Fortinet Fortigate NSE1-NSE4-005 - BAS QUESTIONS BANK | 450 + QUESTIONS AND WELL VERIFIED ANSWERS |ACTUAL EXAM 100%

Fortinet Fortigate NSE1-NSE4-005 - BAS
QUESTIONS BANK | 450 + QUESTIONS AND WELL
VERIFIED ANSWERS |ACTUAL EXAM 100%
List physical interface (OSI Layer1, Layer2) details such as Ethernet dropped frames,
fragments, errors, CRC errors, overrun, underruns, runts, etc. (CLI)

FGT# get system interface
FGT# get system interface [physical]
FGT# diagnose hardware deviceinfo nic [X]
FGT# diagnose netlink interface list
FGT# get hardware nic [X]
FGT# fnsysctl ifconfig [X]

View the log file (CLI)

FGT# execute log display

Command to enable VDOMs (CLI)

FGT# config system global
set vdom-mode [ multi-vdom | split-vdom ]

Root VDOM Functions

* FDN/Updates
* NTP
* DNMP
* DNS
* Logging/Syslog
* Filtering
* [ All System Services ]

Important Data Structures Local to a VDOM

* ARP Cache/Table
* Routing Table
* [Firewall] Policies

Debug/Troubleshoot IP ARP

,FG# diagnose sniffer packet any "ether proto 0x0806"

How to show the IP ARP Table? (CLI)

FG# get system arp
FG# get system arp-table
FG# get sys arp | grep [MAC]
FG# get sys arp | grep [IP]
FG# get sys arp | grep [VLAN / IF Name]

Admin/User Role for VDOM Admin

prof_admin

Admin/User Role for Global (Root?) Context

super_admin

VDOM Modes (Operation)

* NAT
* Transparent

VDOM Modes (Inspection)

* Flow-Based
* Proxy

VDOM Modes (NGFW)

* Profile-Based
* Policy-Based

Note/Caveat VDOM Modes

When NGFW mode is "policy-based", the "Inspection Mode" must be "Flow-Based"

Configure a VDOM-Link (CLI)

FGT# config global
config system vdom-link
edit "[name]"
set type ethernet
next

,end
config system interface
edit "[name]0"
set vdom "foo"
next
edit "[name]1"
set vdom "bar"
next
end

IP Assignment Requirement on VDOM-Link

Required for:
* NAT/PAT
* Dynamic Routing Protocol

Special/Default VDOM-Link Interface which Support NPU Offloading

- npu0_vlink
- npu1_vlink

Commands to Debug VDOM

* diagnose sys vd stat
* diagnose sys vdom-property
* diagnose sys vd list

Command to read config parser error/warning log files (alarms/errors) (CLI) ?

FG# diagnose debug config-error-log read

Command to read startup error/warning log files (CLI)?

FG# get system startup-error-logs

Revert to Factory Configuration

FG# execute factoryreset

ISDB Objects

( Geographic-based ) Internet Service DataBase

, View the full routing Table (CLI) (Including standby and inactive routes) (show ip
route)

FG# get router info routing-table database
- Under Normal Circumstances -
FG# get router info routing-table all
FG# get router info kernel

How to enable/disable the DST (Daylight Savings Time)

FG# config system global | set dst [ enable | disable ] | end

Indicator in output of "FGT# get router info routing-table all" that a route is installed
and active

>*

Kernel Routing Table Lookup (Local-Out Traffic)

FGT# get router info kernel [ | grep [int] ]

Show/View IPv6 Routing Table (CLI) ?

FG# get router info6 routing-table

IPv4 Route Lookup

FG# diagnose ip route match < DST > [ <src> <int> <proto> <dst-port> ]

Clear the session/state table (CLI)

FG# diagnose sys session clear

Specify a specific VDOM as Admin VDOM

FGT# config vdom
edit <Name_Of_The_ADMIN_VDOM>
config system settings
set vdom-type {traffic | admin}
end

The name of the default Admin VDOM

"root"