hiexam
fortinet · NSE7_NST-72 · Q424 · multiple_choice · topic_1

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the s…

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which action will FortiGate take when using the default settings for SSL certificate inspection?
  • A.FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
  • B.FortiGate uses the CN information from the Subject field in the server certificate.
  • C.FortiGate uses the first entry listed in the SAN field in the server certificate.
  • D.FortiGate uses the SNI from the user’s web browser.
Explanation
Selected Answer: D FortiGate, by default, evaluates the SNI (Server Name Indication) field in the SSL/TLS handshake for certificate inspection. The SNI is compared against rules in the web filter or policies to determine access permissions or actions. It does not prioritize the CN (Common Name) field from the certificate unless explicitly configured to do so. This aligns with standard behavior where the SNI is used for identifying the target host when dealing with HTTPS traffic https://community.fortinet.com/t5/Support-Forum/website-access-problems/m-p/266814

Reference: examtopics_top_comment

Practice with progress tracking

Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.

Start tracked practicePricing