NSE4 Firewall Policies and NAT • Complete Question Bank
Complete NSE4 Firewall Policies and NAT question bank — all 0 questions with answers and detailed explanations.
config firewall policy
edit 1
set name "Allow-HTTP"
set srcintf "internal"
set dstintf "dmz"
set srcaddr "10.0.1.0/24"
set dstaddr "192.168.1.10"
set action accept
set schedule "always"
set service "HTTP"
set logtraffic all
next
endFGT # diagnose firewall auth list 1: authid=1 type=ldap user=jsmith src=10.0.0.5 dst=192.168.1.10 proto=6 port=80 duration=1200 timeout=3600 2: authid=2 type=ldap user=ajones src=10.0.0.6 dst=192.168.1.10 proto=6 port=80 duration=600 timeout=3600
config firewall policy
edit 0
set name "Deny-All"
set srcintf "any"
set dstintf "any"
set srcaddr "all"
set dstaddr "all"
set action deny
set schedule "always"
set service "ALL"
set logtraffic all
next
edit 1
set name "Allow-HTTP"
set srcintf "internal"
set dstintf "wan1"
set srcaddr "10.0.0.0/8"
set dstaddr "all"
set action accept
set schedule "always"
set service "HTTP"
set logtraffic all
next
endRefer to the exhibit.
config firewall policy
edit 1
set name "Allow-Internet"
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
set logtraffic all
next
edit 2
set name "Block-SSH"
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action deny
set schedule "always"
set service "SSH"
set logtraffic all
next
endDrag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Next-generation firewall
Security information and event management
Centralized logging and analytics
Centralized management and policy orchestration
Advanced threat detection and analysis
Drag a concept onto its matching description — or click a concept then click the description.
Stored on the FortiGate's internal memory or disk
Centralized log collector and analyzer
Standard protocol to send logs to external servers
Cloud-based log storage and management
Used for monitoring device status and performance
You run the following CLI command on a FortiGate:
# diagnose debug flow filter saddr 192.168.1.10 # diagnose debug flow show function enable # diagnose debug enable
You then initiate a ping from 192.168.1.10 to 8.8.8.8. The output shows 'no matching policy'. What does this indicate?