SYN packet?
What is the second digit in the protocol state for TCP sessions when FortiGate receives the SYN packet?
What is the value associated with the TCP state LAST_Ack?
What is the value associated with the TCP state LAST_Ack?
What is the value of the second digit in the protocol state after the three-way handshake for TCP sessions?
What is the value of the second digit in the protocol state after the three-way handshake for TCP sessions?
What is the value of the first digit in the protocol state for TCP sessions subject to proxy or flow inspection?
What is the value of the first digit in the protocol state for TCP sessions subject to proxy or flow inspection?
Study Notes
Protocol State and Flags
- UDP sessions have two session state values on FortiGate: 00 and 01.
- The 'local' session flag indicates that a session is originated from the FortiGate itself.
- Sessions are created and flagged as 'may_dirty' when the firewall policy configuration is changed.
Session Handling
- The 'bridge' session flag indicates that a session is being bridged.
- The default global session handling setting is 'check-all'.
- Packets matching a session with the 'block' flag are blocked.
- The 'auth' session flag indicates that a session is authenticated.
- The 'redir' session flag indicates that a session is redirected.
- The 'check-all' setting is the most resource-intensive behavior for FortiGate session handling after a policy change.
- The alternative option to 'check-all' is 'check-new'.
- The 'per-policy' setting allows you to modify FortiGate session handling on a per-policy level.
- The 'check-all' setting is the default option for FortiGate session handling after a policy change.
- The 'check-new' setting should be enabled if you have policies handling millions of sessions.
Session Handling Options
- The 'session-ttl' setting determines whether the system-level session handling setting is global or per-V-Dom.
- The CLI commands 'config system session' and 'config system vd' can be used to modify FortiGate session handling behavior after policy changes.
- The 'reset' option removes all policy information from sessions affected by a policy change.
- When new packets arrive after a policy change with the 'check-all' option enabled, FortiGate re-evaluates all sessions.
- The 'per-policy' setting is the most granular setting for modifying FortiGate session handling.
TCP State Values
- The TCP state FIN_WAIT is represented by the value 04.
- The TCP state CLOSE_WAIT is represented by the value 05.
- The first digit in the protocol state for TCP sessions subject to flow or proxy inspection is 1.
- When FortiGate receives the SYN-Ack packet, the second digit in the protocol state changes to 1.
- The state value for sessions that are closed by both sides and kept in the session table for a few seconds more is 06.
- The first digit in the protocol state for TCP sessions not subject to any inspection represents the TCP state.
- The second digit in the protocol state for TCP sessions when FortiGate receives the SYN packet is 0.
- The value associated with the TCP state LAST_Ack is 07.
- The value of the second digit in the protocol state after the three-way handshake for TCP sessions is 2.
- The value of the first digit in the protocol state for TCP sessions subject to proxy or flow inspection is 1.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge of server-side and client-side TCP states with this quiz. Identify the corresponding values for each state and challenge yourself to remember the correct digits.
