ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE6_FWB-6.1 All Questions

View all questions & answers for the NSE6_FWB-6.1 exam
Go to Exam

Exam NSE6_FWB-6.1 topic 1 question 4 discussion

Actual exam question from Fortinet's NSE6_FWB-6.1
Question #: 4
Topic #: 1
[All NSE6_FWB-6.1 Questions]

Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)

  • A. Enable the Use X-Forwarded-For setting on FortiWeb.
  • B. No Special configuration is required; connectivity will be re-established after the set timeout.
  • C. Place FortiWeb in front of FortiADC.
  • D. Enable the Add X-Forwarded-For setting on FortiWeb.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header
Reference:
https://help.fortinet.com/fweb/560/Content/FortiWeb/fortiweb-admin/planning_topology.htm
by Bri50 at Dec. 14, 2021, 5:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
adiaz_
2 years, 5 months ago
is A because the LB is upstream
upvoted 1 times
...
adiaz_
2 years, 5 months ago
a and c are corrects
upvoted 1 times
...
Boch_333
2 years, 5 months ago
Selected Answer: CD
I am with Bri50. Check FortiWeb Study Guide P.57: It specifically says the easiest solution is to place the Fortiweb in front of the FortiADC. Also makes sense to me to make sure only legitimate traffic goes to a load balancer. X-Forwarded-Fro header can then be used for the FortiADC for session persistence.
upvoted 1 times
...
hem82
3 years, 1 month ago
Selected Answer: AC
A is correct, since ADC is in front of fortiweb C is correct as it will use XFF to identify source
upvoted 2 times
...
hrolrh
3 years, 4 months ago
A is correct, since ADC is in front of fortiweb. Fortiweb needs to see the source client IP in the http header, Second solution = C
upvoted 2 times
...
Bri50
3 years, 4 months ago
Correct answer C,D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago