Free Practice Questions for Fortinet NSE7_NST-7.2 Exam

Conserve Mode Activation:

FortiGate enters conserve mode to prevent system crashes when the memory usage reaches critical levels. The "red threshold" is the point at which FortiGate starts dropping new sessions to conserve memory.

When the system memory usage exceeds this threshold, the FortiGate will block new sessions that require significant memory resources, such as those needing content inspection.

Exiting Conserve Mode:

The "green threshold" is the memory usage level below which FortiGate exits conserve mode and resumes normal operation.

Once the system memory usage drops below this threshold, FortiGate will start allowing new sessions again.

References:

Fortinet Community: Understanding conserve mode and its thresholds​(Welcome to the Fortinet Community!)​​(Welcome to the Fortinet Community!)​.

Fortinet Documentation: Memory conserve mode and thresholds​(Welcome to the Fortinet Community!)​​(Fortinet GURU)​.

Understanding protocol states:

proto_state=00: Indicates no traffic or a closed session.

proto_state=01: Typically indicates one-way ICMP traffic or a partially established TCP session.

proto_state=10: Indicates an established TCP session, where the session has completed the three-way handshake and both sides can send and receive data.

proto_state=11: Often indicates a fully established and active bidirectional session.

Explanation of correct answer:

proto_state=10is the correct indication for an established TCP session as it signifies that the session is fully established and active.

References

Fortinet Network Security 7.2 Support Engineer Documentation

Fortinet Firewall Protocol State Documentation