Most Recent Fortinet FCSS_SASE_AD-23 Exam Dumps

For a customer looking to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network, the combination of Secure Web Gateway (SWG) and Inline Cloud Access Security Broker (CASB) features in FortiSASE will provide the necessary capabilities.

Secure Web Gateway (SWG):

SWG provides comprehensive web security by inspecting and filtering web traffic to protect against web-based threats.

It ensures that all web traffic, whether originating from on-premises or remote locations, is inspected and secured by the cloud-based proxy.

Inline Cloud Access Security Broker (CASB):

CASB enhances security by providing visibility and control over cloud applications and services.

Inline CASB integrates with SWG to enforce security policies for cloud application usage, preventing unauthorized access and data leakage.

FortiOS 7.2 Administration Guide: Details on SWG and CASB features.

FortiSASE 23.2 Documentation: Explains how SWG and inline-CASB are used in cloud-based proxy solutions.

The exhibit indicates that the URL https://www.bbc.com/ is being blocked due to containing a banned word ('fight'). To allow access to this specific URL, you need to adjust the URL filter settings on FortiSASE.

URL Filtering:

URL filtering allows administrators to define policies that block or allow access to specific URLs or URL patterns.

In this case, the URL filter is set to block any URL containing the word 'fight.'

Modifying URL Filter:

Navigate to the Web Filter configuration in FortiSASE.

Locate the URL filter settings.

Add an exception for the URL https://www.bbc.com/ to allow access, even if it contains a banned word.

Alternatively, remove or adjust the banned word list to exclude the word 'fight' if it's not critical to the security policy.

FortiOS 7.2 Administration Guide: Provides details on configuring and managing URL filters.

FortiSASE 23.2 Documentation: Explains how to set up and modify web filtering policies, including URL filters.

Based on the provided exhibits and the configuration details, the reason why users are still able to download the eicar.com-zip file despite having an antivirus profile applied is due to the Web Filter allowing the traffic. Here is the step-by-step detailed explanation:

Web Filtering Logs Analysis:

The logs show that the traffic to the destination port 443 (which is HTTPS) is allowed and the security event triggered is Web Filter.

The log details indicate that the URL belongs to an allowed category in the policy and thus, the traffic is permitted by the Web Filter.

Security Profile Group Configuration:

The Web Filter with Inline-CASB section indicates that the site www.eicar.org is being monitored (93 occurrences) and not blocked.

Since the Web Filter is set to allow traffic from this site, the antivirus profile will not block it because the Web Filter decision takes precedence.

Antivirus Profile Configuration:

Although the antivirus profile is configured, the logs do not show any antivirus actions being triggered. This indicates that the web filter is overriding the antivirus action.

Policy Configuration:

The policy named 'Web Traffic' shows that it has logging enabled and is set to accept traffic.

The profile group 'SIA' applied to this policy includes both Web Filter and Antivirus settings. However, since the Web Filter is allowing the traffic, the antivirus profile does not get the chance to inspect it.

FortiGate Security 7.2 Study Guide: Provides details on the precedence of web filtering over antivirus in security profiles.

Fortinet Knowledge Base: Detailed explanation of web filtering and antivirus profiles interaction.

During FortiSASE provisioning, the FortiSASE administrator needs to configure at least one security point of presence (PoP). A single PoP is sufficient to get started with FortiSASE, providing the necessary security services and connectivity for users.

Security Point of Presence (PoP):

A PoP is a strategically located data center that provides security services such as secure web gateway, firewall, and VPN termination.

Configuring at least one PoP ensures that users can connect to FortiSASE and benefit from its security features.

Scalability:

While only one PoP is required to start, additional PoPs can be added as needed to enhance redundancy, load balancing, and performance.

FortiOS 7.2 Administration Guide: Provides details on the provisioning process for FortiSASE.

FortiSASE 23.2 Documentation: Explains the configuration and role of security PoPs in the FortiSASE architecture.

To block all video and audio application traffic while granting access to videos from CNN, you need to configure an application override action in the Application Control with Inline-CASB. Here is the step-by-step detailed explanation:

Application Control Configuration:

Application Control is used to identify and manage application traffic based on predefined or custom application signatures.

Inline-CASB (Cloud Access Security Broker) extends these capabilities by allowing more granular control over cloud applications.

Blocking Video and Audio Applications:

To block all video and audio application traffic, you can create a policy within Application Control to deny all categories related to video and audio streaming.

Granting Access to Specific Videos (CNN):

To allow access to videos from CNN specifically, you must create an override rule within the same Application Control profile.

The override action 'Exempt' ensures that traffic to specified URLs (such as those from CNN) is not subjected to the blocking rules set for other video and audio traffic.

Configuration Steps:

Navigate to the Application Control profile in the FortiSASE interface.

Set the application categories related to video and audio streaming to 'Block.'

Add a new override entry for CNN video traffic and set the action to 'Exempt.'

FortiOS 7.2 Administration Guide: Detailed steps on configuring Application Control and Inline-CASB.

Fortinet Training Institute: Provides scenarios and examples of using Application Control with Inline-CASB for specific use cases.