NSE4 Question #135: Real Exam Question with Answer & Explanation

The correct answer is B: A virtual IP address.. The Destination Address field in a FortiGate firewall policy can include various network objects such as Virtual IP addresses, actual IP addresses or groups, and FQDNs or geographic values.

Submitted by alyssa_d· Apr 18, 2026Firewall Policies and Authentication

Question

Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.)

Options

AAn IP address pool.
BA virtual IP address.
CAn actual IP address or an IP address group.
DAn FQDN or Geographic value(s).

Explanation

The Destination Address field in a FortiGate firewall policy can include various network objects such as Virtual IP addresses, actual IP addresses or groups, and FQDNs or geographic values.

Common mistakes.

A. An IP address pool is typically used for Source Network Address Translation (SNAT) or sometimes for load balancing, defining the source IP addresses to use for outgoing connections, not as a destination address in a policy.

Concept tested. FortiGate firewall destination address types

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/339401/creating-ip-addresses

Topics

#Firewall policy#Address objects#Virtual IP#Policy configuration

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions