NSE 8 – Network Security Expert (810) — Question 1

You have deployed a FortiGate in NAT/Route mode as a Secure Web Gateway with a few IP-based authentication firewall policies. Your customer reports that some users now have different browsing permissions from what is expected. All these users are browsing using Internet Explorer through a Remote Desktop
Connection to a Terminal Server.
When you look at the FortiGate logs, the username for the Terminal Server IP is not consistent.
Which action will correct this problem?

Answer options

• A. Make sure the Terminal Server is using the correct DNS server.
• B. Configure FSSO Advanced with LDAP integration.
• C. Change the FSSO Polling mode to Windows NetAPI.
• D. Install the TS/Citrix agent on the terminal server.

Correct answer: B

Explanation

The correct answer is B because configuring FSSO Advanced with LDAP integration will allow for proper user identification and authentication, resolving the inconsistency issue. Option A is incorrect as DNS settings do not directly affect user authentication. Option C is not relevant since changing polling modes does not address the underlying user identification problem. Option D, while potentially useful for other scenarios, does not fix the inconsistency in user identification in this case.