An administrator has configured outgoing interface any in a firewall policy.
Which statement is true about the policy list view? Interface Pair view will be disabled. Search option will be disabled. Policy lookup will be disabled. By Sequence view will be disabled.
Given the interfaces shown in the exhibit, which two statements are true? (Choose two.) Traffic between port2 and port2-vlan1 is allowed by default. port1-vlan10 and port2-vlan10 are part of the same broadcast domain. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs. port1 is a native VLAN.
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up
✑ The secondary tunnel must be used only if the primary tunnel goes down
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.) Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel. Enable Dead Peer Detection. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
The override setting is enable for the FortiGate with SN FGVM010000064692.
Which two statements are true? (Choose two.) FortiGate SN FGVM010000065036 HA uptime has been reset. FortiGate devices are not in sync because one device is down. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime. FortiGate SN FGVM010000064692 has the higher HA priority.
Based on the system performance output, which two statements are correct? (Choose two.) FortiGate will start sending all files to FortiSandbox for inspection. FortiGate has entered conserve mode. Administrators cannot change the configuration. Administrators can access FortiGate only through the console port.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address.
For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B? 192.168.3.0/24 192.168.1.0/24 192.168.0.0/8 192.168.2.0/24.
The SSL VPN connection fails when a user attempts to connect to it.
What should the user do to successfully connect to SSL VPN? Change the SSL VPN port on the client. Change the Server IP address. Change the idle-timeout. Change the SSL VPN portal to the tunnel.
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.) The client FortiGate requires a client certificate signed by the CA on the server FortiGate. The client FortiGate requires a manually added route to remote subnets. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
With this configuration, which statement is true? Inter-VDOM links are required to allow traffic between the Local and Root VDOMs. A default static route is not required on the To_Internet VDOM to allow LAN users to access the internet. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object? Change the csf setting on Local-FortiGate (root) to set configuration-sync local. Change the csf setting on ISFW (downstream) to set configuration-sync local. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default. Change the csf setting on ISFW (downstream) to set fabric-object-unification default.
|
