What two things does this raw log indicate?

View the exhibit.

date=2022-06-14 time=14:45:16 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd="root" policyid=2 identidx=1 sessionid=31232959 user="anonymous" group="ldap_users" srcip=192.168.1.24 srcport=63355 srcintf="port2" dstip=66.171.121.44 dstport=80 dstintf="port1" service="http" hostname="www.fortinet.com" profiletype="Webfilter_Profile" profile="default" status="passthrough" reqtype="direct" url="/" sentbyte=304 rcvdbyte=60135 msg="URL belongs to an allowed category in policy" method=domain class=0 cat=140 catdesc="custom1"

What two things does this raw log indicate? (Choose two.)

A. FortiGate allowed the traffic to pass.

B. 192.168.1.24 is the IP address for www.fortinet.com.

C. The traffic matches the webfilter profile on firewall policy ID 2.

D. The traffic originated from 66.171.121.44.

Answer: A,C

Explanation:

The raw log indicates the following:

A. FortiGate allowed the traffic to pass.

The "status" field is set to "passthrough," which means the traffic was allowed to pass.

C. The traffic matches the webfilter profile on firewall policy ID 2.

The "policyid" field is set to 2, indicating that the traffic matches the firewall policy with ID 2. The "profiletype" and "profile" fields specify that the traffic matches the Webfilter profile named "default." The other options are not supported by the information in the raw log:

B is incorrect because the log does not provide information about the IP address of www.fortinet.com; it indicates the destination IP address as 66.171.121.44.

D is incorrect because the log indicates that the traffic originated from 192.168.1.24, not 66.171.121.44.

So, the correct choices are A and C.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments