nerdexam
ExamsNSE4Questions#182
FortinetFortinet

NSE4 · Question #182

NSE4 Question #182: Real Exam Question with Answer & Explanation

The correct answer is A: The traffic is blocked.. In NAT/Route mode, if no specific firewall policy permits traffic, the FortiGate firewall implicitly blocks all unmatching traffic by default.

Submitted by thandi_sa· Apr 18, 2026Firewall Policies and Authentication

Question

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?

Options

  • AThe traffic is blocked.
  • BThe traffic is passed.
  • CThe traffic is passed and logged.
  • DThe traffic is blocked and logged.

Explanation

In NAT/Route mode, if no specific firewall policy permits traffic, the FortiGate firewall implicitly blocks all unmatching traffic by default.

Common mistakes.

  • B. Traffic is never passed by default without an explicit firewall policy configured to allow it.
  • C. Traffic is not passed by default, and while blocked traffic can be logged, the primary default action for unmatching traffic is simply to block.
  • D. While traffic is blocked, logging of implicitly denied traffic is not enabled by default and requires specific configuration.

Concept tested. FortiGate implicit deny firewall policy

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/209193/about-firewall-policies

Topics

#Firewall policies#Implicit deny#Traffic blocking#FortiGate operation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NSE4 PracticeBrowse All NSE4 Questions