Fortinet (Fortigate) Firewall


Interview Question & Answers Vol 1.0

Categories: ,


Fortinet (Fortigate) Firewall Interview  Q&A Vol 1.0

Questions 101

Check the complete list of questions:

  1. You have opened a fresh Fortigate firewall, and need to access it. What is the default password for Fortigate firewall?
  2. As a new firewall is out of the box, and you need to connect it to your laptop for accessing it and then configure it, what is the management IP subnet you should assign to your laptop to access Fortinet firewall? In addition, what is the default IP address for managing the Fortinet firewall?
  3. As a network security expert you should have fair idea of configuring aggregate interface via CLI on fortigate, write basic set of commands needed to configure multiple ports in aggregate interface of IEEE 802.3ad?
  4. You are assigned to work on a new Fortigate firewall. What are the options available to access it (mention all those protocols/mechanisms?
  5. In FortiOS, which menu in Web GUI allows you to see the overall status in the form of widgets and to configure some system options?
  6. In Fortigate GUI, which menu allows to configure routing options?
  7. You are assigned a task to configure some security features like web filtering and antivirus. Which FortiOS GUI menu will you navigate in order to configure these features?
  8. You are working as a network security engineer with Fortinet firewalls in your network. Where would you navigate in order to configure user accounts, groups, and authentication methods, including external authentication and single sign-on (SSO)?
  9. You are supposed to setup an alert mechanism to be automatically notified in case of a critical event. You should setup an email alerts to your network team and management in such cases. Where should you be able to do the same in WEB GUI of fortigate firewall?
  10. Which menu using GUI will you navigate to in order to configure HA cluster in Fortigate Firewall?
  11. You have recently acquired a new SNMP NMS server for you whole network monitoring and visibility. You need to enable Fortigate interfaces to accept SNMP messages. Using GUI how can you perform this task?
  12. As a network Engineer, you prefer to work on CLI always over GUI, because not all settings are available for GUI to configure. So in Fortinet we should be aware of ways to connect with CLI. Can you briefly describe all these ways?
  13. As a network engineer, you are required to create a new soft switch on Fortigate firewall. Using CLI, mention the configurations you should perform to achieve this task.
  14. You have a new FortiGate firewall and for management and testing purposes, need its Port 1 to be allowed for ping, Http and SSH access. What will be the configuration?
  15. You are given a task to back up your configurations using SCP i.e. Secure File Copy and for this, you would need to enable it globally on firewall. How can you configure it to do so?
  16. Explain very briefly the steps you will perform using FortiGate GUI to take configuration backups?
  17. Mention basic configuration from CLI to configure new Zone?
  18. You are working as operations engineer and for that, your daily task is to take configuration backups to make sure you have latest configurations in case of any disaster. Using CLI, what one line will make sure you can take configuration backup on USB?
  19. You are informed that some users are not getting the servers access, which was working unit recently. After basic information gathering you figured out that there was some change performed on Fortinet, which could have caused services outage. You quickly made a decision to restore the configuration to last best one, which was taken recently. Using GUI how can you restore the configurations?
  20. You are informed that some users are not getting the servers access, which they used to get. After basic information gathering you figured out that there was, some change happened on Fortinet, which could have caused services outage. You quickly made a decision to restore the configurations to last best configurations, which was taken recently. Using CLI and having backup configuration on your USB how can you restore the configurations quickly?
  21. Define briefly what a security policy is and why a firewall security policy is very important for any type of traffic passing through the firewall?
  22. Using Fortigate in HA, you should always make sure to put hostnames on each device separately so that you can identify them in cluster that which firewall is active or backup. Using CLI how can you configure the hostname on firewall?
  23. You have been using FortiGate on your multiple sites since long time. Now you have decided to move one of your firewalls and dismantle it from one office location because it has been closed. Your plan is not to re-use this Firewall on another location, and for that, you need to erase all configurations to default. Which command you may use to do it?
  24. Your firewall has many settings; including NAT, VPNs, and routing which is all messed up. Now you have decided to re configure all these settings but making sure that interface configurations are not changed during this reset. Which is the shortest way to do it?
  25. You have many Users who need auto IP assignment. Being aware that Fortigate does provide DHCP feature and so it can act as a DHCP server as well. Using GUI how can you configure it as a DHCP server?
  26. Which menu will you go to and what steps will be performed to configure an interface on FortiGate firewall?
  27. Briefly explain the standard configurations set which is required to configure pair of FortiGate firewalls in Active-Active High Availability cluster?
  28. You need to configure virtual pair in your FortiGate Firewall, and using GUI, you must know all steps to do so. Mention those steps briefly?
  29. What are the basic CLI commands, which you must know as a network security engineer, to configure an interface under VDOM?
  30. As a network operations engineer, you need to ensure that not everyone can access or ping your firewall interfaces. For that purposes there is a feature called administrative access. Using FortiOS GUI, how can you allow restricting users for ping, http, https etc. protocols for a particular interface?
  31. You need to make sure your virtual Pair interface forwards traffic properly between the paired interfaces Port 3 and Port 4; you are required to make security policy to allow that. Write down CLI configurations to do so?
  32. As a network operations engineer, you need to ensure that not everyone can access or ping your firewall interfaces. For that purposes there is a feature called administrative access. Using FortiOS CLI, how can you allow restricting users for ping, http, https etc. protocols for a particular interface?
  33. You are going to setup new firewalls and that too in High Availability Active-Active Mode (cluster). Using GUI, you should be able to do so. Mention all steps, which you should take to do so?
  34. What is the name of protocol for link aggregation to combine multiple links for achieving more bandwidth as well as link redundancy?
  35. You are given a task by your manager to create link aggregation on ports 1 to 3 on Fortigate firewall using GUI, and assign IP address of along with administrative access of ping and HTTPs. How would you accomplish these steps?
  36. What is the main difference between a redundant interface type and aggregate interface type?
  37. Using CLI, you should know how multiple interfaces could can be configured in redundant type mode. Mention cli configurations to make port 1, 2 and 3 as redundant ports.
  38. Using GUI, which steps you need to follow to configure Virtual Pair Interface Security Policy?
  39. You have setup a new SSL VPN for customers, but somehow it is not working. You want to see the VPN logs and events to troubleshoot further and zero in on the specific area where you will need to fix the issue. How can you configure VPN logs using CLI?
  40. You have been given task to separate the networks of different departments into different broadcast domains, using which feature technology can this be achieved so that each network is separated from other in layer 2 broadcast domain?
  41. What is the main different between FortiGate firewall setup in NAT mode and in transparent mode?
  42. If you are configuring Fortigate with multiple sub interfaces, related to separate networks and vlans. In such case which mode you have to use on FortiGate?
  43. You have been working on an existing network without any security appliance. It has been decided to integrate FortiGate firewall between trusted LAN network and Internet Gateway router. You don’t want to disturb existing network and using minimum possible changes want to achieve this, How can this be achieved?
  44. Fortigate firewall is being used in enterprise environment. To avoid overhead associated with static routing, you prefer dynamic routing. Which routing protocol should be preferred in LAN setup?
  45. Write down the basic configurations for creating a sub interface for vlan 10 in firewall with IP address
  46. Describe briefly about the “software switch feature” in Fortigate? What are its main characteristics and benefits?
  47. One of the strong features of Fortinet Fortiguard is its web filtering and anti-spam. Using GUI how can you setup this feature? Mention basic configuration template to setup web filtering.
  48. Using GUI, you are supposed to configure a new soft switch, write down all steps, which can achieve this task?
  49. What is a “ZONE” and what are its benefits in firewall management and administration?
  50. How to create new Zones in Fortigate using GUI?
  51. Make a basic firewall security policy, which allows LAN traffic from Zone 1 towards Internet Port# 10?
  52. In a single Zone, if you need to deny different interfaces to talk to each other, which command or configuration you should apply so that different interfaces under same zone cannot communicate to each other?
  53. Define the term “virtual wire pair” and in what circuimstances it should be used?
  54. You are asked by your manager to configure two interfaces as virtual pair in your firewall. Write the configurations steps for adding port 2 and port 4 in virtual pair?
  55. You need to configure failure detection for your aggregate interfaces so that the specific interfaces goes down or becomes up when the aggregate interface changes its state. How can you configure using CLI such feature?
  56. Briefly, mention the steps you will take to navigate and configure the DNS servers on Fortigate firewall?
  57. Using CLI, you are asked to configure DNS settings, including DNS servers and local domain list. How can you do so using FortiOS CLI?
  58. Fortigate is very powerful and feature rich firewall. One of the main advantages is that it can be used as a DNS server. Using GUI briefly mention these steps?
  59. If internet users are unaware of any proxy that they are being in use and web browsing has been usual, then what kind of proxy is this being in action?
  60. Which technique used widely in all over the world to map a range of Private IPs to a lesser range of public or single Public IP for giving access over the internet?
  61. Your team lead has noticed that many Fortigate firewall interfaces are not being monitored properly in NMS. To ensure that the firewall interfaces receive the SNMP messages you should configure them properly. Using CLI how can you perform this task?
  62. In Fortigate firewall, you want to give your internet users a seamless internet experience without extra proxy settings at their end. Using CLI, configure the Transparent Proxy settings along with its desired policy to work?
  63. A new network is being setup in your enterprise, and you need to make sure the users get automatically IP assignment. You have already a working FortiGate firewall, which does provide DHCP server features. Using CLI how can you configured DHCP settings, like default gateway, IP range, DNS etc.
  64. LLDP is very powerful feature, which is often required in networks where neighboring devices existence and capabilities information is exchanged. You need to allow LLDP to run globally on your devices, for that how can you configure it on FortiGate?
  65. For administrating the Fortigate firewall for your network security team, you must ensure that your password policy is compliant to the standards. You are asked by the CTO of your company to enforce strict password policy for firewall administration; write a basic configuration template in CLI to do so?
  66. In case you need to only provide security to the network traffic and avoid using new network or layer 3 settings on firewall, which operating mode you should run your FortiGate Firewall?
  67. You have purchased many Fortinet firewalls, and one of them needs to be used dedicatedly for NAT purposes to translate private LAN IPs to public ISP assigned IP on WAN interface of Firewall. Which firewall mode you must configure to achieve this?
  68. What are the two main types of NAT in FortiGate firewall, which you can use?
  69. You have many engineers working on daily basis as operations team on FortiGate firewall. You want to configure specific profiles for administrating the firewall for such users like Name, Access permissions etc. Using GUI, where will you navigate to specific page to do perform this?
  70. You are working as a network engineer in an enterprise where a dedicated LDAP server for users exists; you want your firewalls to use this LDAP for remote authentication of your firewalls. Using CLI mention basic configuration template for LDAP settings on FortiOS?
  71. You need to secure the management of your FortiGate by using technique of changing default ports. Using CLI how can you change the default common ports, like HTTP, SSH and Telnet?
  72. It happens often that while working on Fortinet, an administrator left his desk for a small break and his system can be accessed physically by someone around. How can you avoid such a situation so that someone around cannot easily take an unattended opened Fortinet access?
  73. As a network security engineer, you must know about the Virtual Domains or VDOMs in Fortinet terminology. Can you describe briefly about VDOMs?
  74. All the traffic, which passes through Fortinet firewall, is always inspected by a security policy. Mention the systematic process of packet operation when it enters into firewall?
  75. Using GUI as well as CLI you must know how to assign an interface to a particular VDOM, briefly explain the steps?
  76. Which command in CLI in global configurations you can issue to enable Multi VDOM mode in FortiOS?
  77. Using GUI, you are assigned to create new VDOMs, you should however also know the same task to do in CLI how can you do so using both GUI and CLI?
  78. Your Fortigate firewall WAN1 interface is connected with ISP and you need to send all the traffic as a default route towards ISP IP. ISP has given you their side IP address as How can you configure a default static route suing both CLI and GUI in your Fortigate firewall?
