Basic Interview Questions FortiGate Firewall

Here we have discussed basic interview questions on the FortiGate firewall. An interviewer may ask practical questions related to FortiGate firewall configuration, security features, etc. Click here if you are interested to know How to secure Network Firewall from Cyber Attacks.

Q1. What are the different authentication and encryption mechanisms available in Fortigate Firewall?

Ans: I am listing below methods in order of strength for authentication and encryption:

  • WPA2 - Enterprise 802.1x/EAP (Personal pre-shared key of 8-63  characters)
  • WPA - Enterprise 802.1x/EAP (Personal pre-shared key of 8-63 characters)
  • WEP128 (26 Hexadecimal digit key)
  • WEP64 (10 Hexadecimal digit key)
  • None

It is advisable to use WPA2, which is the strongest method for authentication and encryption.

Q.2 Mention some points while configuring the network.

Ans:

  • Don't leave the backdoor to access the firewall.
  • Prepare network diagram consists of IP addressing, cabling, and network devices.

Q3. What is the command to power off the FortiGate unit via CLI?

Ans: To power off the FortiGate unit

execute shutdown

Q4. What are the points that should be considered while installing/mounting a Fortinet firewall (hardware) in the rack?

Ans: Below are the points of consideration while mounting a firewall:

  • The room temperature should be in the range of ambient temperature defined by the Original Equipment Manufacturer (OEM)
  • Reliable earthing mechanism
  • Adequate airflow provided for safe operation
  • Adequate precautions for overcurrent and supply wiring

Q5. What is Security Fabric?

Ans: Security Fabric is a security solution to detect, monitor, block, and remediate cyber-attacks.

Q6. What are the steps that should take before each upgrade of firmware of the Fortinet firewall?

Ans:

Step 1: Back up and store old configuration.

Step 2: Back up a copy of the old firmware executable. This is for the worst-case scenario. If something bad happens, you have an option of rollback.

Step 3: Read the NOTE released by the manufacturer. It may contain useful information related to bug fixation, performance, etc.

Step 4: Upgrade.

Q7.  Mention the steps for back up the FortiGate configuration via GUI.

Ans. Dashboard -> select Backup in System Information widget -> select drive for storing -> Encrypt configuration file – > Enter a password and select Backup – > save the configuration file

Q8. What is the backup configuration file format in the Fortinet firewall?

Ans: The configuration file will have a .conf extension.

Q9. How do you take a backup of the configuration of a Fortinet firewall?

Ans: You can use below CLI commands for backup configuration:

execute backup config management-station <comment>
execute backup config usb <filename-backup> [<password-backup>]

For FTP

execute backup config ftp <filename-backup> <ftp_server> [<port>] [<username>] [<password>]

For TFTP

execute backup config tftp <filename-backup> <tftp_servers> <password>

Q10. How to disable administrative access from the internet?

Ans: You can disable administrative access from the outside world via GUI and CLI.

via CLI:

config system interface
edit <external-interface>
unset allowaccess
end

via GUI:

Network -> Interfaces, edit external interface and disable five protocols: HTTPS, PING, HTTP, SSH, and TELNET under Administrative Access.

Q11. How to maintain short login timeouts while accessing the FortiGate firewall?

Ans: Below command can be used to short the login timeouts:

config system global
set admintimeout 5
end

Click here for more Firewall Interview Questions

Q12. How can you send logs to FortiAnalyzer/FortiManager in an encrypted format by using GUI?

Ans: Select Log & Report > Log Settings and configure Remote Logging to FortiAnalyzer/FortiManager (select Encrypt log transmission).

Q13. Write the CLI command to disable auto USB installation.

Ans: Below is the CLI code snippet to disable USB installation

config system auto-install
set auto-install-config disable
set auto-install-image disable
end

Q14. How does Fortinet provide support in case of any difficulty face by a network administrator?

Ans: You can access the "Customer Service & Support" page on the Fortinet portal. Following options are available to resolve any issue:

  • Knowledge Base
  • Fortinet Document Library
  • Training & Certification
  • Fortinet Video Library
  • Discussion Forums
  • Contact Support

Q15. What is the FGCP cluster?

Ans: FGCP stands for FortiGate Clustering Protocol. It is a proprietary High Availability (HA) solution provided by Fortinet. Fortigate HA solution consists of a minimum of two firewalls configured for high availability operation.

Q16. How can we configure FortiOS to turn on global strong encryption?

Ans: Global strong encryption means to allow only strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS, SSH, and  SSL/TLS.  We can use the below command to configure FortiOS:

config sys global
set strong-crypto enable
end

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

  1. priyanka says:

    Thanks for sharing such a great Information!

Leave a Reply

Your email address will not be published.