NSE Training

Expand all | Collapse all

Fortigate Essentials 6.2

  • 1.  Fortigate Essentials 6.2

    Posted Apr 16, 2020 11:06 AM

    Hello!

    So I was doing the questions of the Fortigate Essentials 6.2, the new "free course" by Fortinet, and I'm here with a doubt about 2 questions that I really think are wrong. Can someone confirm?

    1º "Which NAT mode is supported by a VDOM configured as NGFW mode?

    2º "Which inspection mode allows administrators to select the network applications from the firewall policy configuration?"

    For me:

    1º question: from my understanding, NGFW mode can be profile-based or policy-based, in the question they don't say which mode they are talking about, just "NGFW" mode... And they offer the option for Central SNAT and IP Pools...

    2º question: from my understanding there is only 2 inspection modes: Flow-Based inspection and Proxy-Based inspection... So it would make sense if the question was "Which NGFW mode allows administrators...."

    Am I wrong? I double checked the documentation and I'm almost sure about it, but I need to understand if there is something wrong with my knowledge, or it's an error in both questions...

    Thank you!



  • 2.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 09:56 AM
    2º "Which inspection mode allows administrators to select the network applications from the firewall policy configuration?"

    The Answer is : NGFW Policy-Based Mode.

    In this mode you select the applications not in Security Profiles/ Application Control / ....

    You select the application direct in the policy.

    https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/978598/profile-based-ngfw-vs-policy-based-ngfw

    Regards
    Andreas



  • 3.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 01:08 PM
    Yeah but the answer considered as "correct" in the questionary is "NGFW" only.

    They are asking for the "inspection mode", so the specific inspection mode is flow-based, and "inside" flow-based, NGFW Policy-Based mode.


  • 4.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 10:16 AM
    The combination of VDOMs and Central NAT are only available when using NGFW Profile-Based mode.

    Bob


  • 5.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 01:12 PM
    Hi Robert,

    I think you are wrong. You can have multiple VDOMs with different NGFW modes (profile or policy mode).

    So, you can have a VDOM set to NGFW Profile-based mode, and another VDOM set to NGFW Policy-based mode (and ofc, that VDOM will use CNAT).



  • 6.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 10:30 AM
    Edited by Saurabh Sharma Apr 17, 2020 10:53 AM
    Hello Diogo,

    1º "Which NAT mode is supported by a VDOM configured as NGFW mode?


    NGFW  has two modes:
    Policy-Based : It support central SNAT
    Profile-based: It supports Firewall NAT

    We will fix the question statement to be more clear.
    2º "Which inspection mode allows administrators to select the network applications from the firewall policy configuration?"

    NGFW Policy-Based
    Yes, you are right, there are two types of NGFW mode. We will fix this issue.

    Saurabh Sharma
    Network and Cloud Security Team Lead, NSE Curriculum Development




  • 7.  RE: Fortigate Essentials 6.2

    Posted Apr 17, 2020 01:13 PM
    Thank you for your reply! :)

    I'm glad to help.