Basic Interview Questions FortiGate Firewall
Here we have discussed basic interview questions on the FortiGate firewall. An interviewer may ask practical questions related to FortiGate firewall configuration, security features, etc. Click here if you are interested to know How to secure Network Firewall from Cyber Attacks.
Q1. What are the different authentication and encryption mechanisms available in Fortigate Firewall?
Ans: I am listing below methods in order of strength for authentication and encryption:
- WPA2 - Enterprise 802.1x/EAP (Personal pre-shared key of 8-63 characters)
- WPA - Enterprise 802.1x/EAP (Personal pre-shared key of 8-63 characters)
- WEP128 (26 Hexadecimal digit key)
- WEP64 (10 Hexadecimal digit key)
It is advisable to use WPA2, which is the strongest method for authentication and encryption.
Q.2 Mention some points while configuring the network.
- Don't leave the backdoor to access the firewall.
- Prepare a network diagram consisting of IP addressing, cabling, and network devices.
Q3. What is the command to power off the FortiGate unit via CLI?
Ans: To power off the FortiGate unit
Q4. What are the points that should be considered while installing/mounting a Fortinet firewall (hardware) in the rack?
Ans: Below are the points of consideration while mounting a firewall:
- The room temperature should be in the range of ambient temperature defined by the Original Equipment Manufacturer (OEM)
- Reliable earthing mechanism
- Adequate airflow is provided for safe operation
- Adequate precautions for overcurrent and supply wiring
Q5. What is Security Fabric?
Ans: Security Fabric is a security solution to detect, monitor, block, and remediate cyber-attacks.
Q6. What are the steps that should take before each upgrade of firmware of the Fortinet firewall?
Step 1: Back up and store old configuration.
Step 2: Back up a copy of the old firmware executable. This is for the worst-case scenario. If something bad happens, you have an option of rollback.
Step 3: Read the NOTE released by the manufacturer. It may contain useful information related to bug fixation, performance, etc.
Step 4: Upgrade.
Q7. Mention the steps for backing up the FortiGate configuration via GUI.
Ans. Dashboard -> select Backup in System Information widget -> select drive for storing -> Encrypt configuration file --> Enter a password and select Backup --> save the configuration file
Q8. What is the backup configuration file format in the Fortinet firewall?
Ans: The configuration file will have a .conf extension.
Q9. How do you take a backup of the configuration of a Fortinet firewall?
Ans: You can use below CLI commands for backup configuration:
execute backup config management-station <comment>
execute backup config usb <filename-backup> [<password-backup>]
execute backup config ftp <filename-backup> <ftp_server> [<port>] [<username>] [<password>]
execute backup config tftp <filename-backup> <tftp_servers> <password>
Q10. How to disable administrative access from the internet?
Ans: You can disable administrative access from the outside world via GUI and CLI.
config system interface edit <external-interface> unset allowaccess end
Network -> Interfaces, edit external interface and disable five protocols: HTTPS, PING, HTTP, SSH, and TELNET under Administrative Access.
Q11. How to maintain short login timeouts while accessing the FortiGate firewall?
Ans: Below command can be used to shorten the login timeouts:
config system global set admintimeout 5 end
Q12. How can you send logs to FortiAnalyzer/FortiManager in an encrypted format by using GUI?
Ans: Select Log & Report > Log Settings and configure Remote Logging to FortiAnalyzer/FortiManager (select Encrypt log transmission).
Q13. Write the CLI command to disable auto USB installation.
Ans: Below is the CLI code snippet to disable USB installation
config system auto-install set auto-install-config disable set auto-install-image disable end
Q14. How does Fortinet provide support in case of any difficulty faced by a network administrator?
Ans: You can access the "Customer Service & Support" page on the Fortinet portal. The following options are available to resolve any issue:
- Knowledge Base
- Fortinet Document Library
- Training & Certification
- Fortinet Video Library
- Discussion Forums
- Contact Support
Q15. What is the FGCP cluster?
Ans: FGCP stands for FortiGate Clustering Protocol. It is a proprietary High Availability (HA) solution provided by Fortinet. Fortigate HA solution consists of a minimum of two firewalls configured for high-availability operation.
Q16. How can we configure FortiOS to turn on global strong encryption?
Ans: Global strong encryption means allowing only strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS, SSH, and SSL/TLS. We can use the below command to configure FortiOS:
config sys global set strong-crypto enable end
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.