FCP_FWB_AD-7.4 FCP - FortiWeb 7.4 Administrator Questions and Answers

The web application is unable to accept any more connections because of network socket exhaustion: A Denial of Service (DoS) attack often floods the web server with an overwhelming number of requests, leading to network socket exhaustion. This can prevent the server from accepting new legitimate connections, effectively disrupting service.

The web application server is unable to accept new client sessions due to memory exhaustion: DoS attacks can consume a significant amount of server memory, causing memory exhaustion. This results in the web application being unable to accept new client sessions or handle requests properly.

XML Schema: In FortiWeb, XML protection rules allow you to define an XML Schema to validate the structure and content of incoming XML documents. This helps protect against attacks like XML injection by ensuring that only well-formed XML requests are processed.

Request URL: You can define a request URL as part of an XML protection rule to specify the URL pattern for which the rule should apply. This allows you to apply different XML protection rules to different endpoints or resources based on the URL.

In SAML (Security Assertion Markup Language) deployments, the Identity Provider (IdP) is responsible for storing and managing user authentication credentials, such as usernames and passwords. The IdP authenticates the user and then issues a SAML assertion to the Service Provider (SP), which allows the user to access services without needing to re-enter credentials.

You should run the vulnerability scan during a maintenance window: Running a vulnerability scan during a maintenance window minimizes the risk of affecting normal operations. Scans can be resource-intensive and may cause disruptions if run during peak hours or when the system is in use.

You should run the vulnerability scan in a test environment: It is important to run the vulnerability scan in a test environment first to avoid unintended disruptions on the live system. This helps to identify potential issues or false positives without impacting production systems.

Machine learning (ML)-based API protection: ML-based API protection helps detect and mitigate abnormal behavior in API traffic, such as bot attacks or abuse, by learning and adapting to normal traffic patterns.

API schema validation: API schema validation ensures that the API requests conform to the defined schema (e.g., checking the structure, fields, and types in the API calls). This helps prevent attacks like XML or JSON injection by ensuring only valid requests are processed.

API user key enforcement: Enforcing API user key authentication requires clients to provide valid API keys, ensuring only authorized users can access the API. This is crucial for controlling access to the API.

If a client has been incorrectly blocked due to a period block, the FortiWeb administrator can manually release the IP address from the blocklist. This allows the client to access the application again before the block expires naturally.

Place FortiWeb in front of FortiADC: This configuration change places FortiWeb between the client and FortiADC, so that FortiWeb can directly inspect and protect the incoming traffic before FortiADC applies SNAT (Source Network Address Translation). By placing FortiWeb in front, it will have access to the real client IP addresses, and it will be able to properly identify and handle attack traffic without blocking legitimate client traffic.

Enable and configure the Use X-Forwarded-For setting on FortiWeb: This setting allows FortiWeb to extract the original client IP address from the X-Forwarded-For header in the HTTP request, which is inserted by FortiADC when performing SNAT. With this setting enabled, FortiWeb will be able to block traffic based on the original client IP address rather than the SNATed IP address (192.0.2.1), preserving the accuracy of the security measures.