A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
The web servers are not configured with the default gateway.
The Internet gateway (IGW) is not added to VPC (virtual private cloud).
AWS source and destination checks are enabled on the FortiGate interfaces.
AWS security groups may be blocking the traffic.
Correct answer: CD
Explanation:
You need to check if source/destination are enabled. Public_Cloud_6.4_Study_Guide Page 67
You need to check if source/destination are enabled. Public_Cloud_6.4_Study_Guide Page 67
Question 2
Refer to the exhibit.
Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?
Run diagnose debug application azd -l on FortiGate.
In the Microsoft Azure portal, set the correct tag values for the windows server.
In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
Delete the address object and recreate a new address object with the type set to FQDN.
You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?
You selected the incorrect resource group.
You selected the Bring Your Own License (BYOL) licensing mode.
You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.