Examice

Exam nse7_sdw-72 All QuestionsBrowse all questions from this exam

Question 23

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

FortiGate terminates the old sessions.

FortiGate evaluates new sessions.

FortiGate does not change existing sessions.

FortiGate flushes all sessions.

Correct Answer: B, C

Based on the exhibit, which indicates the configuration 'set firewall-session-dirty check-new', FortiGate evaluates new sessions against the new firewall policy configuration but does not change existing sessions. This setting ensures that only new sessions are checked and flagged while existing sessions remain unaffected.

Discussion

KavinTOptions: BC

B & C are correct.

sugar12Options: BC

check-new: New sessions are flagged as dirty. Existing sessions are not affected. If the firewall handles a huge number of sessions, flagging all sessions as dirty, and performing a firewall policy lookup for the sessions may result in high CPU utilization. To prevent this, you can configure FortiGate to flag only new sessions as dirty by setting firewall-session-dirty to check-new. The result is that FortiGate evaluates only new sessions against the new firewall policy configuration.