An administrator has configured the following settings:
config system settings
set ses-denied-traffic enable
end
config system global
set block-session-timer 30
end
What are the two results of this configuration? (Choose two.)
An administrator has configured the following settings:
config system settings
set ses-denied-traffic enable
end
config system global
set block-session-timer 30
end
What are the two results of this configuration? (Choose two.)
If 'ses-denied-traffic' is enabled, a session for denied traffic is created in the session table to avoid repeated policy lookups for each packet, which reduces CPU usage and the number of logs generated for denied traffic. The 'block-session-timer' setting determines how long these sessions are kept in the session table, and it is measured in seconds, not minutes. Hence, the results are that denied traffic sessions are logged, and the number of logs generated by denied traffic is reduced.
It is C-D, the timer config any way is by seconds not minutes
C. The number of logs generated by denied traffic is reduced. D. A session for denied traffic is created. FortiGate Security 7.2 Study Guide (p.69): "During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation. This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds." Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
C D We enable denied session to be added into the session table to reduce the CPU processing due to denied session from same source/destination ip address, port and protocol. Solution Below are the commands to enable denied session to be added into the session table: #config system settings #set ses-denied-traffic enable #end For optimum performance, adjust the global block-session-timer. #config system global #set block-session-timer <1-300> (default = <30>) #end
FortiGate Security 7.2 Study Guide p.69
C & D https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-denied-session-to-be-added-into-the/ta-p/195478
Correct
CD is the correct answer
config system setting set ses-denied-traffic enable set block-session-timer <integer 1 – 300> (this determines in seconds how long, in seconds, the session is kept in the table)
Correct is C and D
C & D correct
C and D are correct, this is because during the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance you can use the ses-denied-traffic command this puts creates a denied session entry for <x> number of SECONDS.
FortiGate Security 7.0 p.127
C and D are correct
Correct Answer: CD
C & D is the correct answer
ses-denied-traffic Enable/disable including denied session in the session table. option - disable https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/19620/config-system-settings block-session-timer Duration in seconds for blocked sessions. integer Minimum value: 1 Maximum value: 300 30 https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/2620/config-system-global
It is C-D