When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate. Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)
Pagina 186
When a certificate fails for any of the reasons above, you can configure any of the following actions:
• Keep untrusted & Allow: FortiGate allows the website and lets the browser decide the action to take.
FortiGate takes the certificate as untrusted.
• Block: FortiGate blocks the content of the site.
• Trust & Allow: FortiGate allows the website and takes the certificate as trusted.
I believe A is incorrect. Page 186 of the study guide does not contain the word "warning" anywhere on it.
I take "Warning" in this context to mean that Fortigate would supply a warning. That is not what happens. If you set it to "Keep untrusted and allow" then the BROWSER will generate the warning, NOT Fortigate.
ABE
according to page 186 of the study guide, it states
Keep Untrusted and Allow
Block
Trust and Allow
for A: Allow and Warning would be the same as keep untrusted and Allow because the warning shows that it is untrusted but you are able to continue.
with B and E stating to either block the content or trust the website and gain access.
I Page 186 of the study guide never stated any other actions from C and D from what I can see in the options.
BCE
Keep Untrusted & Allow: Allow the server certificate and keep it untrusted.l Block: Block the certificate.l Trust & Allow: Allow the server certificate and re-sign it as trusted (page 1966 FortiOS Administrator Guide)
Options available:
Trust and Allow (fortigate marks the certificate as trusted)
Keep untrusted and allow / allow (Fortigate allow the traffic and let the browser decide)
Block (Fortigate blocks the connection)
With invalid certificates the options are Allow, Block or Custom. In custom, you can either select: Trust & Allow, Keep Untrusted and Allow, Block. So BCE is correct.
I'd go with BCE because on FortiGate it says "Keep untrusted & Allow", "Block", "Trust & Allow".
With "Keep untrusted & Allow", Fortigate allows it and does NOT display a warning but let's the browser decide. I'd associate the Fortigate setting "Keep untrusted & allow" with "Allow" from the question (Option C). Anything else doesn't make sense. Since there's no warning displayed in any allow situation, A doesn't make sense and since Block & Warning doesn't exist, it has to be B for this. The other two (Trust & Allow, Block) are the exact same words as written in the question, so it can only be B, C, E.
In the administration guide you can confirm that there are only the options to allow or block, after enabling deep inspection, the options to trust or not trust the certificate are added.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
IBB90704
Highly Voted 5 months, 3 weeks agoandres8h
Highly Voted 6 months agofa7474b
4 months agoNicae
Most Recent 1 week, 4 days agoAjit9929
4 weeks, 1 day agoharizmr
1 month agohecjoseroag
2 months, 2 weeks agosxcap
2 months, 3 weeks agoJRKhan
3 months, 2 weeks agos4mu3l007
3 months, 4 weeks ago066c9f3
4 months agomarcovinicius4
4 months agoDBFront
4 months, 1 week ago6f7d62a
4 months, 2 weeks ago0d6e481
4 months, 3 weeks agomiguelmagr
5 months agodumpz
5 months agoBillyon
5 months, 3 weeks ago