Firewall Policy Flashcards
What are examples of objects? and used to match policies?
Incoming and outgoing interfaces
Source ip, user, internet service
Destination ip,, internet service
Services
Schedules
Your customer cannot select more than one source interface, how can you fix this?
Go to Systems > feature visibility and turn on multiple interface policies
What is ISDB?
Internet service database
How can a customer authenticate on FortiGate?
Local Account
Remote Server
FSSO
PKI (Certificate)
True or False: You can select both a source IP and ISDB as a source in a FW policy?
False, either/or
Can you use a User in the destination of a Firewall policy
No, only source.
Geographic based ISDB
Can specify and country, region, or city for and ISBN
If you chose to match on Service, what must you enter?
Protocol and Port
Where do you turn on the option to have unnamed policies on the GUI?
System > Feature Visibility
True or False: you can create a unnamed policy on the CLI then edit it on the GUI
True, but you need to give the policy a unique name in order to edit it.
True or false: The Video filter, VoIP and Web Application Firewall are visible on the Firewall policy page by default
False: it has to be turn on in the System > Feature visibility page.
Which command enabled you to reduce logging and CPU usage of denied sessions?
config system setting
config ses-denied-traffic [disable | enable]
You can set a timer using
config system global
set block-session-timer [1-300] (30 seconds)
If you don’t see Generate Logs when sessions starts what does that mean?
That your FG does not have an internal hard drive for logging.
Are IPv4 and IPv6 combined into a single combined policy?
Yes
Do policy IDs display by default on the GUI?
No
