ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.0 All Questions

View all questions & answers for the NSE4_FGT-6.0 exam
Go to Exam

Exam NSE4_FGT-6.0 topic 1 question 39 discussion

Actual exam question from Fortinet's NSE4_FGT-6.0
Question #: 39
Topic #: 1
[All NSE4_FGT-6.0 Questions]

View the exhibit:

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

  • A. Run a sniffer in the web server.
  • B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
  • C. Capture the traffic using an external sniffer connected to port1.
  • D. Execute a debug flow.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by myutran at Sept. 18, 2019, 9:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
myutran
Highly Voted 5 years, 7 months ago
Correct answer : D
upvoted 7 times
Penn
5 years, 7 months ago
kindly explain
upvoted 1 times
Bluey
5 years, 6 months ago
Traffic is entering FG on port 3 but isnt leaving it on port 1, so problem lies on fortigate. External sniffer is a bogus answer and gives you no information. Only correct option is a debug flow (or simply check logs) to see why traffic is failing
upvoted 4 times
notarussianagent
5 years, 4 months ago
It is not confirmed if traffic is egressing port1, all we see in the flow debug is inbound traffic from the host on port3 that wants to go to the web server out port1. Personally, I would sniff the web host to see if they are getting in. But I feel the answer Fortinet is looking for is what myutran and bluey say it is; D. the flow debug will confirm the traffic inbound on port3 and if it is egressing port1. the flow debug will also show us if the web server traffic is even entering the FG or being denied. Sniffers do not show deny traffic, only debugs do that.
upvoted 1 times
carroyoc
4 years, 11 months ago
It is simple , if you see the filters it says interface any, so this means that if the packet is leaving the Fortigate, we would be able to see it, but we are not. So this means the packet is getting drop in the Fortigate, so we need the debug.
upvoted 3 times
...
...
...
...
...
jbernard
Most Recent 4 years, 11 months ago
Debug flow will show why the Syn packet is not creating a new session https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/054688/debugging-the-packet-flow
upvoted 2 times
...
Levis
4 years, 11 months ago
D is answer
upvoted 1 times
...
montonearm
5 years, 2 months ago
also for me is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago