NSE4_FGT-6.4 Exam QuestionsBrowse all questions from this exam

NSE4_FGT-6.4 Exam - Question 69

Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

The debug flow is of ICMP traffic

The default route is required to receive a reply

A firewall policy allowed the connection

A new traffic session is created

Show Answer

Correct Answer: AD

The debug flow output displays that the protocol used is ICMP, indicated by 'proto=1', which is correct for identifying ICMP traffic. This justifies option A. Additionally, the message 'allocate a new session-00003dd5' confirms that a new traffic session is created, justifying option D. There is no indication in the provided debug that a firewall policy is directly allowing the connection or that the default route is needed to receive a reply, making options C and B incorrect.

Discussion

15 comments

phototrait

Jun 30, 2021

A & D is correct, not C

JannJann

Sep 16, 2021

AD is correct. Good read for your guys. https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/54688/debugging-the-packet-flow

JannJann

Sep 16, 2021

SAMPLE: SYN sent and a new session is allocated: id=20085 trace_id=209 func=resolve_ip_tuple line=2799 msg="allocate a new session-00000e90"

JannJann

Sep 16, 2021

SAMPLE: SYN sent and a new session is allocated: id=20085 trace_id=209 func=resolve_ip_tuple line=2799 msg="allocate a new session-00000e90"

phototrait

Jun 30, 2021

A & C is correct : proto=1 -> icmp / allocate a new sesion

luiscsiscotec

Sep 7, 2021

what is your reference about "A and C"?

Gape4

Jul 22, 2021

A & D is correct. No Doubt.

moneim

Aug 21, 2021

A and C ,, reply traffic is received so traffic must has been allowed by a firewall policy

moneim

Aug 24, 2021

looking again a the log, it seems that the client is pinging the GW in the same subnet, son firewall policy is needed to allow such communication. Answer should be A,D as mentioned by others

Seph1

Sep 8, 2021

Why do you think it`s a gateway? How can you know it?

Anis_chak

Oct 24, 2021

"gw-10.0.1.250 via root"

Anis_chak

Oct 24, 2021

"gw-10.0.1.250 via root"

Seph1

Sep 8, 2021

Why do you think it`s a gateway? How can you know it?

Anis_chak

Oct 24, 2021

"gw-10.0.1.250 via root"

Anis_chak

Oct 24, 2021

"gw-10.0.1.250 via root"

forti_Ctes

Oct 18, 2021

A & D are corerct

lrosadini

Feb 2, 2022

A&D A=proto1=ICMP=PING D=msg="Allocate a new session"

JackeD

Jul 19, 2021

A and D is correct

luiscsiscotec

Sep 7, 2021

B & D is correct.

forti_Ctes

Sep 22, 2021

A & D is correct

AJVG

Feb 5, 2022

A D is correct

CeajanceOptions: AD

Feb 13, 2022

A & D is correct, not C

Nirvanero94Options: AD

Feb 26, 2022

A & D is correct, not C

andrewc74

Mar 23, 2022

If C is not correct, why is there a return traffic in reverse direction from 10.0.1.250 back to 10.0.1.10?

Chdavid33

Mar 28, 2022

A y D is correct!

NicolaeEastOptions: AD

Aug 24, 2022

Proto 1 is icmp. Obviously a new session was created. The ping is being sent to the gateway from a local device so no policy is needed. "gw-10.0.1.250 via root" Fortigate Infrastructure 7.0 pg 358-360