New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 1 Question 21 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 21
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibits.

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

A)

B)

Show Suggested Answer Hide Answer
Suggested Answer: C

To control multicast traffic passing through a FortiGate configured in transparent mode, you can use multicast policies. Multicast policies allow you to filter multicast traffic based on source and destination addresses, protocols, and interfaces. You can also apply security profiles to scan multicast traffic for threats and violations. References: https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/968606/configuring-multicast-forwarding


by Devora at Apr 27, 2024, 04:59 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shonda
3 months ago
I think both options A and C could work, though.
upvoted 0 times
...
Ronny
3 months ago
Option B is definitely the right choice here!
upvoted 0 times
...
Maybelle
3 months ago
Wait, are we sure about the application detection part?
upvoted 0 times
...
Lashawn
4 months ago
Totally agree, that's a must!
upvoted 0 times
...
Noah
4 months ago
CL-1 needs to accept unencrypted traffic from FAD-1.
upvoted 0 times
...
Hana
4 months ago
I believe we have to configure both the SSL-Offload-App-Detect and the protocol options profile, but I’m not 100% certain about the second task.
upvoted 0 times
...
Louvenia
4 months ago
I’m a bit confused about the specific tasks needed on CL-1. I think one of them involves setting up the firewall policy, but I can't recall the details.
upvoted 0 times
...
Germaine
4 months ago
This question feels similar to the practice ones we did on SSL offloading. I think we need to ensure the traffic is properly inspected before forwarding it.
upvoted 0 times
...
Kasandra
5 months ago
I remember something about configuring the application detection settings, but I'm not sure which options to choose here.
upvoted 0 times
...
Yuki
5 months ago
Based on the information provided, I believe the administrator needs to configure the SSL/TLS inspection settings on CL-1 to accept the unencrypted traffic from FAD-1 and apply the SSL-Offload-App-Detect application list and SSL-Offload protocol options profile. This should enable the necessary application detection and forwarding to FAD-2.
upvoted 0 times
...
Malissa
5 months ago
I'm a bit confused by the different devices and their roles. I'll need to make sure I understand the overall setup and the specific requirements for CL-1 before I can confidently select the right options.
upvoted 0 times
...
Fatima
5 months ago
Okay, let's see. The question mentions that CL-1 must accept unencrypted traffic from FAD-1, perform application detection, and forward the inspected traffic to FAD-2. I think the key is to identify the necessary settings on CL-1 to achieve this.
upvoted 0 times
...
Jutta
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully review the information provided and the options to determine the correct configuration tasks.
upvoted 0 times
...
Ming
5 months ago
I remember practicing a question about this, and I think the resource server is just where the data lives, not who grants access.
upvoted 0 times
...
Mira
5 months ago
Hmm, this seems like a tricky one. I'll need to think it through carefully. The key is to identify the root cause of the failed failover.
upvoted 0 times
...
Leslie
5 months ago
This looks like a tricky one. I'll need to carefully consider the different options and think through the implications of each approach.
upvoted 0 times
...
Cecily
9 months ago
Haha, I bet the person who wrote this question had a field day coming up with all those options. Time to put on my thinking cap!
upvoted 0 times
...
Tracey
9 months ago
I bet the developers at Fortinet have a good sense of humor. I wonder if they'll include any jokes in the exam questions.
upvoted 0 times
...
Ashley
9 months ago
Wait, are we supposed to do SSL decryption and re-encryption on the FortiGate cluster too? This is getting complex!
upvoted 0 times
Virgina
8 months ago
It does seem complex, but with the right configuration tasks, we can ensure secure traffic flow between the FortiGate cluster and the FortiADC devices.
upvoted 0 times
...
Nichelle
9 months ago
I think we also need to apply the SSL-Offload-App-Detect application list and SSL-Offload protocol options profile to the firewall policy.
upvoted 0 times
...
Geoffrey
9 months ago
Yes, we need to configure SSL decryption and re-encryption on the FortiGate cluster as well.
upvoted 0 times
...
...
Sommer
10 months ago
Hmm, this is a tricky one. I'm going to have to think it through carefully before deciding.
upvoted 0 times
Ena
8 months ago
User 3: I think we need to configure SSL-Offload-App-Detect application list and SSL-Offload protocol options profile.
upvoted 0 times
...
Rolf
8 months ago
User 2: Yes, I'm still trying to figure out which tasks need to be performed on CL-1.
upvoted 0 times
...
Jesusa
8 months ago
User 1: Have you looked at the options yet?
upvoted 0 times
...
...
Malcolm
10 months ago
Got it. So, we need to perform both tasks to ensure proper handling of web application traffic.
upvoted 0 times
...
Marleen
10 months ago
Yes, that's one of the tasks. We also need to configure SSL-Offload protocol options profile on CL-1.
upvoted 0 times
...
Jesus
10 months ago
This question is really testing our knowledge of FortiGate configuration. I think the correct answers are Option A and Option B.
upvoted 0 times
Weldon
9 months ago
Yes, we need to make sure to configure the SSL-Offload-App-Detect application list and SSL-Offload protocol options profile on CL-1.
upvoted 0 times
...
Danica
10 months ago
I agree, Option A and Option B seem to be the correct configuration tasks for CL-1.
upvoted 0 times
...
...
Malcolm
10 months ago
I think we need to configure SSL-Offload-App-Detect application list on CL-1.
upvoted 0 times
...
Virgina
11 months ago
Got it. So, we need to perform both tasks to ensure proper handling of web application traffic.
upvoted 0 times
...
Ocie
11 months ago
Yes, that's one of the tasks. We also need to configure SSL-Offload protocol options profile on CL-1.
upvoted 0 times
...
Virgina
11 months ago
I think we need to configure SSL-Offload-App-Detect application list on CL-1.
upvoted 0 times
...

Save Cancel