ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_LED-7.0 All Questions

View all questions & answers for the NSE7_LED-7.0 exam
Go to Exam

Exam NSE7_LED-7.0 topic 1 question 2 discussion

Actual exam question from Fortinet's NSE7_LED-7.0
Question #: 2
Topic #: 1
[All NSE7_LED-7.0 Questions]

Refer to the exhibits.


Examine the firewall policy configuration and SSID settings.
An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.
Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?

  • A. Disable the user group from the SSID configuration.
  • B. Enable the captive-portal-exempt option in the firewall policy with the ID 11.
  • C. Apply a guest.portal user group in the firewall policy with the ID 11.
  • D. Include the wireless client subnet range in the Exempt Source section.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ZengIT at Feb. 4, 2024, 2:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tonifan
2 weeks, 3 days ago
Selected Answer: B
I choose B because guest.portal user group may be defined after CP authentication
upvoted 1 times
...
e8a82ad
6 months, 1 week ago
it was difficult to analize this part, but my logic says is C.
upvoted 1 times
e8a82ad
6 months, 1 week ago
Scenario 1: Because on the SSID there is a field called Exempt destinations on Guide page 363 that must have a corresponding firewall policy in place, that firewall policy has ipv4 DST Addr pointing to the FortiAuthenticator (or any External server), It means if the SSID has the Excempt destination with one entry then the answer is B and you MUST enable the exempt from captive portal on the firewall policy in order to allow the traffic to the Destination server and Services like DNS, HTTP, HTTPS, ping.
upvoted 1 times
e8a82ad
6 months, 1 week ago
Scenario2: When the SSID is not including any Exempt destinations (is empty), then the Answer is C, and on this case the image shows the SSID with this field empty, as a consequence all taks are done from the Firewall policy on guide page365 using the Source user group along with its services HTTP, HTTPS, at this point you DO NOT NEED to enable the Exempt from captive portal option inside the firewall policy, otherwise all traffic will be allowed and no captive portal will be presented. As a summary on this scenario C is the correct one.
upvoted 1 times
...
...
...
cestraining
9 months ago
just a note guys - I wrote today and got only about 15 questions from this guide. had to figure all the other questions out - a lot of FortiAuthenticator and wireless questions were new.
upvoted 2 times
...
BBell29128
10 months, 1 week ago
Which study guide are you guys referring to in the discussion? I've reviewed the guide available on the Fortinet Training page for the online LAN Edge course and the page numbers don't line up.
upvoted 1 times
...
Artbrut
1 year ago
Selected Answer: C
Revert! C is right as per page 365 study guide! Read pages 363-365!
upvoted 1 times
...
Artbrut
1 year ago
Selected Answer: B
study guide p. 363
upvoted 1 times
Artbrut
1 year ago
plus page 364!
upvoted 1 times
...
...
aandreou020
1 year, 1 month ago
Answer B Study Guide P363
upvoted 1 times
...
kinge2
1 year, 1 month ago
Selected Answer: B
study guide page 363 - if using external captive portal configure policy and exempt web traffic to external captive portal
upvoted 2 times
...
ZengIT
1 year, 2 months ago
Selected Answer: C
Using B will ignore the portal entrance,The correct setting should be to set the source of ID11 policy to the Guest.portal Group
upvoted 2 times
jimmyjampot
9 months ago
Incorrect, The portal cannot be seen, we havent reached authentication yet, the portal address needs to be exempt, so it can be seen first. B is the Answer
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago