NSE 4 – FortiGate 6.0 — Question 125

Which statement regarding the firewall policy authentication timeout is true?

Answer options

• A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
• B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
• C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
• D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Correct answer: A

Explanation

The correct answer is A, as the firewall policy authentication timeout is indeed an idle timeout based on the user's source IP. Options B, C, and D incorrectly describe the timeout as a hard timeout or reference the user's source MAC, which does not apply to this context.