NSE 4 – FortiGate Administrator 7.6 — Question 38

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

Answer options

• A. The selected SSL inspection profile has certificate inspection enabled.
• B. The browser does not trust the FortiGate self-signed CA certificate.
• C. The website is exempted from SSL inspection.
• D. The EICAR test file exceeds the protocol options oversize limit.

Correct answer: A, C

Explanation

Option A is correct because if the SSL inspection profile has certificate inspection enabled, the FortiGate may not properly inspect the encrypted traffic. Option C is also correct as an exemption from SSL inspection would prevent the firewall from scanning the HTTPS traffic for viruses. Options B and D are incorrect; the trust issue with the CA certificate does not directly affect virus detection, and the size of the EICAR file is not a relevant factor for the failure to detect the virus.