Refer to the exhibits. A network topology, firewall policy, and SSL/SSH inspection profile configuration are shown. What must you configure on firewall policy ID 2 to detect HTTPS attacks that target a Linux server hosting the website www.acmetest.com? (Choose one answer)

A. Enable HTTPS in the protocol port mapping of the deep-inspection SSL/SSH inspection profile.
B. Set inspection-mode to flow to analyze the HTTPS packets and make sure that they are as expected.
C. Set ips-sensor to IPS_block in the firewall policy.
D. Enable SSL inspection of the SSL server and upload the certificate of the Linux server website to the SSL/SSH inspection profile.

Correct Answer: D

Brave-Dump Clients Votes

D 66.67%

A 33.33%

Comments

l 2025-10-31 11:14:09

Selected Answers: A

I think A, because D sounds ridicilous.

Mike 2025-12-06 13:07:51

Selected Answers: D

since we want to protect the server and not the client we need to enable SSL Inspection of Protecting SSL Server. For that to function correctly you need to upload the Server certificate to have a valid certificate installed.
A would be needed if we want to secure the client from the server

Adam 2026-01-20 03:16:20

Selected Answers: D

https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/55107/protecting-an-ssl-server
The Protecting SSL Server option of the SSL/SSH Inspection profile is typically applied to an inbound firewall policy for clients on the internet that access a server behind the FortiGate. FortiGate uses the server certificate of the protected server to simulate the real server, which enables FortiGate to decrypt and inspect traffic destined to the real server. Therefore, a valid server certificate must be installed on the FortiGate to enable traffic inspection.