ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 150 - NSE4_FGT-7.2 discussion

Report
Export

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?

A.
IP address
Answers
A.
IP address
B.
No other object can be added
Answers
B.
No other object can be added
C.
FQDN address
Answers
C.
FQDN address
D.
User or User Group
Answers
D.
User or User Group
Suggested answer: B

Explanation:

FortiGate Security 7.2 Study Guide (p.59): 'When configuring your firewall policy, you can use Internet Service as the destination in a firewall policy, which contains all the IP addresses, ports, and protocols used by that service. For the same reason, you cannot mix regular address objects with ISDB objects, and you cannot select services on a firewall policy. The ISDB objects already have services information, which is hardcoded.'

This is true because Internet Service is a special type of destination object that can only be used alone in a firewall policy. Internet Service is a feature that allows FortiGate to identify and filter traffic based on the internet service or application that it belongs to, such as Facebook, YouTube, Skype, etc. Internet Service uses a database of IP addresses and ports that are associated with each internet service or application, and updates it regularly from FortiGuard. When Internet Service is selected as the destination in a firewall policy, FortiGate will match the traffic to the corresponding internet service or application, and apply the appropriate action and security profiles to it. However, Internet Service cannot be combined with any other destination object, such as IP address, FQDN address, user or user group, etc., as this would create a conflict or ambiguity in the firewall policy. Therefore, no other object can be added if Internet Service is already selected as the destination in a firewall policy

Show Answer
asked 18/09/2024
Swapnil Salunke
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms