An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?
A.
FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
B.
FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.
C.
FortiManager will leave the address object empty.
D.
FortiManager will temporary disable the status of the referenced firewall policy.
"B" is correct. "A" would be correct if the statement had something like "after locking the ADOM the administrator can..." you can not just jump and delete without the locking ADOM step in workspace mode. The key to this question is the workspace mode. "A" would be correct when workspace is disabled
Agreed. I just tested this in my FortiManager (7.2) and trying to delete an object without having the ADOM locked results in an error message that no write access is available. So the ADOM has to be locked first before an address object can be deleted. Since the question does not specify if the ADOM as locked I would expect to get the error that the ADOM must first be locked before a delete option can take place.
FortiManager 7.0 Study_Guide-Online ---> page 20
"When workspace is enabled, the ADOM is initially read-only. To enable read/write permissions, and make ADOM changes, you must lock the ADOM "
Tricky question.
A is correct. If you delete the referenced address object, FortiManager will replace it with the none object in the firewall policy where the object was used. But this will happen "only" after you lock the adom.
That's why B also is true. If you enabled workspace mode, you need to lock the adom first, before attempting to delete the address object.
However, in B, the way it is written makes me doubt. Because FortiManager will not allow you, not only to delete a referenced address object, but will not allow you to change anything until the ADOM is locked. And, in the way it is writtet, is like you only need to lock the ADOM for deleting "referenced" address objects. Which is not true, because you need to lock the ADOM to delete any object.
A: FortiManager_7.0_Study_Guide-Online.pdf page 209: On FortiManager, it is possible to delete a used object. FortiManager will display a warning message stating that the object is currently used by other firewall policies or objects. To view the references of this object, click
Where Used. However, if you delete a used object, FortiManager will replace it with a none object. The none object is equal to null, which means any traffic that meets that firewall policy will be blocked. Unless, there is a more broad policy that still meets the traffic requirement or a policy defined to allow all traffic (catch all).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ruzjio
Highly Voted 2 years, 4 months agowhatz
2 years, 4 months agoidline_network
Most Recent 2 years agoTJS001
2 years agoGreatDeal
2 years, 1 month agoama6
2 years, 3 months agosoporte127
2 years, 1 month agodrumigue
2 years, 3 months agodrumigue
2 years, 3 months agodrumigue
2 years, 3 months agoD10SJoker
2 years, 3 months agoSlatz
2 years, 4 months agomorningstar
2 years, 4 months agomorningstar
2 years, 5 months agoKavinT
2 years, 5 months ago