If you're looking for FortiWeb Interview Questions for Experienced or Freshers, you are at right place. There are lot of opportunities from many reputed companies in the world. According to research FortiWeb has a market share of about 4.0%. So, You still have opportunity to move ahead in your career in FortiWeb Development. Mindmajix offers Advanced FortiWeb Interview Questions 2018 that helps you in cracking your interview & acquire dream career as FortiWeb Developer.
Q: What is FortiWeb?
FortiWeb is a Firewall service powered by the web application (WAF) which provides safety to any applications hosted on the web from threats which target these web servers. Using multi-layered and correlated detection technique; FortiWeb secures applications from known vulnerabilities. FortiWeb hardware and virtual machine platforms are available for small & medium scale, large enterprises, as well as service providers.
Q: How FortiWeb protects the server from threats?
FortiWeb’s HTTP firewall and denial-of-service (DoS) attack prevention technologies secure our web applications from attack. It uses complex methodologies to offer bidirectional security against complicated risks similar to SQL injection, across the site scripting (XSS) attacks; FortiWeb also defends against threats like identity theft, financial fraud, and corporate espionage. FortiWeb offers the tools needed to monitor and enforce regulations, industry best practices, and internal security policies, including firewalling and patching requirements.
Q: Where FortiWeb fit in the Architecture layout?
F ortiWeb is deployed as a one-arm tofit pology but is more commonly positioned in line to intercept all incoming client connections and redistribute them to servers. FortiWeb has TCP and HTTP specific firewalling capabilities. Since FortiWeb is not designed to provide security to non HTTP/HTTPS web applications, it can be deployed behind a firewall such as FortiGate that focuses on safety for other protocols, including FTP and SSH. Once FortiWeb is used, it can configure from a web browser or terminal emulator on the central computer.
Q: What is HPKP in FortiWeb?
Enabling HTTP Public Key Pinning (HPKP), FortiWeb inserts a header into the server's response header field when handling client requests. The inserted header specifies an exclusive cryptographic public key, with which the client accesses the server. Specifying public key for accessing the web server lessens the chances of the MITM risks with fake certificates and compromised CAs.
Q: What is OCSP Stapling?
FortiWeb supports OCSP (Online Certificate Status Protocol) stapling, an alternative method to OCSP in which the certificate holder occasionally requests the revocation status of certificates of servers from OCSP servers and attaches the time stamped response to the initial SSL/TLS handshake between clients and servers. This relocates the resource load of checking the revocation status of certificates from the client to the presenter of the certificate and reduces the total number of queries to OCSP servers.
Q: Does FortiWeb protect against Credential Stuffing?
FortiWeb now protects against credential stuffing attacks. Enabling Credential Stuffing Defense, username, and password credentials in a web server login attempt are processed in the database to verify whether it is a spilled username/password pair or not. Using this feature requires FortiGuard.
Q: What is Active-Active High Availability?
Up to eight FortiWebs can be deployed as an Active-Active HA cluster in Reverse Proxy or True Transparent Proxy modes. The master unit in the cluster distributes all incoming traffic to other cluster members, including itself according to the specified load-balancing algorithm: packet source IP, least number of processing connections or round-robin.
Q: What are the HTTP Protocol Constraints?
Seventeen new HTTP protocol constraints have been added in the updated versions of FortiWeb. Eight of them are added to govern the specific HTTP/2 header fields, they are:
1. Illegal Connection Preface
2. Illegal Frame Type
3. Illegal Frame Flags
4. Initial Window Size
5. Header Compression Table Size
6. Header List Size
7. Frame Size
8. Number of Concurrent Streams
9. The others are as following:
10. Redundant HTTP Headers
11. Maximum URL Parameter Name Length
12. Maximum URL Parameter Value Length
13. Illegal Character in Parameter Name
14. Unlawful Character in Parameter Value
15. NULL Character in URL
16. Unlawful Character in URL
17. Malformed URL
18. illicit Size Chunk
Additionally, in the Web UI page of HTTP Protocol Constraints, a new table column named HTTP Protocol Support has been, introduced to indicate the HTTP version that a constraint can be, applied to.
Q: What are the HTTP Constraint Exceptions?
Constraint exceptions are, added correspondingly for the five new HTTP constraints:
1. Redundant HTTP Headers
2. Maximum URL Parameter Name Length
3. Maximum URL Parameter Value Length
4. Illegal Character in Parameter Name
5. Unlawful Character in Parameter Value
6. HTTP constraint exceptions can be, applied to the packets with specified source IP addresses.
Q: What is Site Publishing?
Site publishing allows Android clients to access to Microsoft Exchange servers through Exchange ActiveSync. While a site-publishing rule is, configured for Exchange ActiveSync, single sign-on, authentication cookie & Kerberos authentication are not available, HTTP Basic Authentication is the only method to authenticate the clients.
Q: What is GEO IP?
Geo IP database is a dedicated database, added to enhance FortiWeb's GEO IP for identifying exact locations of IPv6 addresses. It is no longer required to periodically, upload the GEO IP database. FortiWeb automatically updates the database from the FortiGuard Distribution Servers. The interface of manually uploading of the database is, kept for those deployments that do not have an Internet connection.
Q: What is cookie poisoning?
The cookie poisoning settings are now a part of new cookie security policy, which allows administrators to configure additional methods to prevent cookie based attacks. For example, we can encrypt the cookies issued by a backend server or add security attributes to them.
Q: What is user tracking?
The new user-tracking feature allows us to track sessions by a user, capture a username to reference in traffic, and attack log messages. We can use this feature to prevent a session fixation attack and set a time-period during which FortiWeb blocks requests with a session ID from a timed-out session.
What are Advanced SSL settings for server pool members?
When the operation mode is in reverse proxy, we can select the versions of SSL and TLS and which cipher suites are supported for connections between FortiWeb and an individual server pool member. For true transparent proxy and WCCP modes, these apply to connections between FortiWeb and the server pool member as well as SSL/TLS offloading.
Q: What is threat scoring?
The threat-scoring feature allows us to configure the policies of signature in any organization to take punitive measures based on various signature violations on any client, instead of a single signature violation. When any client violates a signature in the threat-scoring category, it contributes to a combined threat score. When the combined threat score exceeds maximum value that is specified, FortiWeb takes action. We can specify the combined threat scores; the calculation is based, on HTTP transactions or sessions, or TCP sessions.
Q: What are the Status and Policy Status dashboards?
1. The System Resources widget on the dashboard displays the count of current connections and connections per second for all the policies.
2. Policy Sessions widget and Policy Status dashboard display the count of current connections and connections per second by policy.
3. On the Status dashboard, graphs in the Real-Time Monitor widget, displays total counts for HTTP throughput, attack events, and HTTP hits, in addition to counts for individual policies.
Q: What is a Period block?
When the operation mode is transparent in inspection or offline protection and Period Block is the action, FortiWeb takes against traffic that violates a policy. FortiWeb attempts to block a client that has violated the policy for the length of time, specified by Block Period.
Q: What is DoS?
Service Denial (DoS) attack or distributed denial-of-service attack (DDoS attack) is an attempt to overpower a web server, making the resources unavailable to its intended users. DoS assaults involve opening a vast number of sessions at various OSI layers and keeping them open as long as possible to overpower the server by consuming its available sockets. Most DoS attacks use automated tools instead of any browsers on to create the harmful and enormous number of requests sent to a web server.
Q: What is Botnet?
A botnet is a threat that utilizes zombies, which was previously infected, distributed globally, to overpower the server directed by the command on control servers. Examples are LOIC, HOIC, and Zeus.
Q: What is reverse proxy mode?
When the FortiWeb operates as Reverse Proxy manner, it offers a start-to-end HTTP/2 security that needs both the clients & HTTP/2 servers running at the back-end. Moreover, when the web servers at the back end do not support HTTP/2, FortiWeb offers the HTTP/2 defense with data change protocols between the HTTP/2 clients & the HTTP/1.1 servers at the back-end. This permits the user to enjoy HTTP/2 benefits without having to upgrade their back web servers.
Q: How HA chooses the active appliance?
An HA pair might not resume their active and standby roles when the failed appliance resumes responsiveness to the heartbeat. Since the current active device will be having a greater uploading time than a failed & active device, which has come online, assumes each has the matching number of the available ports, the device which is currently active usually holds its standing as the active device, unless it has been enabled to override. If it is enabled, and the appliance setting of the returning device that is higher, will be selected as the current active device in the cluster.
Q: What is the difference between True transparent proxy mode and transparent inspection mode?
Proxies known as True transparent & transparent inspection, are similar to any topology aspect. Due to the differentiation in the mode of data interception, both have only some behavioral differences:
True transparent - Transparent proxies in the traffic reaching on any network port belonging to a Layer 2 bridge, relates the first appropriate policy and allows the traffic to pass. FortiWeb logs obstruct, or even modifies the violations as per the policy for its safety profile. This mode permits user authentication through HTTP instead of HTTPS.