  79. You have been assigned a task to NAT all the private networks in your enterprise to single Public IP address configured on WAN interface of FortiGuard and assigned by ISP. What kind of NAT you will use to successfully perform the address translations for giving internet access to your networks?
  80. Which redundancy feature is used to provide redundancy by employing multiple firewalls for protection against down time of applications and services?
  81. What are the basic requirements for FortiGate firewalls to be part of a High Availability cluster, name few of them at least?
  82. In order to make a cluster of Fortigate firewalls how many minimal firewalls are required? In addition, name the protocol which is used for High Availability clustering setup?
  83. A high availability or HA cluster is very critical and important for any network setup. In order to ensure that it is properly designed what are the main components we must ensure from design perspective are there so that HA is properly deployed?
  84. In Fortinet HA cluster, Link Failure or device failure can trigger a failover; however, you are now instructed to make sure a failure in SSD can also trigger the failover to backup firewall. Using CLI how can you configure that?
  85. How many ways you can configure the HA cluster setup for FortiGate firewalls?
  86. Write down basic set of commands you need to setup an Active-Passive HA cluster on FortiGate firewalls?
  87. What are the main features you will receive when you subscribe with FortiGuard services on your firewall?
  88. There are 2 VLANs, VLAN 20 for internal network and VLAN 30 for external network i.e. WAN, and you want to configure STATIC NAT from internal network towards WAN external network. Using GUI, mention all steps you should take to configure such NAT.
  89. Fortinet firewall has capability to provide both antivirus and IPS services for any traffic passing through it and to block suspected traffic with its latest updated signatures and definitions. You should always make sure to run IPS and antivirus on your firewall with latest signatures and definitions. Using GUI, which steps you, will take to setup antivirus and IPS on FortiGate firewall?
  90. You have been facing some challenges of inappropriate content coming from Internet to your network. Which FortiGuard feature is used to block access to harmful, inappropriate, and dangerous web sites and how can you configure it?
  91. In Fortinet Firewall security policy, what are the options you can use or actions you may configure for match criteria to treat a packet or traffic entering the firewall?
  92. Configuring the Firewall security policy, there are many match criteria, like IP address, port number etc. Write down as many you may remember those parameters, which can be used in a security policy?
  93. What are the main QOS techniques you can use in FortiGate to limit the traffic rates and optimizing the bandwidth?
  94. You have been asked to limit traffic rate on a particular network/VLAN, but you are not sure which technique from QoS you should use; you have come to conclusion to use between policing and shaping. Can you define the basic difference between policing and shaping in terms of bandwidth control?
  95. You need to connect many office locations over VPN but need a quick solution so that your Ike phases, routing and security policies etc. are created automatically. Which kind of Fortinet solution you should use to get this done?
  96. You are interested in seeing router events in the firewall, and for that, need to enable those logs to be captured by FortiGate. Using CLI how can you enable router events?
  97. WAN optimization and security are always in demand, and every vendor tries to provide SD-WAN capability. While you are connected to multiple WAN interfaces towards ISP, how can you enable SD-WAN using GUI for WAN1 and WAN2 interfaces?
  98. You are going to get multiple Internet connections from ISP, and want to ensure you get full flexibility of routing between your network and ISP as gateway. Which routing protocol you should prefer in this case?
  99. You have multiple office locations, and want remote sites to get the internet access from main site along with many IT services like email server, dhcp server and some IT portals to get access from main head office. What solution you should provide to accomplish that?
  100. You have one important server in your local area network, which is not accessible from internet. However, there is a requirement to get this server accessible from internet on a specific IP and port. You are supposed to configure this on Fortigate. What kind of NAT will you use for that?
  101. You are relocating your network room to another building, therefore need a maintenance window to power off all your network devices, including Fortigate firewall. You must know the safe way to power off the FortiGate. Mention the steps in CLI and GUI method to power off FortiGate firewall?


There are no reviews yet.

Be the first to review “Fortinet (Fortigate) Firewall”

Select your currency
USD United States (US) dollar