La mayoria de las VPNs son SSL o IPsec, FortiOS soporta ambas, incluso las mas debiles en seguridad como PPTP.
SSL resides higher upon the network stack than IP and; therefore, it usually requires less bits—less bandwidth—for SSL-VPN headers.
lPsec uses some special protocols. The primary protocol is ESP, which encapsulates and encrypts UDP, RDP, HTTP, or other protocols that are inside in the lPsec tunnel.
?
SSL-VPN
IPsec VPN
SSL
IPsec
What does a VPN do?
A. Extends a private network across a public network
B. Protects a network from external attacks
Which statements about lPsec and SSL VPNs are true?
A. Either an SSL-VPN or an lPsec VPN can be established between two FortiGate devices.
B. Either an SSL-VPN or an lPsec VPN can be established between an end-user workstation and a FortiGate device.
SSL - VPN deployment modes
Tunnel mode Web mode
Web tunnel mode
Requires only a web browser Supports a limited number of protocols: - Citrix, FTP, HTTP/HTTPS, Port Forward, RDP, SMB/CIFS, SSH, Telnet, VNC, and Ping
Tunnel mode
Web mode
Accessed through a standalone client Requires a virtual adapter on the client’s host
Web access is the simplest SSL-VPN mode.
All traffic routes through an SSL-VPN tunnel to a remote FortiGate, then to the destination. This includes Internet traffic. An egress firewall policy is required. Traffic inspection and security features are applied.
Split tunneling disabled
Split tunneling enabled
Only traffic destined for the private network is routed through the remote FortiGate. Internet traffic uses the local gateway; unencrypted route. Conserves bandwidth and alleviates bottlenecks.
Split tunneling disable
A web-mode SSL-VPN user connects to a remote web server. What’s the source IP address of the HTTP request the web server receives?
A. The remote user's IP address
B. The FortiGate device's internal IP address
Which statements about tunnel-mode SSL-VPN are correct?
A. It supports split tunneling.
B. It requires a bookmarks.
A web-mode SSL-VPN user accesses internal network resources by using :
A. Bookmarks
B. FortiClient
Which of the following steps is necessary to configure SSL-VPN connections?
A. Create firewall policies to and from the SSL-VPN interface.
B. Enable event logs for SSL-VPN traffic: users, VPN, and endpoints.
What action may allow Internet access to SSL-VPN users in tunnel mode if the remote network does not have Internet access?
A. Enable split tunneling
B. Configure the DNS server to use the same as the client’s system DNS.
SSL-VPN Realms
SSL-VPN Personal bookmarks
Which statement about SSL-VPN realms is correct?
A. Allow access to different SSL-VPN portals by user groups.
B. Allow unlimited concurrent SSL-VPN users.
Which FortiGate interface allows administrators to create user-specific bookmarks?
A. Command line interface (CLI)
B. Graphical user interface (GUI)
Why is it necessary to run a client integrity check (host—chec k)?
A. To check whether specific security software is running on SSL-VPN users’ computers
B. To check whether a specific security certificate is running on SSL-VPN users’ web browsers
Which security action restricts SSL-VPN connections from users located in a specific country or region?
A. Restricting hosts by MAC address
B. Restricting hosts by IP address
To view the status of SSL-VPN acceleration, use the following command:
get vpn status ssl hw-acceleration-status
get vpn ssl status hw-acceleration
What does the SSL-VPN monitor feature allow you to do?
A. Monitor SSL-VPN user actions, such as authentication.
B. Force SSL-VPN user disconnections.
Which statements about SSL-VPN timers are correct?
A. SSL-VPN timers can avoid logouts when SSL-VPN users experience long network latency.
B. The login timeout is a non-customizable hard value.
Please wait - loading…