config log disk setting

set diskfull [ overwrite | nolog ]

Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full. (default -- > overwrite)

config log memory global-setting

set full-first-warning-threshold {integer}

Log full first warning threshold as a percent. (default -- > 75)

FortiGate Security 7.2 Study Guide (p.287-288): " Flags: D (IP returned from DNS), I (Contract server contacted), T (being timed), F (failed) " " By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard or FortiManager. Other ports and protocols are available by disabling the FortiGuard anycast setting on the CLI. "

FortiGate Infrastructure 7.2 Study Guide (p.317 & p.320): " To forward traffic correctly, a FortiGate HA solution uses virtual MAC addresses. " " The primary forwards the SYN packet to the selected secondary. (...) This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session. The encapsulated packet includes the original packet plus session information that the secondary requires to process the traffic. "

A ZTNA rule is a policy that enforces access control and applies security profiles to protect traffic between the client and the access proxy 1 .  A ZTNA rule defines the following parameters 1 :

Incoming interface: The interface that receives the client request.

Source: The address and user group of the client.

ZTNA tag: The tag that identifies the domain that the client belongs to.

ZTNA server: The server that hosts the access proxy.

Destination: The address of the application that the client wants to access.

Action: The action to take for the traffic that matches the rule. It can be accept, deny, or redirect.

Security profiles: The security features to apply to the traffic, such as antivirus, web filter, application control, and so on.

A ZTNA rule does not redirect the client request to the access proxy.  That is the function of a policy route that matches the ZTNA tag and sends the traffic to the ZTNA server 2 .

A ZTNA rule does not define the access proxy.  That is done by creating a ZTNA server object that specifies the IP address, port, and certificate of the access proxy 3 .

FortiGate Infrastructure 7.2 Study Guide (p.177): " A ZTNA rule is a proxy policy used to enforce access control. You can define ZTNA tags or tag groups to enforce zero-trust role-based access. To create a rule, type a rule name, and add IP addresses and ZTNA tags or tag groups that are allowed or blocked access. You also select the ZTNA server as the destination. You can also apply security profiles to protect this traffic. "

Port 1 shows the lowest latency.