40+ [REAL-TIME] FortiManager Interview Questions and Answers

Last updated on 18th Nov 2021, Blog, Interview Questions

If you are preparing for FortiManager Interview, then you are at the right place. Today, we will cover some mostly asked FortiManager Interview Questions, which will boost your confidence. FortiManager provides automation-driven centralized management of your Fortinet devices from a single console. Therefore, FortiManager professionals need to encounter interview questions on FortiManager for different enterprise FortiManager job roles. The following discussion offers an overview of different categories of interview questions related to FortiManager to help aspiring enterprise FortiManager Professionals.

1. What purpose does FortiManager solve?

Ans:

FortiManager is the centralized management console for the Fortinet security framework to manage all your Fortinet devices. FortiManager appliances allow us to centrally manage any number of Fortinet devices, from several to thousands, including FortiGate, FortiWiFi, FortiCarrier, FortiMail, FortiAnalyzer appliances with virtual appliances, as well as FortiClient endpoint security agents.

2. How can we Control our security infrastructure with the help of FortiManager?

Ans:

The FortiManager family provides the diverse needs of network administrators for efficient management of Fortinet-based security infrastructure. FortiManager minimizes the management costs by a significant margin, eases configuration, and accelerates the deployment cycles, whether deploying new devices, installation of security policies, or distributing updates.

FortiManager offers crucial timesaving features like device auto-discovery, group management, global policies, auditing facilities, and has the capability to manage complex VPN environments. FortiManager, coupled with the FortiAnalyzer family of centralized logging and reporting appliances, provides a complete centralized management solution for any organization

3. How Fortinet manages its Versatility?

Ans:

Networks need updating, due to the evolution of threats, organizational growth, or new regulations. Conventional products focus on mitigating organizational threats through firewall policies, firmware updates, and keeping content security current. FortiManager offers enterprise-class features to contain these threats, but also provides flexibility to evolve along with your ever-changing network. In addition to being able to manage hundreds or even thousands of FortiGate devices, FortiManager now includes basic FortiAnalyzer logging and reporting functions for administrators who prefer a consolidated platform.

4. What is locally hosted security content?

Ans:

Hosting security content allows the network administrator for greater control over security content updates and provides an improved response time for rating databases. It supports:

• Updates of Antivirus definition
• Updates in the Intrusion Preventions
• Updations Vulnerability and Compliance Management
• Web Filtering & Antispam only in some select systems.

5. What is the difference between a Next-Generation Firewall vs. Traditional Firewall?

Ans:

Next-generation	Traditional generation
NGFWs perform deeper inspections compared to stateful inspections executed by the first and second-generation firewalls. NGFWs use a more thorough inspection approach, checking packet payloads and matching the signatures for harmful activities such as exploitable attacks and malware.	NGFWs include typical functions of traditional firewalls such as packet filtering, network and port address translation (NAT), stateful monitoring, with virtual private network (VPN) support. The aim of next-generation firewalls is to include more layers of the OSI model, improving the filtering of network traffic that is dependent on the packet contents.

6. How does FortiManager function with FortiAnalyzer?

Ans:

FortiManager Integrated FortiAnalyzer Logging system allows for tighter integration and correlation of events and policies. A consolidated platform allows network administrators easy deployment of Fortinet management products.

7. What benefits does FortiManager Hierarchical Objects Database offer?

Ans:

FortiManager facilitates the reuse of common configurations across the organization in both local and global ADOM levels.

8. What is Automated Device Provisioning?

Ans:

FortiManager’s Automated Device Provisioning reduces the cost of new FortiGate for FortiClient installations and maintains policies across all managed assets.

9. How do Administrative Domains (ADOM) help us?

Ans:

FortiManager enables a network administrator to create groups of devices for other administrators to monitor and manage the following:-

• Manage devices in their geographic location or business division
• Multiple FortiGate virtual domains (VDOMs) can be separated among multiple ADOMs
• Granular permissions permit assigning of ADOMs and policies to particular users
• Network Administrators can only access devices or VDOMs assigned to them
• Generate device configuration templates for quick configuration of a new Fortinet appliance
• Within each ADOM, there is a familiar database of objects shared by all devices and policy packages which allow users to reuse similar configurations among a group of managed assets
• Global Policy capabilities are available on all the FortiManager hardware models including virtual machines.

