Exam NSE7_EFW-7.2 topic 1 question 35 discussion

Reason for the Error: When fortiguard-anycast is enabled, FortiGate automatically uses TCP as the protocol for FortiGuard communication. This is because the Anycast protocol relies on TCP for ensuring reliability and proper connection establishment with the nearest FortiGuard server. In this mode, you cannot manually set the protocol to UDP. Why the other options are incorrect: A. FortiManager provides FortiGuard: While FortiManager can act as a local FortiGuard Distribution Server, it does not influence the protocol settings for FortiGuard communication. C. You do not have the corresponding write access: If this were a permissions issue, the error would indicate an authorization problem, not a parsing error. D. udp is not a protocol option: UDP is a valid protocol option for FortiGuard communication, but it cannot be used when fortiguard-anycast is enabled.

60F (fortiguard) # set fortiguard-anycast enable 60F (fortiguard) # set protocol https HTTPS for server communication (for use by FortiGuard or FortiManager). 60F (fortiguard) # set protocol https No UDP option when anycast is enabled.

B its correct

B is correct. You can enable UDP and ports 443, 53 or 8888 only after disabling fortiguard anycast setting on CLI. Otherwise Web-filtering will use HTTPS on port 443.

B is correct study guide page 245

study guide page 245

B is correct. fortguard-anycast must be disabled to change the protocol to UDP. in this case, error is received when trying to set UDP protocol. This can indicate fortiguard-anycast is currently enabled.

B is correct

As per https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-UDP-protocol-for-FortiGuard-web-filter/ta-p/191920

A is correct