A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?
Correct Answer:
D
FortiGate, like other security appliances, cannot analyze encrypted HTTPS traffic unless it decryptsit first. Ifonly certificate inspectionis enabled, FortiGate can see the certificate details (such as the domain and issuer) butcannot inspect the actual web content.
To fully analyze the traffic and detect potential malware threats:
Full SSL inspection (Deep Packet Inspection)must be enabled in theSSL/SSH Inspection Profile.
This allows FortiGate todecrypt the HTTPS traffic, inspect the content, and then re-Without full SSL inspection, threats embedded in encrypted traffic may go undetected.
Why does the ISDB block layers 3 and 4 of the OSI model when applying content filtering? (Choose two.)
Correct Answer:
AB
TheInternet Service Database (ISDB)in FortiGate is used to enforce content filtering at Layer 3 (Network Layer) and Layer 4 (Transport Layer)of the OSI model by identifying applications based on theirpredefined IP addresses and ports.
FortiGate has a predefined list of all IPs and ports for specific applications downloaded from FortiGuard:
FortiGate retrieves and updates apredefined listof IPs and ports for different internet services fromFortiGuard.
This allows FortiGate to block specific services atLayer 3 and Layer 4without requiring deep packet inspection.
The ISDB blocks the IP addresses and ports of an application predefined by FortiGuard:
ISDB works by matching traffic to knownIP addresses and portsof categorized services. When an application or service is blocked, FortiGate prevents communication bydenying traffic based on its destination IP and port number.