Transparent inspection – Any FortiWeb devices asynchronously monitors the traffic reaching on its network port, which belongs to the Second Layer Bridge, and applies the device’s first policy, & allows the safe passage of the traffic. FortiWeb obstructs the traffic relating to the matching policy and safety profile, but never modifies it.
Q: What is the Topology for offline protection mode?
“Out-of-band” is a suitable description for this mode. Minimal changes are required, as it does not introduce any latency. FortiWeb monitors traffic received on the data capture port’s network interface and applies the first policy. Because it is not in line with the destination, it does not allow the permitted traffic. FortiWeb logs in and blocks violations according to the matching policy and its protection profile. If FortiWeb detects a malicious request, it sends a TCP RST packet through the blocking port to the web server and client in an attempt to terminate the connection. It does not modify traffic.
Q: Can we delete the admin account?
Admin is the default administrator account and has no password initially. The admin administrator account exists by default and cannot be deleted. The admin administrator account is similar to any root administrator account. This administrator account always has the all the permission to see and modify the options for configuration in FortiWeb devices, including the viewing and modifying all other admin accounts. Usernames and permissions are not possible to be modified.
Q: What is Active - passive style?
FortiWeb is known for active-passive style, i.e., if one device is designated as the active device, where the policies are being applied for all the connections, the second one becomes the passive standby, which initiates the role of an active device and starts processing the assigned tasks only if the active device fails. Both active and the standby devices sense breakdown by communicating by the heartbeat link, which connects the two devices in HA pair. Failures are detected when active devices stop responding to heartbeat from standby devices for a specific time, configured as Heartbeat timeout = Interval in Detection x Threshold in Heartbeat Loss
Can we replicate the external HA configuration without any FortiWeb HA?Configuration synchronization offers the ability to replicate the FortiWeb’s configuration from another device without requiring the high availability (HA). The arrangement is a unilateral push and not a bilateral arrangement. It adds missing items, overwrites objects whose names match, but never remove unique objects on FortiWeb, nor pull the items from target to initiate the FortiWeb device.
Q: How to adapt auto-learning to dynamic URLs & unusual parameters?
Protection settings can be configured with the assistance of auto-learning. Auto-learning teaches plenty of the threats in web assets face. It also helps to understand the web applications’ structures and how end-users use them. Most importantly, though, auto-learning helps tailor FortiWeb’s configuration to suit web applications. Auto-learning detects the URLs with its other behaviors of HTTPS or HTTP sessions by observing the traffic passing to the servers. To learn whether the request is legitimate or a potential attack attempt, it performs the following tasks:
1. Evaluate the request to attack signatures
2. Monitors inputs such as cookies and URL parameters
3. Tracks web servers’ response to each request, such as 401 Unauthorized or 500 Internal Server Error
4. Captures the rate of requests for files by IP address and content type
By learning from traffic, the FortiWeb appliance suggests appropriate configurations and quickly generates profiles explicitly designed for unique traffic.
Q: How to Configure URL interpreters?
While using auto-learning, we must define how to intercept the dynamic URLs that include multiple factors in non-standardized ways, like separators (; or #, ) or the factor which is embedded within the URL’s structure. In any web User Interface, these interceptors plug-ins are better known “URL replacers.”
Q: How FortiWeb recognizes data types?
FortiWeb recognizes the data types of parameters by matching them with regular expressions. Regular expressions are categorized as:
Predefined — Regular expressions set included within the firmware. These match common data types and cannot be modified except via FortiGuard, but can be copied and used as the basis for a custom data type. It can be used by both auto-learning profiles and input rules.
Custom — Regular expression, that has been configured to detect any data patterns which cannot be recognized by the predefined set. It can be modified and used by input rules, but cannot be used by auto-learning profiles.
Q: What are Predefined data types?
After installation, FortiWeb already has some data type regular expressions that are predefined like default signatures for common data types so that we do not need to write them again. Initial ones are included within the FortiWeb firmware. If FortiWeb is connected to FortiGuard Security Service updates, it can regularly download updates to its predefined data types. This provides new and enhanced data types without any effort. Only we should use the unique signatures in parts of the configuration where they are used according to the organization.
Get Updates on Tech posts, Interview & Certification questions and training schedules