nerdexam
ExamsNSE4Questions#85
FortinetFortinet

NSE4 · Question #85

NSE4 Question #85: Real Exam Question with Answer & Explanation

The correct answer is A: ICMP type and code.. FortiGate firewall policies can utilize ICMP type and code fields to match specific types of ICMP traffic, allowing granular control over diagnostic or error messages.

Submitted by mike_84· Apr 18, 2026Firewall Policies and Authentication

Question

Which header field can be used in a firewall policy for traffic matching?

Options

  • AICMP type and code.
  • BDSCP.
  • CTCP window size.
  • DTCP sequence number.

Explanation

FortiGate firewall policies can utilize ICMP type and code fields to match specific types of ICMP traffic, allowing granular control over diagnostic or error messages.

Common mistakes.

  • B. DSCP (Differentiated Services Code Point) is used for Quality of Service (QoS) marking, not typically as a direct matching criterion in standard FortiGate firewall policies for allowing or denying traffic.
  • C. TCP window size is a dynamic field used for flow control and is not a static header field used for traffic matching in FortiGate firewall policies.
  • D. TCP sequence numbers are dynamic values used to order TCP segments for reliable delivery and are not used as a static matching criterion in FortiGate firewall policies.

Concept tested. FortiGate firewall policy matching criteria

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/cli-reference/64367/config-firewall-policy

Topics

#Firewall Policies#Traffic Matching#ICMP#Header Fields

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NSE4 PracticeBrowse All NSE4 Questions