ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE5_FMG-7.0 All Questions

View all questions & answers for the NSE5_FMG-7.0 exam
Go to Exam

Exam NSE5_FMG-7.0 topic 1 question 24 discussion

Actual exam question from Fortinet's NSE5_FMG-7.0
Question #: 24
Topic #: 1
[All NSE5_FMG-7.0 Questions]

Refer to the exhibit.

Review the Download Import Report.
Why is it failing to import firewall policy ID 1?

  • A. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate.
  • B. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager.
  • C. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.
  • D. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by KavinT at Nov. 26, 2022, 5:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
morningstar
Highly Voted 2 years, 1 month ago
Selected Answer: D
D: FortiManager_7.0_Study_Guide-Online.pdf page 311: FortiManager can create a dynamic mapping for an address object, if the address object name is the same, but contains a differen value locally. However, there is one restriction: the associated interface cannot be different. This is because, at the ADOM level, this address object might be used by other policy packages, which might not have the same interfaces.
upvoted 5 times
myrmidon3
3 months, 3 weeks ago
On that page, it explains how FortiManager can encounter conflicts during the import process when there are mismatches in interface bindings between the address objects on the FortiGate and those stored in the ADOM database on FortiManager. When an address object is already defined with a specific interface (like "any"), and a different binding (such as "port6") is found during the import, FortiManager will fail to import the policy due to this conflict. This aligns with the error shown in the exhibit, confirming that the address object interface association mismatch is the reason for the failure. Answer: D
upvoted 1 times
...
...
KavinT
Most Recent 2 years, 1 month ago
D is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago