NSE 4 – FortiGate 6.0 — Question 124

An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

Answer options

• A. Implement firewall authentication for all users that need access to fortinet.com.
• B. Manually install the FortiGate deep inspection certificate as a trusted CA.
• C. Configure fortinet.com access to bypass the IPS engine.
• D. Configure an SSL-inspection exemption for fortinet.com.

Correct answer: B, D

Explanation

The correct actions to resolve the certificate error are B and D. Manually installing the FortiGate deep inspection certificate as a trusted CA allows the firewall to properly inspect the SSL traffic without generating a certificate error. Additionally, creating an SSL-inspection exemption for fortinet.com allows the traffic to bypass deep inspection, thus avoiding the error. Options A and C do not address the certificate issue directly.