NSE 4 – FortiGate 6.4 — Question 25

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Answer options

• A. The browser requires a software update.
• B. FortiGate does not support full SSL inspection when web filtering is enabled.
• C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
• D. There are network connectivity issues.

Correct answer: C

Explanation

The correct answer is C because for SSL inspection to work without warnings, the CA certificate used by FortiGate must be trusted by the browser, which requires importing it. Option A is incorrect as it's not related to SSL inspection. Option B is false because FortiGate does support SSL inspection with web filtering. Option D is not relevant since the errors are specifically about SSL certificates, not network issues.