Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?
A . It is allowed, but with no inspection
B . It is allowed and inspected as long as the inspection is flow based
C . It is dropped.
D . It is allowed and inspected, as long as the only inspection required is antivirus.

Answer: C

Subscribe
Notify of
guest
2 Comments
Inline Feedbacks
View all comments
Lucas
Lucas
3 years ago

The correct answer is “A”: “The pass setting allows traffic to bypass the AV proxy and continue to its destination. Since the traffic is bypassing the proxy, no Security Profiles scanning that requires the AV proxy is performed. Security Profiles scanning that does not require the AV proxy continues normally. Use the pass setting when access is more important than security while the problem is rectified. Pass is the default setting”

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Other_Profile_Considerations/Conserve%20mode.htm

ben
ben
4 years ago

answer A