Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 3

* 'ONLY' If the virus is detected at the 'START' of the connection, the IPS engine sends the block replacement message immediately

* When a virus is detected on a TCP session (FIRST TIME), but where 'SOME PACKETS' have been already forwarded to the receiver, FortiGate 'resets the connection' and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a 'SECOND ATTEMPT' to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.

In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.

Study Guide -- IPsec VPN -- IPsec configuration -- Phase 1 Network.

When Dead Peer Detection (DPD) is enabled, DPD probes are sent to detect a failed tunnel and bring it down before its IPsec SAs expire. This failure detection mechanism is very useful when you have redundant paths to the same destination, and you want to failover to a backup connection when the primary connection fails to keep the connectivity between the sites up.

There are three DPD modes. On demand is the default mode.

Study Guide -- IPsec VPN -- Redundant VPNs.

Add one phase 1 configuration for each tunnel. DPD should be enabled on both ends.

Add at least one phase 2 definition for each phase 1.

Add one static route for each path. Use distance or priority to select primary routes over backup routes (routes for the primary VPN must have a lower distance or lower priority than the backup). Alternatively, use dynamic routing.

Configure FW policies for each IPsec interface.

http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control

https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-VDOM-interf

https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results

https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology

SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta-p/198502

configurable thresholds

Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.

Default values are :

- red : 88% of total memory is considered 'used memory'

- extreme : 95% of total memory is considered 'used memory'

- green : 82% of total memory is considered 'used memory'