NSE 4 – FortiGate 6.4 — Question 55

Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

Answer options

• A. To generate logs
• B. To finish any inspection operations
• C. To remove the NAT operation
• D. To allow for out-of-order packets that could arrive after the FIN/ACK packets

Correct answer: D

Explanation

The correct answer is D because maintaining the session allows FortiGate to handle any late-arriving packets that could disrupt the session termination process. Option A is incorrect as logging does not require the session to be held open. Option B is also wrong since any inspection should typically be completed before the session closes. Option C is not valid because NAT removal does not need to prolong the session in the table.