Which two statements about the FortiGuard connection are true? (Choose two answers)

A. FortiGate is using the default port for FortiGuard communication.
B. FortiGate identified the FortiGuard Server using DNS lookup.
C. The weight increases as the number of failed packets rises.
D. You can configure unreliable protocols to communicate with FortiGuard Server.

Correct Answer: A,C

Brave-Dump Clients Votes

CD 50%

AC 37.5%

AB 12.5%

Comments

Ahmed Ezzat 2025-07-19 03:52:34

Selected Answers: A, C

C) is very tricky, is it increasing or decreasing without the negative sign
A) should be correct as 8888 is a default port too (8888, 53 or 443)
Maybe D is wrong answer!

Brave-Dumps Admin 2025-07-20 11:49:23
Thank you, Ahmed, for sharing your experience with the Brave-Dumps community — you're doing an excellent job! You're absolutely right. According to the FortiGate 7.6 Study Guide (page 30): • Live queries: FortiGuard web filtering, DNS filtering, and antispam service.fortiguard.net uses a proprietary protocol over UDP port 53 or 8888 securewf.fortiguard.net uses HTTPS over ports 443, 53, or 8888 So, answer A is correct, and I’ve updated it accordingly on the website.

Mohammed Ali 2025-08-09 20:07:31

Selected Answers: A, B

FortiGate is using the default port for FortiGuard communication

This ensures standard connectivity without requiring custom port configurations.

FortiGate identified the FortiGuard Server using DNS lookup

DNS resolution is used to locate and connect to FortiGuard services efficiently.

javaughn Bryan 2025-08-28 23:24:07

Selected Answers: A, C

A) Is correct. Default port is 8888.
C) Is correct. Flags: D (IP returned from DNS), I (Contract server contacted), T (being timed), F (failed). As you can see, the image shows the flag ID "I" which is not DNS. It's the contract server being contacted).

nid 2025-09-25 08:25:08

Selected Answers: A, C

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Resolving-FDS-Communication-Issues/ta-p/189511 The weight for each server increases with failed packets and decreases with successful packets.

Ehab Khedr 2025-10-09 01:35:28

Selected Answers: C, D

((((((By default,FortiGate)))))))) is configured to enforce the use of HTTPS port ((((443)))) to perform live filtering
the port here is 8888 which is not the default one as 443
so answer A is wrong because it states that the default port is used

Disable FortiGuard anycast setting on CLI to use ((((UDP ))))ports 443, 53, or 8888
so answer D is correct you can change FortiGuard communication to unreliable protocol (udp)

study guide fortigate 7.6 page 279

WillyB 2025-12-05 00:44:10
I also agree with answers being C,D / The study guide is very clear on the default port: "By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard" And by disabling anycast setting "other" (not default) ports are available like UDP(AKA unreliable) 8888, which also makes D a right choice.

WillyB 2025-12-05 00:46:02

Selected Answers: C, D

The 7.6 study guide is very clear on the default port: "By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard" , and by disabling the anycast setting now "other" (not default) ports are available like UDP(AKA unreliable) 8888, which also makes D a right choice.

Vic Geek 2025-12-20 06:45:08

Selected Answers: C, D

7.6 Study Guide Page 302-303
"You can verify the connection to FortiGuard servers by running the diagnose debug rating CLI command. This command displays a list of FortiGuard servers you can connect to, as well as the following information:

• Weight: It is based on the difference in time zones between FortiGate and this server to reduce the possibility of using a remote server.

• RTT: Return trip time

• Flags: D (IP returned from DNS), I (Contract server contacted), T (being timed), F (failed)

• TZ: Server time zone

• FortiGuard-requests: The number of requests sent by FortiGate to FortiGuard

• Curr Lost: Current number of consecutive lost FortiGuard requests (in a row, it resets to 0 when one packet succeeds)

• Total Lost: Total number of lost FortiGuard requests"
"By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard or FortiManager. When the fortiguard-anycast command is enable, the FortiGuard domain name resolves to a single anycast IP address, which is the only entry in the list of FortiGuard servers. By disabling the FortiGuard anycast setting on the CLI, other ports and protocols are available. These ports and protocols query the servers (FortiGuard or FortiManager) on HTTPS port 53 and port 8888, UDP port 443, port 53, and port 8888. If you are using UDP port 53, any kind of inspection reveals that this traffic is not DNS and prevents the service from working. In this case, you can switch to the alternate UDP port 443 or port 8888, or change the protocol to HTTPS, but these ports are not guaranteed to be open in all networks, so you must check beforehand."

Hisham ALmajid 2026-01-19 20:03:34

Selected Answers: C, D

based on Administration Guide FortiOS 7.6.5.
"FortiGuard servers use Anycast addresses in order to optimize and distribute traffic across many servers.
Anycast is the default access mode for FortiGates when connecting to FortiGuard which by default utilizes
HTTPS and port 443"
If FortiGuard is not reachable via Anycast, choose between the following options to work around this issue:

1. Switch to other Anycast servers:
config system fortiguard
set fortiguard-anycast enable
set fortiguard-anycast-source aws
end

2. Disable Anycast and use HTTPS:
config system fortiguard
set fortiguard-anycast disable
set protocol https
set port 8888
end

3. Disable Anycast and use UDP:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 53
end"

D- You can configure unreliable protocols to communicate with FortiGuard Server.
This does not represent the results of the previous command in the screenshot, but rather it is a verification of the possibility of configuring the UDP protocol (somewhat confusing).