10. What is FortiManager architecture?

Ans:

11. What is Command and Control in FortiManager?

Ans:

This help in the Management of devices and endpoint agents individually or as logical groups

• Automatically discovers the new devices.
• Generates deploys and monitors virtual private networks
• Delegate control to other users with distributed administration features
• Audit configuration changes to ensure compliance

12. How does FortiManager Monitor, Analyze, and Report?

Ans:

FortiManager accesses vital security and network statistics.

Monitors Real-time, with integrated basic reporting, providing visibility into network and user activity.

FortiMnager has more powerful analytics, combined with the FortiAnalyzer appliance for additional data mining and graphical reporting capabilities.

13. What are the FortiManager Supported Devices?

Ans:

Following are the appliances that are being integrated with FortiManager: –

FortiGate and FortiCarrier Consolidated Security Appliances

FortiAP – Wireless Access Points

FortiMail – Messaging Security Systems

FortiWeb – Web Application Security

FortiAnalyzer – Reporting and Analysis Appliances

Fortiswitch – Switching Platforms

Fortisandbox – Advanced Threat Protection Appliances

14. What is Single Pane-of-Glass Management?

Ans:

Fortinet Security Fabric, known for unified, end-to-end protection, is known as Single Pane of Glass. Deploying Fortigate-based security infrastructure to battle advanced threats, and adding FortiManager to provide single-pane-of-glass management across the whole enterprise & providing insights into network-wide traffic and threats.

FortiManager not only offers enterprise-class features to minimize advanced threats but also delivers the industry’s best scalability to manage up to 100,000 Fortinet devices.

15. How FortiMnager manages the workflow for audit and compliance?

Ans:

FortiManager reviews approve and update the audit policy changes from a central place.

Automates the process, which enhances the policy compliance and policy lifecycle management.

Enforces workflow to minimize the risk for policy changes

16. What are the APis for Automation and Orchestration?

Ans:

RESTful API allows MSSPs/large enterprises to generate customized, branded web portals for policy and object administration Automate common tasks such as provisioning new FortiGates and configuring them on existing devices. Join Fortinet Developer Network (FNDN) to access exclusive articles, how to move for automation and customization, community-built tools, scripts, and sample code.

17. How is FortiManager’s WorkFlow Mode?

Ans:

Workflow mode is the global model, which defines the approval or notification workflow when generating and installing policy changes. Workflow mode, when enabled via CLI only, the admin gets a new option in the admin profile page to approve or reject workflow requests.

18. Can we disable the workflow in FortiManager?

Ans:

Yes! We can disable the feature. Select the System Settings tab in the navigation pane.

• We should go to System Settings > Dashboard.
• In the CLI Console widget, type the following CLI command: config system global
• set workspace-mode {workflow | disabled}
• end

The FortiManager session will reboot and the network administrator must log back into the FortiManager system.

19. What function does the FortiManager device manager layer provide?

Ans:

Global ADOM layer	Adom layer	Device Manager layer
contains two key pieces: the global object database and all header and footer policies. Header and footer policies are used to envelop policies within each individual ADOM. These are typically invisible to users and devices in the ATOM layer.	where the FortiManager manages individual devices or groups of devices. It is inside this layer where policy packages and folders are created, managed, and installed on managed devices. Multiple policy packages can be created here, and they can easily be copied to other ADOMs to facilitate the configuration or provisioning of new devices on the network	The device manager layer records information on devices that are centrally managed by the FortiManager unit, such as the name and type of device, the specific device model, its IP address, the current firmware installed on the unit, the device’s revision history, and its real-time status.

20. Define FortiManager centralized security management?

Ans:

21. How can we change the web-based manager language?

Ans:

FortiManager’s web-based manager supports multiple languages; the default language is English. We can change the manager to display in English, Simplified Chinese, Traditional Chinese, Japanese, or Korean. For best results, you should select the language that the computer operating system uses.

We can also set the FortiManager Web-based Manager to automatically detect the system language, and by default show the screens in the proper language, if available.

22. Can we Restrict Web-based Manager access by the trusted host?

Ans:

Preventing unauthorized access to the Web-based Manager is easy. We can configure administrator accounts with trusted hosts. After trusted hosts are configured, the administrator user can only log into the Web-based Manager while working on a computer with the trusted host as defined in the administrator account. You can configure up to ten trusted hosts per administrator account.

23. How is Fortinet’s Fabric-Ready Partner program different from the partner programs we see other vendors promoting?

Ans:

Fortinet fabric ready	Fortinet approach
Fortinet’s Fabric-Ready Partner Program brings together best-in-class technology alliance partners.	Fortinet’s approach actually allows the partners to deliver pre-integrated, end-to-end security offerings ready for deployment in any organization.

24. What is the best way to organize devices using ADOMs?

Ans:

We can organize devices into ADOMs to allow you to better manage these devices. You can organize these devices by:

Firmware version: Group all devices with the same firmware version into an ATOM.

Geographic regions: Group all devices for a specific geographic region into an ATOM, and devices for a different region into another ADOM.

Administrative users: Group devices into separate ADOMs based on specific administrators responsible for the group of devices.

Customers: Group all devices for one customer into an ATOM, and devices for another customer into another ATOM.

25. How to enable the ADOM feature?

Ans:

For enabling ADOM feature in FortiManager, we need to:

• Login as admin.
• Go to System Settings > Dashboard.
• In the system information widget, select Enable next to Administrative Domain

26. How to switch between ADOMs?

Ans:

As a network administrator, we are able to move between all the ADOMs created on the FortiManager system. This enables us to view, configure, and manage the various domains. Other administrators are only able to move between the ADOMs to which they have permission.

They are able to view and administer the domains based on their account’s permission settings. To access a specific ADOM, we should select that ADOM in the tree menu. The FortiManager system presents the available options for that domain, depending on the tab currently in use.

27. How to manage ADOMs?

Ans:

When the ADOMs feature is enabled, and we can log in as the admin user, we can find all the available ADOMs listed in the tree menu on the different available tabs. In the Policy & Objects tab, a menu bar is available that allows selecting either Global or a specific ADOM from the drop-down list. Selecting Global or a specific ADOM will then display the policy packages and objects appropriate for your selection.

28. Can we have simultaneous ADOM access?

Ans:

System administrators can enable or disable simultaneous access to the same ADOM if multiple administrators are responsible for managing a single ATOM. When enabled, multiple administrators can log in to the same ADOM in parallel.

When disabled, only a single administrator has read or writes access to the ADOM, while all other administrators have read-only permission. Concurrent ADOM access can be enabled or disabled using the CLI

29. What are the security considerations, taken into account while restricting access to web-based managers?

Ans:

While restricting access to the FortiManager Web-based Manager we should check the following:

• We should configure administrator accounts using a complex passphrase for local accounts
• We should configure administrator accounts using RADIUS, LDAP, TACACS+, or PKI
• We should configure the administrator profile to only allow read/write permission as required and restrict access using read-only or no permission to settings, which are not applicable to that administrator
• We should configure the administrator account to only allow access to particular ADOMs as required
• We should configure the administrator account to only allow access to particular policy packages as required.

30. What is AWS administration guide in FortiManager?

Ans:

31. How to add ADOM?

Ans:

To add ADOM, we must log in as admin. Prior to that, we must enable administrative domains in the Web-based Manager.

32. How to create an ATOM?

Ans:

Either one of the following can create an ATOM.

• Go to the Device Manager tab & choose Manage ADOMs from the ADOM drop-down list.
• Select Create New in the Manage ADOMs toolbar. Alternatively
• Go to System Settings > All ADOMs and either select Create New or right-click in the content pane and choose New from the pop-up menu. The Create ADOM dialog box will open which allows configuring the new ADOM.

33. What can we do in System Settings?

Ans:

The System Settings tab enables the administrator to manage and configure the basic system options for the FortiManager unit. This includes the basic network settings to connect the device to the main network, the configuration of administrators and their access permissions, managing and updating firmware for the device and access to the FortiGuard Update Service for updates.

34. Can we customize the dashboard?

Ans:

The FortiManager system dashboard is customized easily. We can select widgets for display, where they are located on the page, and whether they are minimized or maximized.

To move a widget, we should position your mouse cursor on the widget’s title bar, then click and drag the widget to its new location.

Dashboard System Settings – To add a widget, in the dashboard, select Add Widget, followed by the names of widgets that we want to be displayed. To remove a widget we must simply close the icon.

35. How is RAID managed in FortiManager?

Ans:

RAID helps us to segregate data storage over multiple disks, providing increased data reliability. FortiManager units that contain multiple hard disks can be RAID configured for capacity, performance, and availability.

We can view the status of the RAID array from the RAID Management page at System Settings > RAID Management. This page displays the status of each disk in the RAID array, including the system’s RAID level. This widget also displays how much disk space is used.

36. Why do we need FortiManager?

Ans:

FortiManager provides granular device and role-based administration for clear visibility of every device and user on the network, facilitating zero-trust, multi-tenancy deployments for large enterprises and a hierarchical objects database for re-use of common configurations to serve multiple customers.

37. What is Adom in FortiManager?

Ans:

A FortiManager Administrative Domain (ADOM) is analogous to the Virtual Domain concept within the FortiGate. The use of ADOMs allows us to create separate logical environments in which we can maintain separate sets of devices.

38. What is FortiManager and FortiAnalyzer?

Ans:

FortiManager	FortiAnalyzer
FortiManager can add the FortiGates and retrieve configurations for the FortiGates when adding the FortiAnalyzer unit.	If FortiAnalyzer is receiving logs from FortiGate devices that do not exist on FortiManager.

39. How do I connect to FortiManager?

Ans:

Connect the FortiManager unit to a management computer using an Ethernet cable.

Configure the management computer to be on the same subnet as the internal interface of the FortiManager unit:

Type admin in the Name field, leave the Password field blank, and click Login.

40. What is FortiManager security fabric?

Ans:

41. What Are The Fundamental Of Fortianalyzer?

Ans:

FortiAnalyzer is a platform that integrates network logging, analysis, and reporting right into a single machine, delivering accelerated know-how of protection occasions at some stage in your network. FortiAnalyzer merchandise decreases the attempt required to scrutinize and maintain policies, in addition to identifying attack patterns to assist us with great-song organizational policies. In quick, FortiAnalyzer affords Centralized Logging, Analysis, and Reporting on a Virtual Platform.

42. How Can We Replace Hard Disks?

Ans:

Whenever a hard disk on a FortiAnalyzer unit fails, it has to be replaced. FortiAnalyzer gadgets that assist hardware RAID, the hard disk may be changed even as the FortiAnalyzer unit continues to be going for walks, known as hot swapping. On FortiAnalyzer gadgets with software RAID, the tool have to be shut down previous to replacing the difficult disk.

43. How To Configure Raid?

Ans:

• To configure the RAID degree we have to Go to System Settings > RAID Management.
• Then we should click on trade beside RAID Level, which displays the RAID Settings conversation box.
• We have to choose a brand new raid level from the RAID Level listing, and click on OK.
• The FortiAnalyzer unit will restart itself.
• The Duration to generate the RAID array extensively depends on the selected RAID level.

44. How Can We Change Administrative Access?

Ans:

• To exchange administrative rights of entry we have to first visit System Settings > Network.
• By default, port1 settings may be displayed. We can configure administrative get right of entry for an extraordinary interface.
• We must Click All Interfaces, and select the interface from the listing.
• We must set the IPv4 IP Address/Netmask or the IPv6 Address.
• After that we must choose one or extra Administrative Access kinds for the interface, and set the default gateway and Domain Name System (DNS) servers accompanied by using clicking on Apply.

45. How Can We Add A Static Route?

Ans:

• We need to visit System Settings > Network.
• After that, we must click the Routing Table button to feature an IPv4 static route or the IPv6 Routing Table button to add an IPv6 static route.
• Then we ought to click on the Create New button. The Create New Network Route pane is displayed.
• Lastly, we are able to configure the settings, and click on OK to create the new static course.

46. How Many Panes Does Fortianalyzer Have And What Are Its Functions?

Ans:

Banner is on the pinnacle of the page; which incorporates the home button (Fortinet brand), tile menu, ADOM menu (whilst enabled), admin menu, notifications, and assist button.

47. What is Fetching?

Ans:

We can fetch offline reviews, which can be compressed logs from one FortiAnalyzer unit to a 2nd FortiAnalyzer unit in which the logs that may be robotically indexed inside the database to support data evaluation on the Log View, FortiView, and Reports tabs. The fetch feature in FortiAnalyzer allows machine directors to research information from compressed logs without affecting the performance of the primary FortiAnalyzer unit due to the fact the method of fetching logs occurs in the history.

48. What is Traditional Storage Provisioning?

Ans:

Storage provisioning is the method of assigning storage, normally within the shape of server disk pressure space, on the way to optimize the overall performance of a garage region network (SAN). Traditionally, this has been performed via the SAN administrator, and it may be a tedious manner.

49. What is Thin Provisioning?

Ans:

Thin provisioning (TP) is a procedure of maximizing the performance with which the available area is utilized in storage region networks (SAN). Thin Provisioning capabilities with the aid of allocating disk storage space in a bendy manner amongst a couple of customers, based totally on the minimal area required by way of every user at any given time.

50. Define FortiManager appliance?

Ans:

51. What is Thick Provisioning Eager Zeroed?

Ans:

Thick provisioning eager zeroed is a VMware provisioning method, which generates a digital gadget (VM) disk in a default thick format. Thick provision eager zeroed supports clustering features together with VMware Fault Tolerance, an element of VMware vSphere that is to offer excessive availability (HA) for employer software packages.

52. What Do You Mean By Thick Provision Lazy Zeroed?

Ans:

Thick provision lazy zeroed is the method of allocating a space within the garage for a virtual system (VM) disk that creates a digital disk in a default thick layout. The thick provision way all of the area detailed for the digital disk files are reserved for the Virtual Machine is created.

53. How Can We Edit The Fortianalyzer’s Ip Address?

Ans:

• In the toolbar pick Asset > Manage/View Products, which opens the View Products web page.
• Select the FortiAnalyzer VM serial variety and the Product Details web page opens.
• Select Edit to exchange the outline, partner information, and IP deal with the specific FortiAnalyzer VM.
• Then the Edit Product Info web page opens.
• We now need to go into the new IP address and choose Save. There isn’t any restrict of quantity of converting the IP cope with on a complete assessment license

54. What Are The Fortianalyzer’s Supporting Devices?

Ans:

• FortiGate Multi-Threat Security Systems.
• FortiMail Email Security Systems.
• FortiClient Mobile End-Point Security.
• FortiClient PC End-Point Security.
• FortiManager Centralized Management.
• Any Syslog-Compatible Device.

55. What is a Log Browser?

Ans:

Log Browser helps us to view log records or messages from the registered devices. We can easily clear out the log documents and messages to dig down and discover specific statistics.

56. What Granular Information Do We Get With The Help Of Fortianalyzer?

Ans:

The FortiAnalyzer User Interface (UI) enables the system directors to dig deep into security log facts to offer the granular stage of reporting vital to apprehend what’s happening at the entire community. Historical or actual-time statistics lets in network directors to analyze log and content records, as well as the site visitors of the whole network. The advanced forensic evaluation tools permit the network administrator to music person activities to the content material degree.

57. What is a Vulnerability Scanner?

Ans:

FortiAnalyzer’s included vulnerability scanner identifies vulnerabilities on a number server, which include a mail server, FTP server or another UNIX or Windows host and produces vulnerability reports for that reason displaying the ability weaknesses to assaults that could exist for a selected device.

58. What Do You Understand By Content Logging & Data Mining?

Ans:

Log aggregation and archiving is essential nowadays in identifying safety threats and managing network utilization. In addition to in-intensity analysis, real-time logging, and reporting, FortiAnalyzer facilitates unique content material logging of consumer activities and network site visitors. Activities can be scrutinized real time, archived and later analyzed as in keeping with the want. Activities may be tracked person smart, protocol, source, destination, and many others. And the actual content material exchanged in a session is to be had. Content logging isn’t handiest vital on the way to implement regulatory mandates along with HIPAA and SOX compliance but in reality had to implement desirable use guidelines and guard vital corporate belongings and intellectual assets.

59. How Does Fortianalyzer Differ From Traditional Methods?

Ans:

Threats are continuously evolving within networks, such as organizational boom or new regulatory and commercial enterprise necessities. Traditional strategies cognizance on recording and identifying community threats through logging, evaluation and reporting through the years. FortiAnalyzer presents corporation-magnificence functions to no longer most effectively pick out those threats but additionally offer flexibility to adapt along with the ever-converting network. FortiAnalyzer can generate particularly customized reviews for organizational requirements even as aggregating logs in a hierarchical, tiered logging topology.

60. What is a deep drive into FortiManager?

Ans:

61. How Do We Benefit From Fortianalyzer’s Versatile Management Solutions?

Ans:

• Diversity of shape factors
• Architectural flexibility
• Highly customizable
• Simple licensing

62. What Benefits If Fortianalyzer is Selected Standalone, Collector, Or Analyzer Mode?

Ans:

FortiAnalyzer can be mounted as a person unit, or optimized for unique operations. It depends on the area and utility this is required. Any employer does now not require all capabilities and blessings of FortiAnalyzer.

63. What Are The Benefits Of Fortianalyzer Seamless Integration With The Fortinet Products?

Ans:

The near integration with Fortinet Products maximizes its performance and permits FortiAnalyzer sources for efficient management from FortiGate or other FortiManager person interfaces.

64. What Are The Benefits Of Fortianalyzer Centralized Logging Of Multiple Record Types?

Ans:

This document along with traffic hobby, device events, viruses, assaults, Web filtering events, and messaging activities and facts. System directors can scrutinize the complete network from one single place.

65. How Do We Benefit From Fortianalyzer’s Performance To Upscale Capacity?

Ans:

FortiAnalyzer own family models aid thousands of FortiGate and FortiClient agents, and may dynamically scale storage based on retention and compliance requirements.

66. What Does The Graphical Summary Reports Show?

Ans:

Graphical summary reviews provide targeted occasions, activities, and developments happening on FortiGate and third-birthday party devices at the entire network.

67. How Fortianalyzer Manages Information Related To Security Events?

Ans:

We can position time lower back in by means of installing a FortiAnalyzer platform into the prevailing protection infrastructure, creating a single view of the security events, archived content, and vulnerability checks. FortiAnalyzer structures pull the whole range of facts from Fortinet solutions, including visitors, event, virus, attack, content material filtering, and e-mail filtering. It gets rid of the guide search of a couple of log documents whilst appearing forensic evaluation and community auditing. FortiAnalyzer platform’s centralized statistics archiving, report quarantine and vulnerability evaluation in addition lessen the time taken to control the range.

68. What Factor Depends On Selecting Between Hardware And Virtual Appliances?

Ans:

Most of the agencies use much less than the specified hardware IT infrastructure or virtual IT infrastructure these days, for lots of price range constraints. This creates a need for both hardware and virtual appliances within a safety strategy. FortiAnalyzer may be hooked up to either hardware or digital appliances to match the surroundings, which incorporates a combination of digital and bodily IT infrastructure.

69. What Are The Benefits Of Network Event Correlation Benefits?

Ans:

The element referred to as occasion correlation plays a key role in incorporated management. Network Event Correlation Allows the device administrator to quick become aware of and react to network safety threats throughout the company community

70. How FortiManager add device?

Ans:

71. How Fortianalyzer Enhances The Visibility Within Its Platforms?

Ans:

FortiAnalyzer provides its offerings like security event analysis, forensic studies, reporting, content material archiving, and information mining, malicious document quarantining and vulnerability management to groups of any length from a centralized vicinity. Its functionality of a centralized collection of data, correlation, and analysis of the various chronological and geographical safety information from Fortinet appliances & third-celebration devices deliver a simplified, consolidated view of companies danger publicity.

72. What are the different authentication and encryption mechanisms available in Fortigate Firewall?

Ans:

• WPA2 – Enterprise 802.1x/EAP (Personal pre-shared key of 8-63 characters)
• WPA – Enterprise 802.1x/EAP (Personal pre-shared key of 8-63 characters)
• WEP 128 (26 Hexadecimal digit key)
• WEP 64 (10 Hexadecimal digit key)
• None
It is advisable to use WPA2, which is the strongest method for authentication and encryption

73. Mention some points while configuring the network?

Ans:

Don’t leave the backdoor to access the firewall.

Prepare network diagram consists of IP addressing, cabling, and network devices.

74. What is the command to power off the FortiGate unit via CLI?

Ans:

To power off the FortiGate unit.

Execute shutdown.

75. What are the points that should be considered while installing/mounting a Fortinet firewall (hardware) in the rack?

Ans:

Below are the points of consideration while mounting a firewall:

• The room temperature should be in the range of ambient temperature defined by the Original Equipment Manufacturer (OEM)
• Reliable earthing mechanism
• Adequate airflow provided for safe operation
• Adequate precautions for overcurrent and supply wiring

76. What is Security Fabric?

Ans:

Security Fabric is a security solution to detect, monitor, block, and remediate cyber-attacks.

77. What are the steps that should take before each upgrade of firmware of the Fortinet firewall?

Ans:

Step 1: Back up and store old configuration.

Step 2: Back up a copy of the old firmware executable. This is for the worst-case scenario. If something bad happens, you have an option of rollback.

Step 3: Read the NOTE released by the manufacturer. It may contain useful information related to bug fixation, performance, etc.

Step 4: Upgrade.

78. Mention the steps for backing up the FortiGate configuration via GUI.

Ans:

Dashboard -> select Backup in System Information widget -> select drive for storing -> Encrypt configuration file – > Enter a password and select Backup – > save the configuration file

79. What is the backup configuration file format in the Fortinet firewall?

Ans:

The configuration file will have a .conf extension.

80. What is FortiManager and use cases for it?

Ans:

81. How do you take a backup of the configuration of a Fortinet firewall?

Ans:

You can use below CLI commands for backup configuration:

• execute backup config management-station <'comment>
• execute backup config usb <'filename-backup> [<'password-backup>]

82. How to disable administrative access from the internet?

Ans:

You can disable administrative access from the outside world via GUI and CLI.

• via CLI:
• config system interface
• edit <'external-interface>
• unset allowaccess
• end
• via GUI:
• Network -> Interfaces, edit external interface and disable five protocols: HTTPS, PING, HTTP, SSH, and TELNET under Administrative Access.

83. How to maintain short login timeouts while accessing the FortiGate firewall?

Ans:

Below command can be used to short the login timeouts:

• config system global
• set admin timeout 5
• end

84. How can you send logs to FortiAnalyzer/FortiManager in an encrypted format by using GUI?

Ans:

Select Log & Report > Log Settings and configure Remote Logging to FortiAnalyzer/FortiManager (select Encrypt log transmission).

85. Write the CLI command to disable auto USB installation?

Ans:

Below is the CLI code snippet to disable USB installation:

• config system auto-install
• set auto-install-config disable
• set auto-install-image disable
• end

86. How does Fortinet provide support in case of any difficulty faced by a network administrator?

Ans:

You can access the “Customer Service & Support” page on the Fortinet portal. Following options are available to resolve any issue:

• Knowledge Base
• Fortinet Document Library
• Training & Certification
• Fortinet Video Library
• Discussion Forums
• Contact Support

87. What is the FGCP cluster?

Ans:

FGCP stands for FortiGate Clustering Protocol. It is a proprietary High Availability (HA) solution provided by Fortinet. Fortigate HA solution consists of a minimum of two firewalls configured for high availability operation.

88. How can we configure FortiOS to turn on global strong encryption?

Ans:

Global strong encryption means to allow only strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS, SSH, and SSL/TLS. We can use the below command to configure FortiOS:

• config sys global
• set strong-crypto enable
• end

89. Write the important CLI command to disable or deactivate auto USB installation?

Ans:

The following is the important CLI code snippet to disable or deactivate USB installation;

• Config system auto-install
• Set auto-install-config disable
• Set auto-install-image-disable
• End.

90. What is FortiManager 300E?

Ans:

91. What happens if the disk logging is disabled in the FortiGate unit?

Ans:

The hard disk logging is disabled, then the logs are written to flash memory. Constant rewrites to flash drives will reduce the lifetime and efficiency of the memory.

92. How to take a backup of the Fortinet firewall configuration?

Ans:

Here you can follow the given CLI commands for the backup configuration;

• Execute backup config management- station
• Execute backup config USD < Filename-backup> []
• For FTP;
• Execute backup config ftp [] [] [].
• For TFTP;
• Execute backup config tftp.

93. What are the various steps that should be taken by any user before performing up-gradation of the firmware of the Fortinet security Firewall?

Ans:

Back up -> store the old configuration

Back up the copy -> then the old Fortinet firmware can be executed. This is one of the worst-case scenarios.

Now the user needs to Read the NOTE command which is released by the manufacturer. This may consist of firewall mechanisms useful information related to debugging fixation, and test the performance, etc.

Finally upgrade the system.