View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 71 Discussion

Refer to the exhibits. The firewall policy ID 1 of the DCFW policy package and the reinstall preview window for the DCFW policy package installation are shown. Why is FortiManager installing set srcaddr "SSLVPN_TUNNEL_ADDR1" on firewall policy ID 1 when the policy package DCFW has the source address 10.0.5.0 on the firewall policy ID 1? (Choose one answer)

  • A. The firewall policy and reinstall preview use the same addresses, but they have different names because of per-device mapping.
  • B. FortiManager is installing the global policy package, which has higher priority than the ADOM policy package.
  • C. The reinstall policy package ignores recent changes to the policy layer. The administrator must run the Install Wizard.
  • D. FortiManager has assigned firewall HQ-DCFW a CLI template that can overwrite configurations at the policy layer.
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Adam 2026-01-20 07:16:43

Selected Answers: A


A is correct as per below part from Study Guide:
On FortiManager, you can use dynamic mapping to enable specific configurations for each device, applied in:
• Interface mapping (as previously described)
• Object configurations
• Metadata variable mapping
The example on the slide shows the LAN firewall address, where Branch1 uses the network segment 172.16.0.0/24, and Branch2 uses 192.168.0.0/24. Per-device mapping differentiates these segments under the same object name.
---
I assume "same addresses" in option A means same address object that has per-device mapping, so it can be different address value

B is wrong because global policy has header policies at top and footer policies at bottom (less priority), so both global and local ADOM policies are applied but just in specific order

C is wrong as per below part from Study Guide:
Reinstall policy: bypasses the wizard because the FortiGate device and the policy package are already selected. It offers an installation preview with an option to cancel. Also, reinstall applies not only policy package settings, but also any modifications, directly to FortiGate in the device database.

D is wrong because while Study Guide mentions "CLI template can overwrite configurations in both the policy and device layers", but it also explains that it's done from device layer (Device Manager), not policy layer (Policy & Objects) as per below part:
"1. A FortiManager administrator assigns a CLI template to new or existing FortiGate devices."
"2. The administrator installs policy packages or device settings directly from the device layer."