NSE7_EFW-7.0 Exam - Question 7

Question

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

Examice · Accepted Answer

The FortiGate web filter processes the URL filter first, followed by the FortiGuard category-based filter. In this scenario, the URL filter allows access to *.dropbox.com, which means the connection is passed to the next filtering step. The FortiGuard category-based filter then checks the URL and finds that it falls under the File Sharing and Storage category, which is set to block. Consequently, FortiGate will block the connection based on the FortiGuard category-based filter configuration.

tururu1496 · Answer

Order of operation is:
1. URL filter
2. FortiGuard Web Filtering
3. Web content filter
4. Web script filter
5. Antivirus scanning

Rudi36 · Answer

So, I didn’t find this is the training material, however it’s specified on Fortinet.com, correct answer is A.
When FortiGate performs a web filter check, it will first check the static URL filter list (if applied to the profile) and based on the action, will then perform the FortiGuard category check.
 
'Action' descriptions in Static URL see bellow:
 
- 'Block' -> destination is blocked and session dropped, no further category check is needed.
 
- 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action.
 
- 'Exempt' -> destination is exempted from further inspection and traffic is allowed.

-	https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-action-Allow-and-Exempt-in/ta-p/231334

racdab · Answer

A is actually correct

LiliRose · Answer

Since URL filter allow (unlike exempt) will still check the category, the session will be blocked and content filter won't work.

AdamB3 · Answer

The URL filter is set to 'allow' so the FortiGate proceeds to category filter which is set to 'deny', making FortiGate drop the packet. 'Exempt' would have skipped the other steps and allowed the packet.

fy64 · Answer

I've simulated configuration. It is being blocked because of category block. The answer is 100% A.

klapek · Answer

My bad, the action is 'allow' and not 'exempt' so the URL will be blocked by Category filter

saudiboy · Answer

Correct answer is A
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

IntheZone · Answer

A) Because URL Filter is allow and not "exempt" which will make the operation go to fortiguard filter which is block, but if it was "exempt" in URL filter then answer is D.

certifi46 · Answer

URL filter is 'allow' not 'exempt' so it will be block on step 2: FortiGuard Category.

scheuri · Answer

Answer A is correct.

Reason: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-action-Allow-and-Exempt-in/ta-p/231334

In the URL Filter (which is checked FIRST) dropbox.com is ONLY allowed which prompts Fortigate to check fruther in the UTM (next ist FortiGuard Web Filtering which BLOCKS file sharing).

In Order for D to be correct, the URL Filter would need to set dropbox.com on "exempt" (which leads the fortigate to stop checking and allow the traffic at once).

mikerss · Answer

The correct answer is A. Explanation: 
https://community.fortinet.com/t5/FortiGate/Technical-Note-List-of-web-filtering-steps-and-their-order-of/ta-p/197439?cmd=displayKC&docType=kc&externalId=11158

Web filters are applied in this specific order:
1   URL Filter
2   FortiGuard Web Filter (also called Category Block)
3   Content Filter (Web Content Filter)
4   Script Filter (filters for Java applets, ActiveX controls and cookies, CLI config only)
5   Antivirus scanning

The URL filter list is processed in order from top to bottom. An exempt match stops all further checking including AV scanning. An allow match exits the URL filter list and checks the other web filters.

In this case, the action in the URL Filter is "allow" therefore the FortiGate checks the other web filters. In this case, the next web filter is the FortiGuard Category Based Filter, which in this case is set to block.

Therefore traffic is blocked based on the FortiGuard Category Based Filter.

klapek · Answer

URL filter is check first and action is ALLOW the URL is exempted from all further inspection.

kocalin · Answer

"During Web filtering inspection, FortiGate first check the static URL filter list" - Study Guide, page 351.

djela45 · Answer

Same as LiliRose

saudiboy · Answer

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

Nope_123 · Answer

A is correct
With an allow action on the static URL filter, it will still continue checking the other filters.
In order to prevent this you will need to use exempt, which will stop further checks and allows the site.

johnnd · Answer

Tested in the lab with the same example. (A)

Gary_KB · Answer

A is correct

luismanzanero · Answer

A it's OK

nse_student · Answer

A 100%

mordechayd · Answer

A  - the best way to verify the solution is just simulate it on the Lab

javim · Answer

Correct Answer is A.
URL filter in "allow" the next check is Category, if category is block, the connection is blocked.
To allow the connection, the correct answer is "Exempt"

KocX · Answer

if it was exempt instead of allow on URL filter, it would not be blocked.

