ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_NST-7.2 All Questions

View all questions & answers for the NSE7_NST-7.2 exam
Go to Exam

Exam NSE7_NST-7.2 topic 1 question 2 discussion

Actual exam question from Fortinet's NSE7_NST-7.2
Question #: 2
Topic #: 1
[All NSE7_NST-7.2 Questions]

Refer to the exhibit.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

  • A. Enable asymmetric routing under config system settings.
  • B. Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
  • C. A firewall policy that allows all ICMP traffic from port3 to port1.
  • D. Change the configuration from strict RPF check mode to feasible RPF check mode.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tuky88 at Dec. 9, 2024, 7:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
evdw
3 weeks, 2 days ago
Selected Answer: A
If a FortiGate recognizes the response packets, but not the requests, it blocks the packets as invalid. This is asymmetric routing. By default, a FortiGate blocks packets or drops the session when this happens. FortiGate can be configured to permit asymmetric routing
upvoted 1 times
...
tuky88
4 weeks, 1 day ago
Selected Answer: A
See page 371 in the Network Support Engineer Study Guide - By default - if an echo request does not pass through Fortigate but the response does, the packet is dropped. There are scenarios where this might be needed, you can then use the "set asymroute enable" in "config system settings".
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago