Refer to the exhibits. The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
A.
Apple FaceTime will be allowed, based on the Video/Audio category configuration.
B.
Apple FaceTime will be allowed, based on the Apple filter configuration.
C.
Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.
D.
Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.
D. Just because it says that there are only a few calls, the filter override is a CATEGORY of EXCESSIVE BANDWIDTH. It matches. This question comes directly from page 259 of the study guide.
Even if FaceTime is also present in another filter with a lower priority (Monitor action), FortiOS processes filter overrides by signature, and in this case, the blocking override takes precedence.
Let me know if you'd like the official Fortinet KB reference for how application filter overrides are evaluated.
As Excessive-Bandwidth is placed above the apple Override, the Facetime-traffic wil lbe blocked, as the Excessive Bandwidth is processed first, and includes FaceTime as well. This scenario is detailed on page 259 in the FGT_7.4_Administrator study guide.
Correct Answer:
D. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.
A. Incorrect: Video/Audio category is set to "Block," so FaceTime would not be allowed.
B. Incorrect: The Apple filter set to "Monitor" does not override the higher-priority "Excessive-Bandwidth" block.
C. Incorrect: Even if Apple filter were "Allow," the "Excessive-Bandwidth" block still takes precedence.
D. Correct: FaceTime is categorized under "Excessive-Bandwidth," and this override has the highest priority, explicitly blocking it.
Conclusion: FaceTime is blocked because the "Excessive-Bandwidth" filter takes priority.
Based on the application control filters order, (app overrides - filter overrides - categories), when you set face time to allow, FortiGate continue to the next AC Filter, where "Excesive bandwidth" is blocked
I guess is B 'cause FaceTime is going to be monitored If there is an excessive bandwith so FaceTime will be blocked. And also remember that said few incoming and outgoing calls would be made.
With regards to the configuration above, Apple FaceTime would be allowed based on the application filter override configuration. It would only be blocked if the consumes bandwidth excessively which according to the question states that it is only a few calls originating or incoming.
Pagina 257
Scanning Order:
After the IPS engine examines the traffic stream for a signature match, FortiGate scans packets for matches,
in this order, for the application control profile:
1. Application and filter overrides: If you have configured any application overrides or filter overrides, the
application control profile considers those first. It looks for a matching override starting at the top of the
list, like firewall policies.
2. Categories: Finally, the application control profile applies the action that you’ve configured for applications
in your selected categories.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Knocks
Highly Voted 8 months, 1 week agoBeatledrew
Highly Voted 8 months, 2 weeks agodirkdigs
Most Recent 3 weeks, 6 days agotruserud
3 months, 3 weeks agorigonet
5 months, 2 weeks agosxcap
5 months, 3 weeks agosxcap
5 months, 3 weeks agorene.post
6 months agox666
5 months, 2 weeks agoCharly0710
6 months agos4mu3l007
6 months, 3 weeks agomiguelmagr
8 months agomiguelmagr
8 months agowsdeffwd
8 months, 2 weeks agoBillyon
8 months, 2 weeks agoIBB90704
8 months, 3 weeks ago