View all questions & answers for the FCSS - FortiSASE 25 Administrator Exam Materials exam


Question 43 Discussion

Refer to the exhibit. An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface. Which configuration must you apply to achieve this requirement? (Choose one answer)

  • A. Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic.
  • B. Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule.
  • C. Add the Google Maps URL as a steering bypass destination in the endpoint profile.
  • D. Exempt Google Maps in URL filtering in the web filter profile.
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



Taz 2025-11-02 12:15:17

Selected Answers: C


The correct configuration to achieve this requirement is D. Add the Google Maps URL as a steering bypass destination in the endpoint profile.
Explanation:
Split tunneling allows specific traffic to bypass the VPN tunnel and be routed directly through the endpoint's physical interface. By adding the Google Maps URL as a split tunneling destination in the endpoint profile, any traffic destined for Google Maps will be excluded from the VPN tunnel and directed to the endpoint's physical connection, effectively achieving the desired exclusion and redirection.
Why other options are incorrect:
A. Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic: While steering bypass tunnels can be used for specific traffic management, configuring it with Google Maps FQDN wouldn't directly achieve the required exclusion from the VPN tunnel and redirection to the physical interface. Steering bypass typically involves directing traffic to a different FortiSASE gateway or service, not necessarily bypassing the VPN altogether.
B. Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule: ZTNA TCP access proxy forwarding rules control how specific applications and services connect to the network. Adding Google Maps URL here wouldn't exclude it from the VPN tunnel but rather manage how the application connects to the ZTNA network.
C. Exempt Google Maps in URL filtering in the web filter profile: Exempting Google Maps in the web filter profile would only prevent the application of web filtering policies on Google Maps traffic. It wouldn't exclude it from the VPN tunnel or redirect it to the physical interface.

Mohamed 2025-11-07 01:18:36

Selected Answers: C


You can configure split-tunnel destinations in the endpoint profile to optimize FortiSASE bandwidth by
excluding trusted traffic from flowing through FortiSASE secure internet access (SIA). Such traffic flows to the
endpoint physical interface, bypassing FortiSASE. Split-tunnel destinations can be configured in the Steering bypass destinations table.