You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?
proto_state=01 indicates SYN_SENT.
Why this answer
The output shows `proto=6` (TCP), `proto_state=01`, `duration=3600`, and `expire=3599`. In Fortinet's session table, `proto_state=01` for TCP indicates the session is in the SYN_SENT state, meaning the firewall has forwarded a SYN packet and is waiting for a SYN-ACK from the remote host. The session is not yet established, as the three-way handshake has not completed.
Exam trap
The trap here is that candidates often misinterpret `proto_state=01` as an established session because they associate '01' with a binary 'on' or 'active' state, but in Fortinet's TCP state encoding, 01 specifically means SYN_SENT, not established.
How to eliminate wrong answers
Option A is wrong because the session has an expire value of 3599 seconds, meaning it is still active and not timed out. Option B is wrong because a FIN_WAIT state would be represented by a different proto_state value (e.g., 04 or 05), not 01; proto_state=01 specifically indicates SYN_SENT, not a closing state. Option D is wrong because proto_state=01 does not mean established; an established TCP session would show proto_state=02 (SYN_RCVD) or proto_state=03 (ESTABLISHED) in Fortinet's session table.