FortinetFortinet
NSE4 · Question #356
NSE4 Question #356: Real Exam Question with Answer & Explanation
The correct answer is A: FQDN address. The source field in a FortiGate firewall policy defines where traffic originates and can be specified using FQDN addresses or user/user group identities.
Submitted by stefanr· Apr 18, 2026Firewall Policies and Authentication
Question
Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
Options
- AFQDN address
- BIP pool
- CUser or user group
- DFirewall service
Explanation
The source field in a FortiGate firewall policy defines where traffic originates and can be specified using FQDN addresses or user/user group identities.
Common mistakes.
- B. An IP pool is typically used for source NAT (SNAT) or destination NAT (DNAT) and defines a range of IP addresses for translation, not for specifying the source of traffic in a policy match.
- D. A firewall service defines the destination port and protocol of traffic, which is configured in the "Service" field of a firewall policy, not the "Source" field.
Concept tested. Firewall policy source object types
Topics
#Firewall policy#Policy source#Address objects#User authentication
Community Discussion
No community discussion yet for this question.