What are the two results of this configuration?

An administrator has configured the following settings:

config system settings

set ses-denied-traffic enable

end

config system global

set block-session-timer 30

end

What are the two results of this configuration? (Choose two.)
A . Device detection on all interfaces is enforced for 30 seconds.
B . Denied users are blocked for 30 seconds.
C . The number of logs generated by denied traffic is reduced.
D . A session for denied traffic is created.

View Answer

Answer: C,D

Explanation:

The timer config any way is by seconds.

ses-denied-traffic Enable/disable including denied session in the session table. block-session-timer

Duration in seconds for blocked sessions (1 – 300 sec (5 minutes), default = 30).

C. The number of logs generated by denied traffic is reduced.

D. A session for denied traffic is created.

During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation. This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds.

Reference and download study guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-denied-session-to-be-added-into-the/ta-p/195478