FCSS – Enterprise Firewall Administrator 7.4 — Question 13

A company's guest internet policy, operating in proxy mode, blocks access to Artificial Intelligence Technology sites using FortiGuard. However, a guest user accessed a page in this category using port 8443.
Which configuration changes are required for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443 when full SSL inspection is active in the guest policy?

Answer options

• A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile.
• B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports.
• C. To analyze nonstandard ports in web filter profiles, use TLSv1.3 in the SSL/SSH Inspection Profile.
• D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH Inspection Profile.

Correct answer: B

Explanation

The correct answer is B because adding 8443 to the Protocol Port Mapping allows FortiGate to analyze HTTPS traffic on both standard and nonstandard ports. Option A is incorrect as it does not address the port mapping required for inspection. Option C is not relevant because using TLSv1.3 does not impact the ability to inspect nonstandard ports. Option D is also incorrect as enabling SNI check does not provide the necessary inspection capabilities for traffic on a nonstandard port.