An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the two results of this configuration? (Choose two.)
A.
Device detection on all interfaces is enforced for 30 minutes.
B.
Denied users are blocked for 30 minutes.
C.
The number of logs generated by denied traffic is reduced.
C. The number of logs generated by denied traffic is reduced.
D. A session for denied traffic is created.
FortiGate Security 7.2 Study Guide (p.69):
"During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation.
This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
ses-denied-traffic
Enable/disable including denied session in the session table.
option
-
disable
https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/19620/config-system-settings
block-session-timer
Duration in seconds for blocked sessions.
integer
Minimum value: 1 Maximum value: 300
30
https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/2620/config-system-global
C and D are correct, this is because during the session, if a security profile detects a violation, FortiGate records the attack log immediately. To
reduce the number of log messages generated and improve performance you can use the ses-denied-traffic command this puts creates a denied session entry for <x> number of SECONDS.
C D
We enable denied session to be added into the session table to reduce the CPU processing due to denied session from same source/destination ip address, port and protocol.
Solution
Below are the commands to enable denied session to be added into the session table:
#config system settings
#set ses-denied-traffic enable
#end
For optimum performance, adjust the global block-session-timer.
#config system global
#set block-session-timer <1-300> (default = <30>)
#end
config system setting
set ses-denied-traffic enable
set block-session-timer <integer 1 – 300> (this determines in seconds how long, in seconds, the session is kept in the table)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
moutaz1983
Highly Voted 2 years, 4 months agoraydel92
Highly Voted 1 year, 8 months agoDanilo0910
Most Recent 1 year agoMqbx
1 year agoznznzn219
1 year, 3 months agoGeniusA
1 year, 4 months agoredSTORM
1 year, 5 months agoVic2911
1 year, 8 months agoSlash_JM
1 year, 8 months agoSlash_JM
1 year, 8 months agolucas09
1 year, 8 months agoazmiit
1 year, 8 months agoAhmedZkry
1 year, 9 months agoAgentSmith
1 year, 10 months agoleowulf
1 year, 11 months agoferdi1989
1 year, 11 months agojoeytrib
1 year, 11 months ago