A financial services firm has deployed a FortiGate HA cluster in Active-Passive mode. To comply with audit requirements, all administrative changes to the primary unit must be synchronized to the secondary unit in real-time, including CLI commands entered directly on the primary. Which configuration setting ensures this behavior?
A network architect is designing a large-scale enterprise network with multiple regional data centers. They plan to use OSPF as the IGP within each region and BGP to connect the regions. To prevent routing loops and ensure optimal path selection, which BGP attribute should be manipulated on the regional border routers to influence how other regions enter their network?
An administrator is configuring an ADVPN network with two hubs and multiple spokes. To ensure that spoke-to-spoke traffic can establish direct shortcut tunnels without traversing a hub, which two settings are essential on the hub's Phase 1 configuration? (Select TWO)
A security analyst at a healthcare organization is investigating an alert from the FortiGate IPS. The alert indicates a potential SQL injection attack from an internal IP address to a critical patient records server. To perform a thorough forensic analysis, the analyst needs to see the exact payload that triggered the IPS signature. What must be configured on the IPS sensor for this data to be available in the logs?
True or False: When FortiManager is used as a local FortiGuard Distribution Server (FDS), it can cache and distribute antivirus and IPS updates, but web filtering and antispam rating lookups from managed FortiGates still require a direct connection to public FortiGuard servers.
A systems administrator is reviewing the performance of a FortiGate 1800F with NP7 processors. They observe that traffic matching a firewall policy with a per-IP traffic shaper applied is not being offloaded to the NP7 processors, resulting in high CPU utilization. Why is the traffic not being offloaded?
An engineer is troubleshooting an OSPF adjacency issue between two FortiGates. The `diagnose ip router ospf neighbor` command shows the neighbor is stuck in the `ExStart/Exchange` state. What is the most likely cause of this issue? ```mermaid flowchart LR A[FortiGate-A] -- OSPF Hello --> B(FortiGate-B) B -- OSPF Hello --> A A -- DB Description --> B B -- DB Description --> A subgraph Stuck Here A -- "ExStart/Exchange" -- B end ```
A global logistics company is using FortiManager to manage over 500 FortiGate devices across different countries. The security team wants to create a standardized security policy for all devices but needs to allow regional administrators to add specific local exceptions. Which FortiManager feature allows for this combination of centralized control and localized flexibility within a single policy package?
When troubleshooting a route-based IPsec VPN tunnel that is up but not passing traffic, which two areas should an administrator investigate first on the FortiGate? (Select TWO)
A university is using application control to block peer-to-peer (P2P) applications. However, students are using encrypted and obfuscated P2P clients that are not being detected. To improve the detection rate, what is the most critical prerequisite that must be configured on the firewall policy handling student traffic?