NSE4 Question #312: Real Exam Question with Answer & Explanation

Question

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Options

• AThe FortiGate unit's public IP address
• BThe FortiGate unit's internal IP address
• CThe remote user's virtual IP address
• DThe remote user's public IP address

Explanation

In web-mode SSL VPN, the FortiGate acts as a proxy for internal web resource requests, using its own internal IP address as the source.

Common mistakes.

• A. The FortiGate's public IP address is used for external communication and VPN termination, not for initiating proxied requests to internal network resources.
• C. Virtual IP addresses are assigned to remote users in tunnel-mode SSL VPN for direct network access, whereas web-mode is a clientless proxy solution that does not assign virtual IPs.
• D. The remote user's public IP address is the initial source of the traffic to the FortiGate, but the FortiGate then proxies the request to the internal server using its own internal IP.

Concept tested. FortiGate SSL VPN web-mode proxying

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/76807/ssl-vpn-types

No community discussion yet for this question.