New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 5 Question 36 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 36
Topic #: 5
[All NSE8_812 Questions]

A FortiGate is configured to perform outbound firewall authentication with Azure AD as a SAML IdP.

What are two valid interactions that occur when the client attempts to access the internet? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, C

a) Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud. This is because the Oracle Cloud is not directly connected to the Azure Cloud. The traffic will need to go through the main data center in order to reach the Oracle Cloud.

c) Branch FortiGate devices must be configured as VPN clients for the branches' internal network to be able to access Oracle services without using public IPs. This is because the Oracle Cloud does not allow direct connections from the internet. The traffic will need to go through the FortiGate devices in order to reach the Oracle Cloud.

The other options are not correct.

b) Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure. This is not necessary. Azure does encrypt traffic over ExpressRoute.

d) Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge. This is not necessary. A single ExpressRoute service can be used to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge.


by Dana at Sep 18, 2024, 04:25 AM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Noah
3 months ago
Yeah, A and B make total sense!
upvoted 0 times
...
Chaya
3 months ago
Wait, does the client really forward the SAML response? Sounds weird.
upvoted 0 times
...
Maia
3 months ago
D seems a bit off to me, not sure about that one.
upvoted 0 times
...
Kris
4 months ago
I think C is also a valid step.
upvoted 0 times
...
Murray
4 months ago
A and B are definitely correct!
upvoted 0 times
...
Malika
4 months ago
I’m not completely confident, but I wonder if option D could be valid since there might be a redirect involved in the process.
upvoted 0 times
...
Javier
4 months ago
I practiced a similar question, and I feel like option B is correct too, since the IdP must send a response back to the FortiGate after authentication.
upvoted 0 times
...
Kaycee
4 months ago
I'm a bit unsure, but I remember something about the client needing to send the SAML response back to the FortiGate. Maybe option C?
upvoted 0 times
...
Brynn
5 months ago
I think option A is definitely one of the interactions since the FortiGate needs to initiate the SAML request to the IdP.
upvoted 0 times
...
Arthur
5 months ago
Hmm, the last option about the FortiGate redirecting the client to the captive portal and then to the IdP has me a bit confused. I'm not sure if that's considered a valid interaction or not. I'll have to think that one through more carefully.
upvoted 0 times
...
Graciela
5 months ago
I agree, the SAML request and response are likely the two valid interactions. The client browser will probably be involved in forwarding the SAML response as well. I'm feeling pretty confident about this one.
upvoted 0 times
...
Joanna
5 months ago
Okay, let's think this through step-by-step. The client is trying to access the internet, and the FortiGate is configured for SAML authentication with Azure AD. So the key interactions should involve the SAML request and response between the FortiGate and the IdP.
upvoted 0 times
...
Shawana
5 months ago
This question seems straightforward, but I want to make sure I understand the key interactions correctly before answering.
upvoted 0 times
...
Madonna
5 months ago
The key is to focus on the SAML authentication flow between the FortiGate and the Azure AD IdP. The client browser will be involved in passing the SAML response, but the core interactions are between the FortiGate and the IdP. I think options A, B, and C are the way to go here.
upvoted 0 times
...
Rachael
5 months ago
Alright, I've got a strategy. I'll focus on the auto-forwarding rule and the user's permissions to determine which profile will be used.
upvoted 0 times
...
Annabelle
9 months ago
A and B, no doubt. Although I do wonder if the FortiGate has a good taste in music while it's waiting for the SAML response...
upvoted 0 times
Stevie
7 months ago
Doyle: Yeah, it's an interesting thought. But A and B are definitely the valid interactions.
upvoted 0 times
...
Doyle
8 months ago
Kallie: Haha, I never thought about the FortiGate's taste in music!
upvoted 0 times
...
Kallie
8 months ago
B) The Microsoft SAML IdP sends the SAML response to the FortiGate SP.
upvoted 0 times
...
Margarita
9 months ago
A) FortiGate SP sends a SAML request to the IdP.
upvoted 0 times
...
...
Renay
9 months ago
A and B, for sure. The client is just along for the ride - the FortiGate and Azure AD are the ones doing the SAML dance.
upvoted 0 times
...
Devora
9 months ago
A and B sound right to me. Although option D does mention a captive portal, that's not part of the SAML flow itself.
upvoted 0 times
Jame
8 months ago
A) I agree, those two options seem to be the correct interactions.
upvoted 0 times
...
Delila
8 months ago
B) The Microsoft SAML IdP sends the SAML response to the FortiGate SP.
upvoted 0 times
...
Caren
8 months ago
A) FortiGate SP sends a SAML request to the IdP.
upvoted 0 times
...
...
Alverta
10 months ago
This is a tricky one, but I'd go with A and B. The client browser doesn't directly interact with the IdP, that's the FortiGate's job.
upvoted 0 times
Shelton
9 months ago
Exactly, the client browser doesn't directly interact with the IdP in this scenario.
upvoted 0 times
...
Zachary
9 months ago
Yeah, the FortiGate SP sends a SAML request to the IdP and then the IdP sends the SAML response back.
upvoted 0 times
...
Quinn
9 months ago
That's correct, the client browser doesn't directly interact with the IdP in this scenario.
upvoted 0 times
...
Chantay
9 months ago
I think you're right, A and B seem to be the correct interactions.
upvoted 0 times
...
Tuyet
9 months ago
Yes, the FortiGate SP sends a SAML request to the IdP, and then the IdP sends the SAML response back to the FortiGate SP.
upvoted 0 times
...
Berry
10 months ago
I think you're right, A and B seem to be the correct interactions.
upvoted 0 times
...
...
Frank
10 months ago
Definitely A and B. The FortiGate is the service provider, so it sends the SAML request, and the Azure AD IdP responds with the SAML response.
upvoted 0 times
Hyun
10 months ago
And then the Microsoft SAML IdP sends the SAML response back to the FortiGate SP.
upvoted 0 times
...
Nidia
10 months ago
Yes, you're right. The FortiGate SP sends a SAML request to the IdP.
upvoted 0 times
...
...
Maile
10 months ago
I think options A and B are the valid interactions. The FortiGate SP needs to initiate the SAML request, and the IdP needs to respond with the SAML response.
upvoted 0 times
...
Kasandra
11 months ago
I'm not sure about option C. Does the client browser really forward the SAML response to FortiGate?
upvoted 0 times
...
Leigha
11 months ago
I agree with you, Salena. Option B is also valid because the IdP sends the SAML response to FortiGate.
upvoted 0 times
...
Salena
11 months ago
I think option A is correct because FortiGate sends a SAML request to the IdP.
upvoted 0 times
...

Save Cancel