NSE4 Question #424: Real Exam Question with Answer & Explanation

Question

Which statement best describes what SSL.root is?

Options

• AThe name of the virtual network adapter required in each user's PC for SSL VPN Tunnel mode.
• BThe name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes
• CA Firewall Address object that contains the IP addresses assigned to SSL VPN users.
• DThe virtual interface in the root VDOM that the remote SSL VPN tunnels connect to.

Explanation

SSL.root is a special virtual interface within a FortiGate's root VDOM that acts as the ingress point for all traffic originating from SSL VPN users.

Common mistakes.

• A. The virtual network adapter for SSL VPN Tunnel mode is installed on the end-user's PC, not named ssl.root which is a FortiGate-side interface.
• C. ssl.root is an interface itself, not a Firewall Address object; while SSL VPN user IPs can be grouped into address objects, ssl.root serves a different function.
• D. While SSL VPN tunnels connect through it, ssl.root is more precisely the virtual interface from which the SSL VPN user traffic enters the firewall policy processing, rather than merely the connection point.

Concept tested. FortiGate SSL VPN ssl.root interface

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/339482/ssl-vpn

No community discussion yet for this question.