PoBratsky · Answer

Web Filtering inspection is performed in the following order:
1 - URL filter
2 - FortiGuard Web Filter (FortiGuard Category Based Filter)
3 - Web Content Filter
4 - Advanced Filter Options

In this case: URL Filter - allow. But in the second step, the blocks by the Category Based Filter.

mordechayd · Answer

A - action allow on local wf do not bypass fortiguard wF

LAFNELL · Answer

Correct answer is 100% A. Check Study Guide p350
During web Filtering Inspection,  Fortigates first check the Static Url Filter list, then the fortiguard categories, and then the content filter list. So even if the static url is allowing the site, it will be blocked and dropped by the fortiguard categories action.

FortiNoob · Answer

A is indeed correct

Seph1 · Answer

D is correct - Web Filter operations order - Static URL Filter is first
NSE 7 Study Guide page 351

cierzo · Answer

A is correct.

ezkmauricio · Answer

A, because its A

Quetchup · Answer

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 351
url filter -> FortiGuard Web Filter -> Web Content Filter -> Advanced Filter Options
Allow     -> Block

mabalon · Answer

Tested on LAB.
As KLAPEK says "URL filter is 'allow' not 'exempt' so it will be block on step 2: FortiGuard Category. "

ciscodiscoo · Answer

A is the correct answer

Gary_KB · Answer

A is correct

rirax · Answer

A 100%

marco_a · Answer

100% A is correct

[Removed] · Answer

Correct answer: A

znhl · Answer

D is correct 
- 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action.

Rottcrown95 · Answer

URL filter goes First

jdubyah_ · Answer

I agree with tururu1496.

olimmu · Answer

action allow, not exempt in URL list

red74 · Answer

A: Allow
The traffic is passed to the remaining FortiGuard web filters, web content filters, web script filters, antivirus proxy operations, and DLP proxy operations. If the URL does not appear in the URL list, the traffic is permitted.

ricjscarvalho · Answer

A 
the order is
URL filter
2. FortiGuard Web Filtering
3. Web content filter
4. Web script filter
5. Antivirus scanning

But to be allowed without matching any other critiria it should be exempt and not allowed

cbu_ch · Answer

Order of operation is:
1. URL filter
2. FortiGuard Web Filtering
3. Web content filter
4. Web script filter
5. Antivirus scanning

URL filter = ALLOW continues to evaluate the next steps, incl. Web Filtering.
If it is required to Allow access to a site regardless of the category, then use "Exempt".

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

GCISystemIntegrator · Answer

Answer - A - 
- 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action. - 'Exempt' -> destination is exempted from further inspection and traffic is allowed.

mastheooo · Answer

C, because blocked by content filter (exempt)

johnnd · Answer

Exempt
The traffic is allowed to bypass the remaining FortiGuard web filters, web content filters, web script filters, antivirus scanning, and DLP proxy operations.

Block
The FortiGate denies or blocks attempts to access any URL that matches the URL pattern. A replacement message is displayed.

Allow
The traffic is passed to the remaining FortiGuard web filters, web content filters, web script filters, antivirus proxy operations, and DLP proxy operations. If the URL does not appear in the URL list, the traffic is permitted.

Monitor
The traffic is processed the same way as the Allow action. For the Monitor action, a log message is generated each time a matching traffic pattern is established.

ducduc95 · Answer

D is the correct answer following the order based on which FGT decide

ducduc95 · Answer

My bad, the action is 'allow' and not 'exempt' so the URL will be blocked by Category filter

saudiboy · Answer

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

geegee2021 · Answer

fortigate does it in order Static URL -> FortiGuard – > Content -> Advanced

marioruiz_2811 · Answer

D is correct

Rudi36 · Answer

I would say it's D as per the study material, I don't see the exempt option mentioned in the theory or lab guide

fottyfan · Answer

In a real exam question there should be mentioned that dropbox.com is in the category file sharing and storage

Sanalthekken · Answer

Static URL Filter will executed first

rirax · Answer

D is correct

ipv84 · Answer

D - 100%

jc1515 · Answer

The url filter is the first consider and is a example of the use of this.

kosu39 · Answer

The answer is D. Testedin my on environment.

ipv84 · Answer

D - 100%

pete79 · Answer

A, see:
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/615462/url-filter

JZboss · Answer

A is correct.
if both FortiGuard category based filter and Static URL filter are used, if it is required to Allow access to a site regardless of the category, then use "Exempt"

romartinedg · Answer

D, es correcta

Bob_Oso · Answer

D Enterprise_Firewall_7.0_Study_Guide-Online.pdf page 351

Net_Sec2 · Answer

The correct Answer is D base on the 
Enterprise_Firewall_7.0_Study_Guide-Online.pdf page 351

mrtim5700 · Answer

URL filter is set to 'allow' which will permit it and move on to Fortiguard which is set to block.  Web Content never gets used.

If URL filter were set to 'exempt' it would be allowed.

jwildner · Answer

I've been testing this settings in LAB enviroment and the results is a blocked connection.

NSE7_EFW-7.0 Exam - Question 7

Discussion