NSE 4 – FortiGate 6.4 — Question 52

Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Answer options

• A. Set the maximum session TTL value for the TELNET service object.
• B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
• C. Create a new service object for TELNET and set the maximum session TTL.
• D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Correct answer: C, D

Explanation

The correct answers are C and D because creating a new service object for TELNET with a higher session TTL (option C) and implementing a new firewall policy that prioritizes this service object (option D) directly address the timeout issue. Options A and B do not resolve the problem effectively, as they either adjust existing settings without creating a new service object or apply changes that could impact other services running through FortiGate.