FortinetFortinet
NSE4 · Question #528
NSE4 Question #528: Real Exam Question with Answer & Explanation
The correct answer is A: SYN SENT. The FortiGate global setting tcp-half-open-timer is designed to manage the timeout for TCP sessions that are in a half-open state, specifically applying to SYN_SENT and TIME_WAIT TCP states.
Submitted by jordan8· Apr 18, 2026FortiGate Deployment and System Configuration
Question
Which TCP states does the global setting `tcp-half-open-timer' applies to? (Choose two.)
Options
- ASYN SENT
- BSYN & SYN/ACK
- CFIN WAIT
- DTIME WAIT
Explanation
The FortiGate global setting tcp-half-open-timer is designed to manage the timeout for TCP sessions that are in a half-open state, specifically applying to SYN_SENT and TIME_WAIT TCP states.
Common mistakes.
- B. SYN & SYN/ACK are part of the initial three-way handshake; the
tcp-half-open-timertargets the client-side SYN_SENT state and server-side SYN_RECV (not listed) states to protect against SYN floods, but not SYN/ACK as a standalone state for half-open resource management. - C. FIN_WAIT states occur during the graceful closure of a TCP connection and are managed by different timeout settings, not specifically the
tcp-half-open-timerwhich focuses on initial connection establishment or specific post-closure scenarios.
Concept tested. TCP half-open timer and states
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/cli-reference/169046/config-system-global
Topics
#TCP Session Management#FortiGate Global Settings#TCP States#Firewall Configuration
Community Discussion
No community discussion yet for this question.