Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCSS_SASE_AD-23 Topic 4 Question 22 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-23 exam
Question #: 22
Topic #: 4
[All FCSS_SASE_AD-23 Questions]

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.

Which configuration on FortiSASE is allowing users to perform the download?

Show Suggested Answer Hide Answer
Suggested Answer: A

Based on the provided exhibits and the configuration details, the reason why users are still able to download the eicar.com-zip file despite having an antivirus profile applied is due to the Web Filter allowing the traffic. Here is the step-by-step detailed explanation:

Web Filtering Logs Analysis:

The logs show that the traffic to the destination port 443 (which is HTTPS) is allowed and the security event triggered is Web Filter.

The log details indicate that the URL belongs to an allowed category in the policy and thus, the traffic is permitted by the Web Filter.

Security Profile Group Configuration:

The Web Filter with Inline-CASB section indicates that the site www.eicar.org is being monitored (93 occurrences) and not blocked.

Since the Web Filter is set to allow traffic from this site, the antivirus profile will not block it because the Web Filter decision takes precedence.

Antivirus Profile Configuration:

Although the antivirus profile is configured, the logs do not show any antivirus actions being triggered. This indicates that the web filter is overriding the antivirus action.

Policy Configuration:

The policy named 'Web Traffic' shows that it has logging enabled and is set to accept traffic.

The profile group 'SIA' applied to this policy includes both Web Filter and Antivirus settings. However, since the Web Filter is allowing the traffic, the antivirus profile does not get the chance to inspect it.


FortiGate Security 7.2 Study Guide: Provides details on the precedence of web filtering over antivirus in security profiles.

Fortinet Knowledge Base: Detailed explanation of web filtering and antivirus profiles interaction.

Contribute your Thoughts:

Pansy
2 days ago
I believe IPS is disabled in the security profile group.
upvoted 0 times
...
Quinn
3 days ago
I think the web filter is allowing the traffic.
upvoted 0 times
...
Johnathon
3 days ago
The HTTPS protocol not being enabled in the antivirus profile? That's like trying to catch a fish without a hook. Come on, FortiSASE, step it up!
upvoted 0 times
...

Save Cancel