You are building a FortiGala cluster which is stretched over two locations. The HA connections for the cluster are terminated on the data centers. Once the FortiGates have booted, they do form a cluster. The network operators inform you that CRC eoors are present on the switches where the FortiGAtes are connected.
What would you do to solve this problem?
Click the Exhibit button.
Referring to the exhibit, a FortiADC is load balancing IPv4 traffic between two next-hop routers. The FortiADC does not know the IP addresses of the servers. Also, the FortiADC is doing Layer 7 content inspection and modification.
In this scenario, which application delivery control is configured in the FortiADC?
Click the Exhibit button.
config system ha
set mode a-a
set group-id 1
set group-name main
set hb_dev port2 100
set session-pickup enable
end
You have configured an HA cluster with two FortiGates. You want to make sure that you are able to manage the individual cluster members directly using port3.
Referring to the exhibit, what are two ways to accomplish this task? (Choose two.)
Click the Exhibit button.
Referring to the exhibit, which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?
Exhibit
Click the Exhibit button.
The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.
Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)
https://help.fortinet.com/fddos/4-3-0/FortiDDoS/Configuring_SPP_settings.htm
SYN cookie---Sends a SYN/ACK with a cookie value in the TCP sequence field. If it receives an ACK back with the right cookie, an RST/ACK packet is sent and the IP address is added to the legitimate IP address table. If the client then retries, it succeeds in making a TCP connection.
So apparently, the very first SYN/ACK with a cookie value is sent when the IP address is not in the legitimate IP address table yet.
