NSE 7 – Network Security Architect — Question 23

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

Answer options

• A. TCP half open.
• B. TCP half close.
• C. TCP time wait.
• D. TCP session time to live.

Correct answer: A

Explanation

Increasing the TCP half open timer allows the FortiGate to retain session information until the SYN/ACK packets are received, preventing premature deletion of sessions. The other options, such as TCP half close, TCP time wait, and TCP session time to live, do not directly pertain to the timing of the session establishment process involving SYN and SYN/ACK packets.