- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate Essentials 6.2
Hello!
So I was doing the questions of the Fortigate Essentials 6.2, the new "free course" by Fortinet, and I'm here with a doubt about 2 questions that I really think are wrong. Can someone confirm?
1º "Which NAT mode is supported by a VDOM configured as NGFW mode?
2º
"Which inspection mode allows administrators to select the network
applications from the firewall policy configuration?"
For me:
1º question: from my understanding, NGFW mode can be profile-based or policy-based, in the question they don't say which mode they are talking about, just "NGFW" mode... And they offer the option for Central SNAT and IP Pools...
2º question: from my understanding there is only 2 inspection modes: Flow-Based inspection and Proxy-Based inspection... So it would make sense if the question was "Which NGFW mode allows administrators...."
Am I wrong? I double checked the documentation and I'm almost sure about it, but I need to understand if there is something wrong with my knowledge, or it's an error in both questions...
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2º
"Which inspection mode allows administrators to select the network
applications from the firewall policy configuration?"
The Answer is : NGFW Policy-Based Mode.
In this mode you select the applications not in Security Profiles/ Application Control / ....
You select the application direct in the policy.
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/978598/profile-based-ngfw-vs-policy-based-ngfw
Regards
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They are asking for the "inspection mode", so the specific inspection mode is flow-based, and "inside" flow-based, NGFW Policy-Based mode.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you are wrong. You can have multiple VDOMs with different NGFW modes (profile or policy mode).
So, you can have a VDOM set to NGFW Profile-based mode, and another VDOM set to NGFW Policy-based mode (and ofc, that VDOM will use CNAT).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1º "Which NAT mode is supported by a VDOM configured as NGFW mode?
NGFW has two modes:
Policy-Based : It support central SNAT
Profile-based: It supports Firewall NAT
We will fix the question statement to be more clear.2º
"Which inspection mode allows administrators to select the network
applications from the firewall policy configuration?"
NGFW Policy-Based
Yes, you are right, there are two types of NGFW mode. We will fix this issue.
Saurabh Sharma
Network and Cloud Security Team Lead, NSE Curriculum Development
Original Message:
Sent: Apr 16, 2020 11:05 AM
From: Diogo Gomes
Subject: Fortigate Essentials 6.2
Hello!
So I was doing the questions of the Fortigate Essentials 6.2, the new "free course" by Fortinet, and I'm here with a doubt about 2 questions that I really think are wrong. Can someone confirm?
1º "Which NAT mode is supported by a VDOM configured as NGFW mode?
2º "Which inspection mode allows administrators to select the network applications from the firewall policy configuration?"
For me:
1º question: from my understanding, NGFW mode can be profile-based or policy-based, in the question they don't say which mode they are talking about, just "NGFW" mode... And they offer the option for Central SNAT and IP Pools...
2º question: from my understanding there is only 2 inspection modes: Flow-Based inspection and Proxy-Based inspection... So it would make sense if the question was "Which NGFW mode allows administrators...."
Am I wrong? I double checked the documentation and I'm almost sure about it, but I need to understand if there is something wrong with my knowledge, or it's an error in both questions...
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm glad to help.