ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_PBC-6.4 All Questions

View all questions & answers for the NSE7_PBC-6.4 exam
Go to Exam

Exam NSE7_PBC-6.4 topic 1 question 17 discussion

Actual exam question from Fortinet's NSE7_PBC-6.4
Question #: 17
Topic #: 1
[All NSE7_PBC-6.4 Questions]

Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

  • A. In the configured load balancer, access the inbound NAT rules section.
  • B. In the configured load balancer, access the backend pools section.
  • C. In the configured load balancer, access the inbound and outbound NAT rules section.
  • D. In the configured load balancer, access the health probes section.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by sp0ng3 at May 23, 2022, 8:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
charruco
2 years, 7 months ago
Selected Answer: A
A is correct I created a LAB environment (FTG AA) and I didn't find any information in the outbound NAT rules section (ELB). From the resource group Overview page, click the external load balancer name to load it. From the navigation column, click Inbound NAT Rules. https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/889158/connecting-to-the-fortigate-vm-instances
upvoted 3 times
...
virab
2 years, 8 months ago
You can't specify multiple IP addresses and IP address ranges in network security groups created through the classic deployment model. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
upvoted 1 times
...
ashrf_forti
2 years, 8 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
kinge2
3 years ago
Selected Answer: A
Inbound NAT rules These rules are applied to a specific host and are not load-balanced. As such, these are typically used for management. https://docs.fortinet.com/document/fortigate-public-cloud/6.0.0/use-case-high-availability-for-fortigate-on-azure/224311/basic-concepts
upvoted 1 times
...
kinge2
3 years ago
Selected Answer: A
A is correct as per https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking#azure-virtual-machine-scale-sets-with-azure-load-balancer - it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).
upvoted 1 times
...
tachy_22
3 years ago
I think is A, you can check the public IP address in Inbound NAT rules.
upvoted 2 times
...
goCisco
3 years, 1 month ago
it should be B? as when you check pool you get to know the pool member and the health check as well?
upvoted 1 times
...
sp0ng3
3 years, 2 months ago
A is the correct answer https://docs.microsoft.com/en-us/azure/load-balancer/components
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel