Antivirus

Question 1

What inspection modes can FortiGate operate in?

Answer 1

• Flow-based
• Proxy-based

Question 2

What is the default inspection mode?

Answer 2

Flow-based

Question 3

What is required to use antivirus on your FortiGate?

Answer 3

An appropriate license

Question 4

How does flow-based inspection mode work?

Answer 4

• FortiGate examines the file as it passes through FortiGate
• User sees a faster response than if proxy-based inspection mode was used

Question 5

How would you enable an Antivirus profile?

Answer 5

In the firewall policy, under Security Profiles, toggle the antivirus

Question 6

How does proxy-based inspection mode work?

Answer 6

• FortiGate buffers the traffic and examines it as a whole before determining an action
• Allows for more points of data than flow-based inspection

Question 7

What additional antivirus support does proxy inspection mode offer?

Answer 7

• MAP and SSH protocol inspection
• Content disarm and reconstruction (CDR)
• FortiNDR inspection

Question 8

From the user’s end, what happens when a virus is detected?

Answer 8

Antivirus block page is displayed

Question 9

What inspection mode would you use if security was your top priority?

Answer 9

Proxy-based inspection mode

Question 10

What is required to configure protocol port mapping?

Answer 10

Proxy-based inspection

Question 11

What additional granularity is provided by using protocol options?

Answer 11

Large files are automatically blocked (threshold can be customized)

Question 12

What are some fixes for common antivirus issues?

Answer 12

• Verify antivirus license, check for updates
• Correct firewall policy configuration

Question 13

What type of inspection mode can be offloaded using CP processors?

Answer 13

Flow-based