Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FCSS - Enterprise Firewall Administrator > Lab Notes And Processes > Flashcards

Lab Notes And Processes Flashcards

1
Q

Script Types and When To sync

A

Remote via CLI: Directly to Device Target. Does not need sync to take effect. Device Layer will automatically retrieve changes to config with Auto-Sync

Device Database: Needs to sync Device layer to device to take effect. Recommended to install both device and policy layer to avoid Unknown status for policy layer

Policy Script: Needs to sync policy layer to device to take effect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ZTP

A

Zero Touch Provisioning:

Involves settings up Metadata variables and a Pre-run CLI template. Pre-run CLI is used since it unassigns itself from the device after being used. The meta data varaibles are used to set common things like gateway IPs, port IPs, and Hostname

Then add model device to assign values to the variables and assig Pre-run CLI template to the model. The model will show as unknown device layer and never install policy layer. Run Quick install(Device DB) to apply the template to the model. Template unassigns once done, and Policy status will update, but still have modified status. Must install policy DB.

Just have to adjust real device to have a port with fmgr access, static route to fmgr, and set the fortimanager IP under central management. Then execute registration of fmger, this connects the device to fmgr and begins provisioning process, AKA autolinking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enable VDOMs

A

On System Information Dashboard of Device > Edit VDOM > Set to Multi-VDOM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Default Priority for Virtual Cluster

A

128

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does FGSP sync configuration?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Session Sync Encryption is encapsulated by

A

ESP packets over SESSYNC_1 IPsec tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How to enable OSPF ECMP:

A

Enable the rfc1583-compatible flag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to block encrypted attack:

A

Map the device layer local certificate to Dynamic Mapping by creating an inspection profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Remember that every time you use an IPsec template,

A

The interfaces must be mapped to normalize interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Does Unsetting the IPsec template delete the tunnel and dependencies?

A

No. You must individually remoted the objects and policies that were create and reference the tunnel or its interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

FCSS - Enterprise Firewall Administrator (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions