Exam FCSS_EFW_AD-7.6 Topic 3 Question 28 Discussion
Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam
Question #: 28
Topic #: 3
Question #: 28
Topic #: 3
An administrator applied a block-all IPS profile for client and server targets to secure the server, but the database team reported the application stopped working immediately after. How can an administrator apply IPS in a way that ensures it does not disrupt existing applications in the network?
Suggested Answer: A Vote an answer
Applying an aggressive IPS profile without prior testing can disrupt legitimate applications by incorrectly identifying normal traffic as malicious. To prevent disruptions while still monitoring for threats:
Enable IPS in "Monitor Mode" first:
This allows FortiGate to log and analyze potential threats without actively blocking traffic.
Administrators can review logs and fine-tune IPS signatures to minimize false positives before switching to blocking mode.
Verify and adjust signature patterns:
Some signatures might trigger unnecessary blocks for legitimate application traffic. By analyzing logs, administrators can disable or modify specific rules causing false positives.
Enable IPS in "Monitor Mode" first:
This allows FortiGate to log and analyze potential threats without actively blocking traffic.
Administrators can review logs and fine-tune IPS signatures to minimize false positives before switching to blocking mode.
Verify and adjust signature patterns:
Some signatures might trigger unnecessary blocks for legitimate application traffic. By analyzing logs, administrators can disable or modify specific rules causing false positives.
by Nathan at Mar 12, 2026, 04:31 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).