FCP_FGT_AD-7.4 Exam - Question 60

Question

Refer to the exhibits, which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 8080 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?

Examice · Accepted Answer

RNAV28 · Answer

Broken question..  Did anyone notice that the firewall policy services is "HTTPS"  The policy services does not allow the VIP ports to pass.   I only selected "D" because the discussion form required an entry.

CharlieS8 · Answer

C correct

fa7474b · Answer

Just confirmed this is C by testing it in the Training Lab (lab 2 allows you to test this pretty easily).

s4mu3l007 · Answer

B. 10.0.1.254, 10.0.1.10, and 80, respectively

10.200.3.1 --> 10.0.1.254 because NAT enable in firewall policy
10.200.1.10 --> 10.0.1.10 because VIP as Destination
8080 --> 80 because Port Forwarding enabled on VIP

felixliao · Answer

NAT is disabled on the Allow_access policy, which is the policy of interest here as the traffic is coming IN WAN port1 and going to the server out LAN port3.

hassan76 · Answer

https://www.examtopics.com/discussions/fortinet/view/102884-exam-nse4_fgt-72-topic-1-question-52-discussion/

Vusalrabalon · Answer

C is correct

vuhidus · Answer

Answer is C

x666 · Answer

Ignoring the mistake on the firewall policy, the intended answer should be C.

sxcap · Answer

there is no NAT so the source address still the original, 
There is a VIP so the destination address is translated to the mapped address, 
There is a port forward from 8080 to 80 so the destination port is the mapped port (80)

FCP_FGT_AD-7.4 Exam - Question 60

Discussion