NSE 4 – FortiGate 7.2 — Question 75

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

Answer options

• A. The matching firewall policy is set to proxy inspection mode.
• B. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
• C. The full SSL inspection feature does not have a valid license.
• D. The browser does not trust the certificate used by FortiGate for SSL inspection.

Correct answer: D

Explanation

The correct answer is D because browsers require that certificates be trusted to avoid warnings. Since FortiGate generates a certificate for SSL inspection, if the browser does not trust it, errors will occur. Options A, B, and C are incorrect as they do not directly address the trust issue between the browser and the FortiGate certificate.