nse8_812 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse8_812 Exam - Question 26

Refer to the exhibits.

Configuration -

Topology -

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

Show Answer
Correct Answer: ADE

To enable application detection on plain-text traffic that has been decrypted by FortiADC, the administrator must perform two configuration tasks on CL-1: Enable SSL offloading in the firewall policy and select the SSL-Offload protocol options profile. Second, enable application control in the firewall policy and select the SSL-Offload-App-Detect application list. This setup allows the FortiGate cluster to accept unencrypted traffic, inspect it, and then forward it for re-encryption.

Discussion

5 comments
Sign in to comment
semsemccieOptions: AD
Aug 25, 2023

Answer is A and D

Viewable8041Options: AD
Sep 5, 2023

ssl-offloaded yes SSL decryption and encryption performed by an external device. force-inclusion-ssl-di-sigs enable Enable forced inclusion of signatures which normally require SSL deep inspection.

pitzOptions: AD
Oct 5, 2023

A and D, There is no option of https in cli. only http.

ama6Options: BD
Sep 26, 2023

correct is B and D To enable application detection on plain-text traffic that has been decrypted by FortiADC, the administrator must perform two configuration tasks on CL-1: Enable SSL offloading in the firewall policy and select the SSL-Offload protocol options profile. Enable application control in the firewall policy and select the SSL-Offload-App-Detect application list.

JJISHEOptions: AD
Mar 12, 2024

A - (https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/162551/handling-ssl-offloaded-traffic-from-an-external-decryption-device) D - (https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-based-application-detection-over-decrypted/ta-p/196027)