NSE 4 – FortiGate 6.2 — Question 94

An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection.
Which two actions can eliminate the certificate error generated by deep inspection? (Choose two.)

Answer options

• A. Implement firewall authentication for all users that need access to fortinet.com.
• B. Manually install the FortiGate deep inspection certificate as a trusted CA.
• C. Configure fortinet.com access to bypass the IPS engine.
• D. Configure an SSL-inspection exemption for fortinet.com.

Correct answer: B, D

Explanation

The correct actions to eliminate the certificate error are B and D. Manually installing the FortiGate deep inspection certificate as a trusted CA allows the firewall to recognize the SSL connections correctly, while configuring an SSL-inspection exemption for fortinet.com stops the firewall from inspecting the traffic, thus avoiding the certificate error. Options A and C do not address the SSL inspection issue directly, so they cannot resolve the certificate error.