Examice

Exam nse4_fgt-72 All QuestionsBrowse all questions from this exam

Go to Exam

Question 21

Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Services defined in the firewall policy

Highest to lowest priority defined in the firewall policy

Destination defined as Internet Services in the firewall policy

Lowest to highest policy ID number

Source defined as Internet Services in the firewall policy

Correct Answer: A, C, E

To match a firewall policy, FortiGate uses various criteria defined in the policy settings. These include services defined in the firewall policy (such as IP protocol and port number), destination defined as Internet Services in the firewall policy (which can be specific IP addresses or broader internet services), and source defined as Internet Services in the firewall policy (which can also be specified by IP addresses or internet services). These criteria help FortiGate determine the appropriate policy to apply to the traffic.

Discussion

raydel92Options: ACE

Correct: A. Services defined in the firewall policy C. Destination defined as Internet Services in the firewall policy E. Source defined as Internet Services in the firewall policy FortiGate Security 7.2 Study Guide (p.52): "When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects: • Incoming Interface • Outgoing Interface • Source: IP address, user, internet services • Destination: IP address or internet services • Service: IP protocol and port number • Schedule: Specific times to apply policy" Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

Slash_JMOptions: ACE

FortiGate Security 7.2 Study Guide p.52 The policies are consulted from top to bottom, regardless of the Policy ID #. The first rule that matches is applied and subsequent rules are not evaluated. FortiGate matches the traffic using the following criteria: - Incoming Interface - Outgoing Interface - Source (IP Address, User, Internet Services) - Destination (IP Address or Internet Services) - Service (IP Protocol and Port number) - Schedule (Time that the packet connected to the FortiGate)

geroboamoOptions: ACE

there is no priority to be defined in security policies, and the policy id is just for reference

leadacOptions: ACE

ACE - Policy ID does not define a matching criteria, it´s just for editing purposes, and there is no priority in the policies, only their order will affect the matching process.

indunil75

ACE is correct

chihebOptions: ACE

the correct answers are ACE.

jberol

ACE is correct

Danny_BOptions: ACE

7.2 SEC 52

Rich_Man_Rich

ACE is correct

Cisco_SE_765Options: ACE

The correct ones are A,C,E

rian00z_Options: ACE

ACE is correct

PaulGoOptions: ACE

Correct A, C, E

EquianoOptions: ACE

ACE is correct!

DriftandLunaOptions: ACE

ACE, firewall policy will match on services, source & destinaiton