Refer to the exhibit.
Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
For traffic that does not match any of the defined SD-WAN rules, the default implicit SD-WAN rule is applied. By default, the FortiGate uses a 'source-destination IP-based' algorithm, which means all traffic from a specific source IP to a specific destination IP is sent through the same interface. This ensures that a consistent path is used for traffic between the same source and destination IP addresses. Options B, C, and D do not apply because the default algorithm does not prioritize by latency, session count, or source IP alone.
FortiOS 7.4.1 Administration Guide: SD-WAN Load Balancing Algorithms
Which statement is correct regarding the use of application control for inspecting web applications?
FortiGate's application control can differentiate between parent and child applications and allows administrators to configure distinct actions for each. For example, it can identify Facebook (parent application) and specific functions within it (child applications) like Facebook video or chat, enabling more granular control over application traffic.
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page the override must be configured using a specific syntax.
Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.)
www.example.com
This syntax targets the main domain, which is a common way to configure a web rating override for the home page of a website.
example.com
This syntax also correctly targets the main domain without specifying a subdomain (like 'www'), which is valid for configuring a web rating override for the entire site, including the home page.
Refer to the exhibits.
FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.
What would be the expected outcome in the HA cluster?
With the override setting enabled and a higher priority configured on FGT-2, it will preempt FGT-1 and become the primary unit in the HA cluster.
A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.
What is the reason for the certificate warning errors?
The certificate warning errors occur because the SSL inspection profile is configured to use a private CA certificate that is not recognized by the browser as being signed by a trusted CA. For the browser to trust the FortiGate's re-signed certificates, the CA certificate used by FortiGate for SSL inspection must be installed in the browser's trusted certificate store. Until the browser recognizes the certificate authority (CA) as trusted, it will continue to display warning errors when accessing HTTPS websites.
FortiOS 7.4.1 Administration Guide: SSL/SSH Inspection Configuration
