NSE 6 – FortiWeb 6.1 — Question 9

When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules?

Answer options

• A. FortiGate public IP
• B. FortiWeb IP
• C. FortiGate local IP
• D. Client real IP

Correct answer: D

Explanation

The correct answer is D, as the X-Forwarded-For (XFF) header is designed to pass the original client IP address through proxies or load balancers, allowing FortiWeb to log the client's actual IP. Options A, B, and C would show IP addresses related to the FortiGate or FortiWeb devices rather than the true client IP.