Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)A . The subject field in the server certificateB . The serial number in the server certificateC . The server name indication (SNI) extension in the client...
Which statement regarding the firewall policy authentication timeout is true?
Which statement regarding the firewall policy authentication timeout is true?A . It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IC . It is a hard timeout. The FortiGate removes the temporary policy for...
Which of the following statements about central NAT are true? (Choose two.)
Which of the following statements about central NAT are true? (Choose two.)A . IP tool references must be removed from existing firewall policies before enabling central NAC . Central NAT can be enabled or disabled from the CLI only.D . Source NAT, using central NAT, requires at least one central...
Why is FortiGate not generating any traffic for the performance SLA?
Refer to the exhibit. Which contains a Performance SLA configuration. An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?A . Participants configured are not SD-WAN members.B . There may not be a static...
Given the interfaces shown in the exhibit. which two statements are true?
Refer to the exhibit. Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)A . Traffic between port2 and port2-vlan1 is allowed by default.B . port1-vlan10 and port2-vlan10 are part of the same broadcast domain.C . port1 is a native VLAE . port1-vlan and port2-vlan1 can...
Which statement is true about the session diagnostic output?
Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?A . The session is a UDP unidirectional state.B . The session is in TCP ESTABLISHED state.C . The session is a bidirectional UDP connection.D . The session is a bidirectional TCP...
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?A . IP addressB . Once Internet Service is selected, no other object can be addedC . User or User GroupD . FQDN addressView...
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a...
What is a possible reason for this?
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating...
What interface type must the administrator select to bind multiple FortiGate interfaces?
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?A . VLAN interfaceB . Software Switch interfaceC . Aggregate interfaceD . Redundant interfaceView AnswerAnswer: B Explanation: Reference: https://forum.fortinet.com/tm.aspx?m=120324