NSE 4 – FortiGate 7.2 — Question 13

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)

Answer options

• A. The website is exempted from SSL inspection.
• B. The EICAR test file exceeds the protocol options oversize limit.
• C. The selected SSL inspection profile has certificate inspection enabled.
• D. The browser does not trust the FortiGate self-signed CA certificate.

Correct answer: A, C

Explanation

The correct answer includes A and C because if the website is exempt from SSL inspection, the FortiGate cannot inspect the encrypted traffic to detect the virus. Additionally, if the SSL inspection profile has certificate inspection enabled, it could lead to issues in inspecting the content properly. Options B and D are incorrect as they do not directly relate to the failure of virus detection in this context.