NSE 6 – FortiWeb 5.6/6.0 — Question 18

When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

Answer options

• A. FortiGate's public IP
• B. FortiGate's local IP
• C. FortiWeb's IP
• D. Client's real IP

Correct answer: D

Explanation

The correct answer is D, as the XFF Header is designed to relay the original IP address of the client making the request. Options A, B, and C represent IP addresses associated with the FortiGate or FortiWeb devices rather than the client, which is why they are incorrect.